Build a Chatbot Proof of Concept

  • Buy Link or Shortcode: {j2store}532|cart{/j2store}
  • member rating overall impact: 8.8/10 Overall Impact
  • member rating average dollars saved: $9,566 Average $ Saved
  • member rating average days saved: 7 Average Days Saved
  • Parent Category Name: Service Desk
  • Parent Category Link: /service-desk
  • Implement a chatbot proof of concept mapped to business needs.
  • Scale up customer service delivery in a cost-effective manner.
  • Objectively measure the success of the chatbot proof of concept with metrics-based data.
  • Choose the ticket categories to build during your chatbot proof of concept.

Our Advice

Critical Insight

  • Build your chatbot to create business value. Whether it is increasing service or resource efficiency, keep the goal of value in mind when making decisions with your proof of concept.

Impact and Result

  • When implemented effectively, chatbots can help save costs, generate new revenue, and ultimately increase customer satisfaction for both external- and internal-facing customers.

Build a Chatbot Proof of Concept Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a chatbot proof of concept, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Form your chatbot strategy

Build action-based metrics to measure the success of your chatbot proof of concept.

  • Chatbot ROI Calculator
  • Chatbot POC Metrics Tool

2. Build your chatbot foundation

Put business value first to architect your chatbot before implementation.

  • Chatbot Conversation Tree Library (Visio)
  • Chatbot Conversation Tree Library (PDF)

3. Continually improve your chatbot

Continue to grow your chatbot beyond the proof of concept.

  • Chatbot POC RACI
  • Chatbot POC Implementation Roadmap
  • Chatbot POC Communication Plan
[infographic]

Workshop: Build a Chatbot Proof of Concept

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Build Your Strategy

The Purpose

Build your strategy.

Key Benefits Achieved

Calculate your chatbot’s ROI to determine its success.

Organize your chatbot proof of concept (POC) metrics to keep the project on track.

Objectively choose chatbot ticket categories.

Activities

1.1 Customize your chatbot ROI calculator.

1.2 Choose your proof of concept ticket categories.

1.3 Design chatbot metrics to measure success.

Outputs

Chatbot ROI Calculator

Chatbot POC Implementation Roadmap

Chatbot POC Metrics Tool

2 Architect Your Chatbot

The Purpose

Architect your chatbot.

Key Benefits Achieved

Design your integrations with business value in mind.

Begin building chatbot decision trees.

Activities

2.1 List and map your chatbot integrations.

2.2 Build your conversation tree library.

Outputs

Chatbot Integration Map

Chatbot Conversation Tree Library

3 Architect Your Chatbot Conversations

The Purpose

Architect your chatbot conversations.

Key Benefits Achieved

Detail your chatbot conversations in the decision trees.

Activities

3.1 Build your conversation tree library.

Outputs

Chatbot Conversation Tree Library

4 Continually Grow Your Chatbot

The Purpose

Continually grow your chatbot.

Key Benefits Achieved

Identify talent for chatbot support.

Create an implementation plan.

Activities

4.1 Outline the support responsibilities for your chatbot.

4.2 Build a communication plan.

Outputs

Chatbot POC RACI

Chatbot POC Communication Plan

Implement Your Negotiation Strategy More Effectively

  • Buy Link or Shortcode: {j2store}225|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • Forty-eight percent of CIOs believe their budgets are inadequate.
  • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
  • Not all negotiators are created equal, and the gap between a skilled negotiator and an average negotiator is not always easy to identify objectively.
  • Skilled negotiators are in short supply.

Our Advice

Critical Insight

  • Preparation is critical for the success of your negotiation, but you cannot prepare for every eventuality.
  • Communication is the heart and soul of negotiations, but what is being “said” is only part of the picture.
  • Skilled negotiators separate themselves based on skillsets, and outcomes alone may not provide an accurate assessment of a negotiator.

Impact and Result

Addressing and managing critical negotiation elements helps:

  • Improve negotiation skills.
  • Implement your negotiation strategy more effectively.
  • Improve negotiation results.

Implement Your Negotiation Strategy More Effectively Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. During

Throughout this phase, ten essential negotiation elements are identified and reviewed.

  • Implement Your Negotiation Strategy More Effectively – Phase 1: During
  • During Negotiations Tool
[infographic]

Workshop: Implement Your Negotiation Strategy More Effectively

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 12 Steps to Better Negotiation Preparation

The Purpose

Improve negotiation skills and outcomes.

Understand how to use the Info-Tech During Negotiations Tool.

Key Benefits Achieved

A better understanding of the subtleties of the negotiation process and an identification of where the negotiation strategy can go awry.

The During Negotiation Tool will be reviewed and configured for the customer’s environment (as applicable).

Activities

1.1 Manage six key items during the negotiation process.

1.2 Set the right tone and environment for the negotiation.

1.3 Focus on improving three categories of intangibles.

1.4 Improve communication skills to improve negotiation skills.

1.5 Customize your negotiation approach to interact with different personality traits and styles.

1.6 Maximize the value of your discussions by focusing on seven components.

1.7 Understand the value of impasses and deadlocks and how to work through them.

1.8 Use concessions as part of your negotiation strategy.

1.9 Identify and defeat common vendor negotiation ploys.

1.10 Review progress and determine next steps.

Outputs

Sample negotiation ground rules

Sample vendor negotiation ploys

Sample discussion questions and evaluation matrix

Satisfy Customer Requirements for Information Security

  • Buy Link or Shortcode: {j2store}259|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $247 Average $ Saved
  • member rating average days saved: 3 Average Days Saved
  • Parent Category Name: Governance, Risk & Compliance
  • Parent Category Link: /governance-risk-compliance
  • Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
  • Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
  • Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.

Our Advice

Critical Insight

  • Your security program can be a differentiator and help win and retain customers.
  • Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
  • SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.

Impact and Result

  • CISOs need to develop a marketing strategy for their information security program.
  • Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
  • Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.

Satisfy Customer Requirements for Information Security Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should proactively satisfy customer requirements for information security, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Manage customer expectations for information security

Identify your customers’ expectations for security and privacy, value rank your customers to right-size your efforts, and learn how to impress them with your information security program.

  • Satisfy Customer Requirements for Information Security – Phase 1: Manage Customer Expectations for Information Security

2. Select a certification path

Decide whether to obtain SOC 2 or ISO 27001 certification, and build a business case for certification.

  • Satisfy Customer Requirements for Information Security – Phase 2: Select a Certification Path
  • Security Certification Selection Tool
  • Security Certification Business Case Tool

3. Obtain and maintain certification

Develop your certification scope, prepare for the audit, and learn how to maintain your certification over time.

  • Satisfy Customer Requirements for Information Security – Phase 3: Obtain and Maintain Certification
[infographic]

Establish an Effective Data Protection Plan

  • Buy Link or Shortcode: {j2store}504|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $6,850 Average $ Saved
  • member rating average days saved: 9 Average Days Saved
  • Parent Category Name: Storage & Backup Optimization
  • Parent Category Link: /storage-and-backup-optimization
  • Business requirements can be vague. Not knowing the business needs often results in overspending and overexposure to liability through data hoarding.
  • Backup options are abundant. Disk, tape, or cloud? Each has drawbacks, efficiencies, and cost factors that should be considered.
  • Backup infrastructure is never greenfield. Any organization with a history has been doing backup. Existing software was likely determined by past choices and architecture.

Our Advice

Critical Insight

  • Don’t let failure be your metric.
    The past is not an indication of future performance! Quantify the cost of your data being unavailable to demonstrate value to the business.
  • Stop offloading backup to your most junior staff.
    Data protection should not exist in isolation. Get key leadership involved to ensure you can meet organizational requirements.
  • A lot of data is useless. Neglecting to properly tag and classify data will lead to a costly data protection solution that protects redundant, useless, or outdated data

Impact and Result

  • Determine the current state of your data protection strategy by identifying the pains and gains of the solution and create a business-facing diagram to present to relevant stakeholders.
  • Quantify the value of data to the business to properly understand the requirements for data protection through a business impact analysis.
  • Identify the attributes and necessary requirements for your data tiers to procure a fit-for-purpose solution.

Establish an Effective Data Protection Plan Research & Tools

Start here – read the Executive Brief

Read this Executive Brief to understand why the business should be involved in your data protection plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define the current state of your data protection plan

Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.

  • Establish an Effective Data Protection Plan – Phase 1: Define the Current State of Your Data Protection Plan
  • Data Protection Value Proposition Canvas Template

2. Conduct a business impact analysis to understand requirements for restoring data

Understand the business priorities.

  • Establish an Effective Data Protection Plan – Phase 2: Conduct a Business Impact Analysis to Understand Requirements for Restoring Data
  • DRP Business Impact Analysis Tool
  • Legacy DRP Business Impact Analysis Tool
  • Data Protection Recovery Workflow

3. Propose the future state of your data protection plan

Determine the desired state.

  • Establish an Effective Data Protection Plan – Phase 3: Propose the Future State of Your Data Protection Plan

4. Establish proper governance for your data protection plan

Explore the component of governance required.

  • Establish an Effective Data Protection Plan – Phase 4: Establish Proper Governance for Your Data Protection Plan
  • Data Protection Proposal Template
[infographic]

Build an Application Department Strategy

  • Buy Link or Shortcode: {j2store}180|cart{/j2store}
  • member rating overall impact: 9.2/10 Overall Impact
  • member rating average dollars saved: $220,866 Average $ Saved
  • member rating average days saved: 34 Average Days Saved
  • Parent Category Name: Architecture & Strategy
  • Parent Category Link: /architecture-and-strategy
  • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
  • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

Our Advice

Critical Insight

  • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
  • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

Impact and Result

Understand what your department’s purpose is through articulating its strategy in three steps:

  • Determining your application department’s values, principles, and orientation.
  • Laying out the goals, objectives, metrics, and priorities of the department.
  • Building a communication plan to communicate your overall department strategy.

Build an Application Department Strategy Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Take stock of who you are

Consider and record your department’s values, principles, orientation, and capabilities.

  • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
  • Application Department Strategy Supporting Workbook

2. Articulate your strategy

Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

  • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
  • Application Department Strategy Template

3. Communicate your strategy

Communicate your department’s strategy to your key stakeholders.

  • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

Infographic

Workshop: Build an Application Department Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Take Stock of Who You Are

The Purpose

Understand what makes up your application department beyond the applications and services provided.

Key Benefits Achieved

Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

Activities

1.1 Identify your team’s values and guiding principles.

1.2 Define your department’s orientation.

Outputs

A summary of your department’s values and guiding principles

A clear view of your department’s orientation and supporting capabilities

2 Articulate Your Strategy

The Purpose

Lay out all the details that make up your application department strategy.

Key Benefits Achieved

A completed application department strategy canvas containing everything you need to communicate your strategy.

Activities

2.1 Write your application department vision statement.

2.2 Define your application department goals and metrics.

2.3 Specify your department capabilities and orientation.

2.4 Prioritize what is most important to your department.

Outputs

Your department vision

Your department’s goals and metrics that contribute to achieving your department’s vision

Your department’s capabilities and orientation

A prioritized roadmap for your department

3 Communicate Your Strategy

The Purpose

Lay out your strategy’s communication plan.

Key Benefits Achieved

Your application department strategy presentation ready to be presented to your stakeholders.

Activities

3.1 Identify your stakeholders.

3.2 Develop a communication plan.

3.3 Wrap-up and next steps

Outputs

List of prioritized stakeholders you want to communicate with

A plan for what to communicate to each stakeholder

Communication is only the first step – what comes next?

Why learn from Tymans Group?

The TY classes contain in-depth learning material based on over 30 years of experience in IT Operations and Resilience.

You receive the techniques, tips, tricks, and "professional secrets" you need to succeed in your resilience journey.

Why would I share "secrets?"

Because over time, you will find that "secrets" are just manifested experiences.

What do I mean by that? Gordon Ramsay, who was born in 1966 like me, decided to focus on his culinary education at age 19. According to his Wikipedia page, that was a complete accident. (His Wikipedia page is a hoot to read, by the way.) And he has nothing to prove anymore. His experience in his field speaks for itself.

I kept studying in my original direction for just one year longer, but by 21, I founded my first company in Belgium in 1987, in the publishing industry. This was extended by IT experiences in various sectors, like international publishing and hospitality, culminating in IT for high-velocity international financial markets and insurance.

See, "secrets" are a great way to get you to sign up for some "guru" program that will "tell all!" Don't fall for it, especially if the person is too young to have significant experience.

There are no "secrets." There is only experience and 'wisdom." And that last one only comes with age.

If I were in my 20s, 30s, or 40s, there is no chance I would share my core experiences with anyone who could become my competitor. At that moment, I'm building my own credibility and my own career. I like helping people, but not to the extent that it will hurt my prospects. 

And that is my second lesson: be always honest about your intentions. Yes, always. 

At the current point in my career, "hurting my prospects" is less important. Yes, I still need to make a living, and in another post, I will explain more about that. Here, I feel it is important to share my knowledge and experience with the next people who will take my place in the day-to-day operations of medium and large corporations. And that is worth something. Hence, "sharing my secrets."

Gert

Why learn about resilience from us?

This is a great opportunity to learn from my 30+ years of resilience experience. TY's Gert experienced 9/11 in New York, and he was part of the Lehman Disaster Recovery team that brought the company back within one (one!) week of the terrorist attack.

He also went through the London Bombings of 2005 and the 2008 financial crisis, which required fast incident responses, the Covid 2020 issues, and all that entailed. Not to mention that Gert was part of the Tokyo office disaster response team as early as 1998, ensuring that Salomon was protected from earthquakes and floods in Japan.

Gert was part of the solution (for his clients) to several further global events, like the admittedly technical log4J event in 2021, the 2024 Crowdstrike event, and many other local IT incidents, to ensure that clients could continue using the services they needed at that time.

Beyond the large corporate world, we helped several small local businesses improve their IT resilience with better cloud storage and security solutions. 

These solutions and ways of thinking work for any business, large or small.

The TY team

Explore our resilience solutions.

Foster Data-Driven Culture With Data Literacy

  • Buy Link or Shortcode: {j2store}132|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $12,999 Average $ Saved
  • member rating average days saved: 115 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management

Organizations are joining the wave and adopting machine learning and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by looking at their data – empowering their people to realize and embrace the valuable insights within the organization’s data.

The key to achieve becoming a data-driven organization is to foster a strong data culture and equip employees with data skills through an organization-wide data literacy program.

Our Advice

Critical Insight

  • Start with real business problems in a hands-on format to demonstrate the value of data.
  • Use a formalized organization-wide approach to data literacy program to bridge the data skills gap.
  • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding, development plan).

Impact and Result

Data literacy is critical to the success of digital transformation and AI analytics. Info-Tech’s approach to creating a sustainable and effective data literacy program is recognizing it is:

  • More than just technical training. A data literacy program isn’t just about data; it encompasses aspects of business, IT, and data.
  • More than a one-off exercise. To keep the literacy skills alive the program must be regular, sustainable, and tailored to different needs across all levels of the organization.
  • More than one delivery format. Different delivery methods need to be considered to suit various learning styles to ensure an effective delivery.

Foster Data-Driven Culture With Data Literacy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Foster Data-Driven Culture With Data Literacy Storyboard – A step-by-step guide to help organizations build an effective and sustainable data literacy program that benefits all employees who work with data.

Data literacy as part of the data governance strategic program should be launched to all levels of employees that will help your organization bridge the data knowledge gap at all levels of the organization. This research recommends approaches to different learning styles to address data skill needs and helps members create a practical and sustainable data literacy program.

  • Foster Data-Driven Culture With Data Literacy Storyboard

2. Fundamental Data Literacy Program Template – A document that provides an example of a fundamental data literacy program.

Kick off a data awareness program that explains the fundamental understanding of data and its lifecycle. Explore ways to create or mature the data literacy program with smaller amounts of information on a more frequent basis.

  • Fundamental Data Literacy Program Template
[infographic]

Further reading

Foster Data-Driven Culture With Data Literacy

Data literacy is an essential part of a data-driven culture, bridging the data knowledge gaps across all levels of the organization.

Analyst Perspective

Data literacy is the missing link to becoming a data-driven organization.

“Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.

Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.

Annabel Lui

Principal Advisory Director, Data & Analytics Practice
Info-Tech Research Group

Executive Summary

Your Challenge

Organizations are joining the wave and adopting machine learning (ML) and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by empowering their people to realize and embrace the valuable insights within the organization’s data.

The key to becoming a data-driven organization is to foster a strong data culture and equip people with data skills through an organization-wide data literacy program.

Common Obstacles

Challenges the data leadership is likely to face as digital transformation initiatives drive intensified competition:

  • Resistance to change
  • Technological distractions
  • “Shadow data”
  • Difficulty securing resources and skilled data professionals
  • Inability to appreciate the value of data and its meaning for users – even fear of it

Info-Tech's Approach

We interviewed data leaders and instructors to gather insights about investing in data:

  • Start with real business problems in a hands-on format to demonstrate the value of data.
  • Implement a formalized organization-wide approach to data literacy program to bridge the data skill gap.
  • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding,development plan).

Info-Tech Insight

By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.

Your Challenge

Data literacy is the missing link to drive business outcomes from data.

  • Having a data-driven culture as an organization’s mission statement without implementing a data literacy program is like making an empty promise and leaving the value unrealized and unattainable.
  • A study conducted by the Data Literacy Project clearly indicates that organizations with aggressive data literacy programs will outperform those who do not have such programs. By 2030, data literacy will be one of the most sought-after skill sets. All employees require data literacy skills.
  • Everyone has a role in data. From employees who are actively involved in data collection to operational teams who create reports with analytics tools and finally to executives who use data to make business decisions – they all require continuous data literacy training in a data-driven organization. Because of differences in maturity, data literacy strategies cannot be one-size-fits-all.

“Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.

75% of organizational employees have access to data tools – only 21% demonstrated confidence in their data skills.

Source: Accenture, 2020.

89% of C-level executives expect team members to explain how data has informed their decisions, but only 11% employees are fully confident in their ability to read, analyze, work with, and communicate with data

Source: Qlik, 2022.

Data debt or data asset?

Manage your data as strategic assets.

“[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”

Signs of data debt when considering investing in data literacy:

  • Lack of definition and understanding of data terms, therefore they don’t speak the same language. Without data literacy, an organization will not succeed in becoming a data-driven organization.
  • Putting data literacy as a low priority. Organization sees this as “another” training to put on the list and keeps it on the back burner.
  • Data literacy is not seen as the number one skill set needed in the organization. However, anyone who works with data requires data skills.
  • End users are not trained on self-serve features and tools.
  • Focusing on a minority group of people rather than everyone in the organization or seeing it as a one-off exercise.
  • Delays or failure to deliver digital transformation projects due to lack of data skills and data access issues.

66%

of organizations say a backlog of data debt is impacting new data management initiatives.

40%

of organizations say individuals within the business do not trust data insights.

30%

of organizations are unable to become data-driven.

Source: Experian, 2020

Info-Tech’s Approach

Data literacy is critical to success with digital transformation and AI analytics.

Diagram showing components of Data literacy: 1 - Data: understand your data, 2 - Business: define the purpose, 3 - IT: Introduce new ways of working

The Info-Tech difference:

  1. More than just technical training. Data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data.
  2. More than a one-off exercise. To keep literacy skills alive, the program must be routine and sustainable, tailored to different needs across all levels of the organization.
  3. More than one delivery format. Different delivery methods need to be considered to suit various learning styles.

Data needs to be processed

Data – facts – are organized, processed, and given meaning to become insights.

Data, information, knowledge, insight, wisdom

Image source: Welocalize, 2020.

Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.

Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.

When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.

Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).

Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.

Investment in data literacy is a game changer.

Data literacy is the ability to collect, manage, evaluate, and apply data in a critical manner.

A data-driven culture is “an operating environment that seeks to leverage data whenever and wherever possible to enhance business efficiency and effectiveness” (Forbes).

Info-Tech Insight

Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.

Info-Tech’s methodology for building a data literacy program

Phase Steps

1. Define Data Literacy Objectives

1.1 Understand organization’s needs

1.2 Create vision and objective for data literacy program

2. Assess Learning Style and Align to Program Design

2.1 Create persona and identify audience

2.2 Assess learning style and align to program design

2.3 Determine the right delivery method

3. Socialize Roadmap and Milestones

3.1 Establish a roadmap

3.2 Set key performance metrics and milestones

Phase Outcomes

Identify key objectives to establish and grow the data literacy program by articulating the problem and solutions proposed.

Assess each audience’s learning style and adapt the program to their unique needs.

Show a roadmap with key performance indicators to track each milestone and tell a data story.

Insight Summary

“In a world of more data, the companies with more data-literate people are the ones that are going to win.”

– Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021

Overarching insight

By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.

Module 1 insight

We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.

Module 2 insight

Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.

Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.

Module 3 insight

A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.

Tactical insight

A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.

Tactical insight

Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.

Key performance indicators (KPIs) for your data literacy program

How do you know if your data literacy program is successful? Here are some useful KPIs:

Program Adoption Metrics

  • Percentage of employees attending data literacy training
  • Percentage of participants who report gains in data management knowledge after training sessions
  • Maturity assessment result
  • Survey and diagnostic feedback before and after training
  • Trend analysis of overall data literacy program

Operational Metrics

  • Number of requests for analytics/reporting services
  • Number of reports created by users
  • Speed and quality of business decisions
  • User satisfaction with reports and analytics services
  • Improved business performance (customer satisfaction)
  • Improved valuation of organization data

A data-driven culture builds tools and skills, builds users’ trust in the quality of data across sources, and raises the skills and understanding among the frontlines by encouraging everyone to leverage data for critical thinking and innovation.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."

Diagnostics and consistent frameworks are used throughout all four options.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Session 1

Session 2

Session 3

Session 4

Activities

Define Data Literacy Objectives

1.1 Review Data Culture Diagnostic results

1.2 Identify business context: business goals, initiatives

1.3 Create vision and objective for data literacy program

Assess Learning Style and Align to Program Design

2.1 Identify audience

2.2 Assess learning style and align to program design

2.3 Determine the right delivery method

Build a Data Literacy Roadmap and Milestones

3.1 Identify program initiatives and topics

3.2 Determine delivery methods

3.3 Build the data literacy roadmap

Operational Strategy to implement Data Literacy

4.1 Identify key performance metrics

4.2 Identify owners and document RACI matrix

4.3 Discuss next steps and wrap up.

Deliverables

  1. Diagnostics reports (data culture survey)
  2. Vision and value statement
  1. Assessment of audience covering all levels of organization
  1. List of key program initiatives and topics
  2. Allocation of delivery methods
  3. Roadmap
  1. Data literacy metrics
  2. List of owners and roles and responsibilities
  3. Next step and implementation schedule

Phase 1

Define Data Literacy Objectives

Phase 1: step 1 - Understand organization's needs, step 2 - Create vision and objective for data literacy program.

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

  • Understand the organization’s needs.
  • Create vision and objective for data literacy program.

This phase involves the following participants:

  • Data governance sponsor
  • Data owners
  • Data stewards
  • Data custodians

1.1 Gauge your organization’s current data culture

Conduct data culture survey or diagnostic.

  1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
  2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
  3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
  4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

Input

  • Email addresses of participants in your organization who should receive the survey

Output

  • Your organization’s Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
  • An understanding of whether data is currently perceived to be an asset to the organization

Materials

  • Info-Tech’s Data Culture Diagnostic service

Participants

  • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organization
  • Data owners, stewards, and custodians
  • Core data users and consumers

Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

1.2 Define data literacy objectives

  1. Understand the organization’s needs by identifying opportunities and challenges relating to data. Document the described real-life examples.
  2. Categorize the list and identify areas where data literacy can address the business problem.
  3. Create a vision statement for the data literacy program, ensuring that it covers all levels of the organization.
  4. Articulate the intended targets and goals in planning for a data literacy program.

Input

  • List of opportunities and challenges relating to data
  • Relevant business real-life examples

Output

  • Categorized list of data literacy needs
  • Vision for literacy program
  • Targets and goals

Materials

  • Whiteboard/flip charts
  • Sticky notes

Participants

  • CDO or sponsor
  • Key business stakeholders
  • Data stewards
  • Data custodians
  • Data governance working group

Quick wins for improving data literacy

Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:

87%

think more can be done to define and document commonly used terms with methods such as a business data glossary.

68%

think they can have a better understanding of the meaning of all data elements that are being captured or managed.

86%

feel that they can have more training in terms of tools as well as on what data is available at the organization.

Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652

Quick Wins

  • Create a business data glossary to document and define common terms.
  • Provide easy access to the business data glossary and procedures on how data is captured and managed.
  • Launch an organization-wide data literacy program.

Delivering value is a means and the goal

Start with real business problems in a hands-on format to demonstrate the value of data.

Identify business problem:

  • Business decisions without facts are just guesses.
  • Management spends a lot of time finding and fixing data.
  • Unknown challenges on data assets and risk.
  • Incomplete view of customer/client and industry.
  • Not ready for modern data opportunities (e.g. artificial intelligence).

Create an objective

Treat data as a strategic asset to gain insight into our customers for all levels of organization.

The solution: Data-driven culture powered by people who speak data.

  • Data dictionary
  • Data literacy
  • Trusted single source
  • Access to analytics tools
  • Decision making

"According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."

– Alation, 2020

Fundamental data literacy

Data literacy is more than just a technical training or a one-off exercise.

Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.

Info-Tech Research Group’s Data Literacy Program

Use discovery and diagnostics to understand users’ comfort level and maturity with data.

Data lunch 'n' learn

  • The power and value of data
  • Everyone is a data steward
  • Becoming data literate
  • Data 101
  • The future is data
1 hour
For: General audience, senior leadership, data leads, change management

Speak data

  • What is data
  • Meet the data team
  • Day in the life of a steward
  • How data impacts you
  • Tools of the trade
1/2 day
For: New stewards, data owners, pre-data strategy workshop

Your data story

  • Ask the right questions
  • Find the top five data elements
  • Understand your data
  • Present your data story
  • Lessons from COVID-19
1/2 day
For: New stewards, business data owners, pre-BI/analytics workshop

Phase 2

Assess Learning Style and Align to Program Design

Phase 2: step 1 - Identify audience, step 2 - Access learning style and align to program design, step 3 - Determine the right delivery method.

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

  • Identify your audience.
  • Assess learning styles and align them to the data program design.
  • Determine the right delivery method.

This phase involves the following participants:

  • Data governance sponsor
  • Data owners
  • Data stewards
  • Data custodians

Avoid common pitfalls

75%

feel that training was too long to remember or to apply in their day-to-day work.

21%

find training had insufficient follow-up to help them apply on the job.

Source: Grovo, 2018.

  1. Information Overload

    Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.
  2. Limited Implementation

    Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.
  3. Lack of Organizational Alignment

    Implementing training without a clear link to organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving effectiveness.

2.1 Understand learning style

  1. Create persona and identify the audiences and their roles in data across all levels of the organization.
  2. Identify the data program initiatives and assign the best delivery method to each initiative.
  3. Assign participants to each program initiative based on their skill gap and learning style.

Input

  • List of audiences, their roles, and tenures
  • Data skill gap assessment
  • List of literacy program initiatives/topics

Output

  • Target audience grouping
  • List of program initiatives with assigned groups

Materials

  • Whiteboard/flip charts
  • Sticky notes

Participants

  • CDO or sponsor
  • Key business stakeholders
  • Data stewards
  • Data custodians
  • Data governance working group

You and data

Is data an integral part of your work?

Do you feel comfortable finding and using data in your organization?

  • Many people feel intimidated by data and therefore miss out on what data can do for them.
  • Often the obstacle is language. If you don’t understand the semantics around data, you will not feel confident to contribute to discussions around data.
  • You use data every day but need additional vocabulary to understand how to handle it properly.
  • Data literacy is the ability to “speak data” and to understand what data means (i.e. how to read charts and graphs, draw valid conclusions, and recognize when data is misinterpreted or used inappropriately to be misleading).
  • The business often doesn’t understand its role in data governance and how it informs and assists IT in responsible data management.

Info-Tech Insight

IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.

Create personas

Persona creation is a way to brainstorm ideas for the data literacy program.

Choose a data role (e.g. data steward, data owner, data scientist).

Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.

Identify data skill and level of skills required.

Persona 1: Denise - Manager, People and Culture. Goals, priorities, tenure, data role, learning style, skill level

Consider these other ways to brainstorm:

  • Review current in-flight projects.
  • Analyze types of data requests.
  • Understand needs by department.
  • Share learnings in a community of practice.

Program design

Categorize into six data skill areas

Not everyone needs the same level of skill sets

Bullseye board with skill levels (Innermost going outward): Expert, advanced, intermediate and Basic. The six data skill areas: 1. Understanding Data, 2. Find and Obtain Data, 3. Read, Interpret and Evaluate Data, 4. Manage Data, 5. Create and Use Data, 6. Tell a Story and Share Data are placed equally around in sections.

Map the personas to the program

Bridging the data knowledge gap.

  • Each component will promote the value of data to all levels of employees when demonstrating the right way for data to be understood, managed, and consumed in the organization.
  • Categorizing the data literacy program into six areas and levels of skill sets will provide clarity into which areas to focus on.
  • The program is intended to be implemented in stages, allowing the audience to learn and adopt the new skills. Leveraging in-flight projects for rolling out training will have a higher success because the need is already built into the project.
Personas are placed at different points in the data skill area and skill level.

Align program design to learning styles

The four methods (Discussion, Information, Coaching, and Self-Discovery) are based on learner-centered model design rather than the traditional teacher-centered model.

Info-Tech Insight

Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.

When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.

Discussion method

Delivery Method

  • Interactive format between instructor and learner
  • Instructor empowers and motivates learner through dialogues and exercises

The imaginative learner

The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.

For this group of learners, their question is: why should I learn this?

Learning characteristics

  • Seek meaning
  • Need to be personally involved
  • Learn by listening and sharing ideas
  • Function through social interaction

Information method

Delivery Method

  • Instructor does most of the talking in the training
  • Instructor is teaching the content, delivering the training content, and demonstrating

Analytical learner

The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.

For this group of learners, their question is: what should I learn?

Learning characteristics

  • Seek and examine the facts
  • Need to know what experts think
  • Interested in ideas and concepts
  • Critique information and collect data
  • Function by adapting to experts

Coaching method

Delivery Method

  • Learning has on-the-job training or learning through role-play exercises
  • Instructor is coaching and facilitating learner

Common sense learner

The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.

For this group of learners, their question is: how should I learn?

Learning characteristics

  • Seek usability
  • Need to know how things work
  • Learn by testing theories using practical methods
  • Use factual data to build concepts
  • Enjoy hands-on experience

Self-discovery method

Delivery Method

  • Interactive format between instructor and learner
  • Instructor provides evaluation and remedial instruction

Common sense learner

The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.

For this group of learners, their question is: what if I learn this?

Learning characteristics

  • Seek hidden possibilities
  • Need to know what can be done with things
  • Learn by trial and error
  • Enjoy variety and excel in being flexible

Delivery method considerations

There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

Phase 3

Map Out Data Literacy Roadmap and Milestones

Phase 3: step 1 - Roadmap exercise, step 2 - Set key performance metrics and milestones.

Foster Data-Driven Culture With Data Literacy

This phase will walk you through the following activities:

  • Complete a roadmap exercise.
  • Set key performance metrics and milestones.

This phase involves the following participants:

  • Data governance sponsor
  • Data owners
  • Data stewards
  • Data custodians

3.1 Build the data literacy roadmap and milestones

1-3 hours
  1. Gather the data literacy objectives and list of program initiatives with their assigned groups.
  2. Discuss each program initiative with the data literacy creation team, assigning content owners and estimating effort required to build the content.

For the Gantt chart:

  • Input the roadmap start year.
  • List each data literacy topic and delivery method.
  • Populate the planned start and end dates for the prepopulated list of program initiatives.

Input

  • List of data literacy topics with assigned groups
  • Vision statement of data literacy program
  • Data literacy objectives

Output

  • Roadmap Gantt chart
  • List of program initiatives with start and end date
  • Content owner assignment

Materials

  • Whiteboard/flip charts
  • Sticky notes
  • MS Projects/Excel

Participants

  • CDO or sponsor
  • Key business stakeholders
  • Data stewards
  • Data custodians
  • Data governance working group

Data literacy journey mapping

Making it sustainable

  • Deliver the literacy program in stages to make it easier for the audience to consume the content.
  • Allow opportunities to apply the learnings at work.
  • Map out the data literacy trainings as they get delivered and identify gaps, if any. Continue to refine and adjust the program and delivery method for better outcome.
  • Set clear goals and KPIs measurement up front.
  • Conduct Info-Tech Research Group’s Data Culture Diagnostics to set the baseline and repeat the assessment in 12 to 18 months.
  • Assign champions to lead change and influence end users to adopt better processes.
Data Literacy journey mapping. Different departments need different skills in data literacy.

Research contributors

Name

Position

Andrea Malick Advisory Director, Info-Tech Research Group
Andy Neill AVP, Data and Analytics, Chief Enterprise Architect, Info-Tech Research Group
Crystal Singh Research Director, Info-Tech Research Group
Imad Jawadi Senior Manager, Consulting Advisory, Info-Tech Research Group
Irina Sedenko Research Director, Info-Tech Research Group
Reddy Doddipalli Senior Workshop Director, Info-Tech Research Group
Sherwick Min Technical Counselor, Info-Tech Research Group
Wayne Cain Principal Advisory Director, Info-Tech Research Group

Info-Tech’s Data Literacy Program

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Session 1

Session 2

Session 3

Session 4

Activities

Understand the WHY and Value of Data

1.1 Business context, business objectives, and goals

1.2 You and data

1.3 Data journey from data to insights

1.4 Speak data – common terminology

Learn about the WHAT Through Data Flow

2.1 Data creation

2.2 Data ingestion

2.3 Data accumulation

2.4 Data augmentation

2.5 Data delivery

2.6 Data consumption

Explore the HOW Through Data Visualization Training

3.1 Ask the right questions

3.2 Find the top five data elements

3.3 Understand your data

3.4 Present your data story

3.5 Sharing of lessons learned

Put Them All Together Through Data Governance Awareness

4.1 Data governance framework

4.2 Data roles and responsibilities

4.3 Data domain and owners

Deliverables

  1. Learning material for understanding the data fundamental and its terminology
  1. Learning material for data flow elements
  1. Learning material for data visualization
  1. Learning material for data governance awareness program

Related Info-Tech Research

Establish Data Governance

Deliver measurable business value.

Build a Robust and Comprehensive Data Strategy

Key to building and fostering a data-driven culture.

Create a Data Management Roadmap

Streamline your data management program with our simplified framework.

Bibliography

About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.

Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.

Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.

Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.

Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.

---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.

Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.

Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.

Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.

Experian. “2019 Global Data Management Research.” Experian, 2019. Web.

Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.

Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.

Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.

LifeTrain. “Learning Style Quiz.” EMTrain, Web.

Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.

Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.

Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/

Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.

Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.

Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.

Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.

Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.

Qlik. “What is data literacy?” Qlik, n.d. Web.

Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.

Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.

Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.

Modernize Your Corporate Website to Drive Business Value

  • Buy Link or Shortcode: {j2store}524|cart{/j2store}
  • member rating overall impact: 8.0/10 Overall Impact
  • member rating average dollars saved: $10,399 Average $ Saved
  • member rating average days saved: 10 Average Days Saved
  • Parent Category Name: Marketing Solutions
  • Parent Category Link: /marketing-solutions
  • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
  • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

Our Advice

Critical Insight

Complication

  • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
  • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

Insights

  • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
  • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

Impact and Result

  • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
  • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
  • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

Modernize Your Corporate Website to Drive Business Value Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define UX requirements

Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

  • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
  • Website Design Document Template

2. Design UX-driven website

Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

  • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
[infographic]

Workshop: Modernize Your Corporate Website to Drive Business Value

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Define Your UX Requirements

The Purpose

List the business objectives of your website.

Describe your user personas, use cases, and user workflow.

Identify current UX issues through simulations, website design, and system reviews.

Key Benefits Achieved

Strong understanding of the business goals of your website.

Knowledge of the behaviors and needs of your website’s users.

Realization of the root causes behind the UX issues of your website.

Activities

1.1 Define the business objectives for the website you want to optimize

1.2 Define your end-user personas and map them to use cases

1.3 Build your website user workflow

1.4 Conduct a SWOT analysis of your website to drive out UX issues

1.5 Gauge the UX competencies of your web development team

1.6 Simulate your user workflow to identify the steps driving down UX

1.7 Assess the composition and construction of your website

1.8 Understand the execution of your website with a system architecture

1.9 Pinpoint the technical reason behind your UX issues

1.10 Clarify and prioritize your UX issues

Outputs

Business objectives

End-user personas and use cases

User workflows

Website SWOT analysis

UX competency assessment

User workflow simulation

Website design assessment

Current state of web system architecture

Gap analysis of web system architecture

Prioritized UX issues

2 Design Your UX-Driven Website

The Purpose

Design wireframes and storyboards to be aligned to high priority use cases.

Design a web system architecture that can sufficiently support the website.

Identify UX metrics to gauge the success of the website.

Establish a website design process flow.

Key Benefits Achieved

Implementation of key design elements and website functions that users will find stimulating and valuable.

Optimized web system architecture to better support the website.

Website design process aligned to your current context.

Rollout plan for your UX optimization initiatives.

Activities

2.1 Define the roles of your UX development team

2.2 Build your wireframes and user storyboards

2.3 Design the target state of your web environment

2.4 List your UX metrics

2.5 Draw your website design process flow

2.6 Define your UX optimization roadmap

2.7 Identify and engage your stakeholders

Outputs

Roles of UX development team

Wireframes and user storyboards

Target state of web system architecture

List of UX metrics

List of your suppliers, inputs, processes, outputs, and customers

Website design process flow

UX optimization rollout roadmap

Data and Analytics Trends 2023

  • Buy Link or Shortcode: {j2store}208|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Business Intelligence Strategy
  • Parent Category Link: /business-intelligence-strategy

Data is a unique resource that keeps growing, presenting opportunities along the way. CIOs and IT leaders can use rapidly evolving technologies and capabilities to harness this data and its value for the organization.

IT leaders must prepare their teams and operations with the right knowledge, capabilities, and strategies to make sure they remain competitive in 2023 and beyond. Nine trends that expand on the three common Vs of data – volume, velocity, and variety – can help guide the way.

Focus on trends that align with your opportunities and challenges

The path to becoming more competitive in a data-driven economy differs from one company to the next. IT leaders should use the data and analytics trends that align most with their organizational goals and can lead to positive business outcomes.

  1. Prioritize your investments: Conduct market analysis and prioritize the data and analytics investments that will be critical to your business.
  2. Build a robust strategy: Identify a clear path between your data vision and business outcomes to build a strategy that’s a good fit for your organization.
  3. Inspire practical innovation: Follow a pragmatic approach to implementing trends that range from data gravity and democratization to data monetization and augmented analytics.

Data and Analytics Trends 2023 Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Data and Analytics Trends Report 2023 – A report that explores nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy.

Data technologies are rapidly evolving. Understanding data's art of the possible is critical. However, to adapt to these upcoming data trends, a solid data management foundation is required. This report explores nine data trends based on the proven framework of data V's: Volume, Velocity, Variety, Veracity, Value, Virtue, Visualization, Virality, and Viscosity.

  • Data and Analytics Trends Report 2023
[infographic]

Further reading

Data and Analytics Trends Report 2023

SOONER OR LATER, YOU WILL BE IN THE DATA BUSINESS!

Nine Data Trends for 2023

In this report, we explore nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy. Use cases combine emerging data trends and modernization of existing capabilities.

  1. VOLUME
    • Data Gravity
  2. VELOCITY
  • Democratizing Real-Time Data
  • VARIETY
    • Augmented Data Management
  • VERACITY
    • Identity Authenticity
  • VALUE
    • Data Monetization
  • VIRTUE
    • Adaptive Data Governance
  • VISUALIZATION
    • AI-Driven Storytelling & Augmented Analytics
  • VIRALITY
    • Data Marketplace
  • VISCOSITY
    • DevOps – DataOps – XOps

    VOLUME

    Data Gravity

    Trend 01 Demand for storage and bandwidth continues to grow

    When organizations begin to prioritize data, they first consider the sheer volume of data, which will influence data system design. Your data systems must consider the existing and growing volume of data by assessing industry initiatives such as digital transformation, Industry 4.0, IoT, consumer digital footprint, etc.

    The largest data center in the world is a citadel in Reno, Nevada, that stretches over 7.2 million square feet!

    Source: Cloudwards, 2022

    IoT devices will generate 79.4 zettabytes of data
    by 2025.

    Source: IDC, 2019

    There were about 97
    zettabytes of data generated worldwide in 2022.

    Source: “Volume of Data,” Statista, 2022

    VOLUME

    Data Gravity

    Data attracts more data and an ecosystem of applications and services

    SharePoint, OneDrive, Google Drive, and Dropbox offer APIs and integration opportunities for developers to enhance their products.

    Social media platforms thought about this early by allowing for an ecosystem of filters, apps, games, and effects that engage their users with little to no additional effort from internal resources.

    The image contains four logos. SharePoint, OneDrive, Google Drive, and Dropbox.

    VOLUME

    Data Gravity

    Focus on data gravity and avoid cloud repatriation

    Data gravity is the tendency of data to attract applications, services, and other data. A growing number of cloud migration decisions will be made based on the data gravity concept. It will become increasingly important in data strategies, with failure potentially resulting in costly cloud repatriations.

    Emerging technologies and capabilities:

    Data Lakehouse, Data Mesh, Data Fabric, Hybrid Data, Cloud Data, Edge Computing

    47%

    Centralized cloud storage going down in 2 years

    22%
    25%

    Hybrid storage (centralized + edge) going up in 2 years

    47%

    Source: CIO, 2022

    VOLUME

    Data Gravity

    What worked for terabytes is ineffective for petabytes

    When compared to on-premises infrastructure, cloud computing is less expensive and easier to implement. However, poor data replication and data gravity can significantly increase cloud costs to the point of failure. Data gravity will help organizations make better cloud migration decisions.

    It is also critical to recognize changes in the industry landscape. The goal of data processing and analytics is to generate the right data for users to act on. In most cases, the user is a human being, but in the case of autonomous driving (AD), the car takes on the role of the user (DXC Technology).

    To avoid cloud repatriation, it will become prudent for all organizations to consider data gravity and the timing of cloud migration.

    The image contains a diagram on data gravity.

    VELOCITY

    Democratizing Real-Time Data

    Trend 02 Real-time analytics presents an important differentiator

    The velocity element of data can be assessed from two standpoints: the speed at which data is being generated and how fast the organization needs to respond to the incoming information through capture, analysis, and use. Traditionally data was processed in a batch format (all at once or in incremental nightly data loads). There is a growing demand to process data continuously using streaming data-processing techniques.

    Emerging technologies and capabilities:

    Edge Computing

    Google announced it has a quantum computer that is 100 million times faster than any classical computer in its lab.

    Source: Science Alert, 2015

    The number of qubits in quantum computers has been increasing dramatically, from 2 qubits in 1998 to 128 qubits in 2019.

    Source: Statista, 2019

    IBM released a 433-qubit quantum chip named Osprey in 2022 and expects to surpass 1,000 qubits with its next chip, Condor, in 2023.

    Source: Nature, 2023

    VELOCITY

    Democratizing Real-Time Data

    Make data accessible to everyone in real time

    • 90% of an organization’s data is replicated or redundant.
    • Build API and web services that allow for live access to data.
    • Most social media platforms, like Twitter and Facebook, have APIs that offer access to incredible amounts of data and insights.

    VELOCITY

    Democratizing Real-Time Data

    Trend in Data Velocity

    Data democratization means data is widely accessible to all stakeholders without bottlenecks or barriers. Success in data democratization comes with ubiquitous real-time analytics. Google highlights a need to address democratization in two different frames:

    1. Democratizing stream analytics for all businesses to ensure real-time data at the company level.
    2. Democratizing stream analytics for all personas and the ability of all users to generate real-time insights.

    Emerging technologies and capabilities:

    Data Lakehouse, Streaming API Ecosystem, Industry 4.0, Zero-Copy Cloning

    Nearly 70% of all new vehicles globally will be connected to the internet by 2023.

    Source: “Connected light-duty vehicles,” Statista, 2022

    VELOCITY

    Democratizing Real-Time Data

    Enable real-time processing with API

    In the past, data democratization has largely translated into a free data set and open data portals. This has allowed the government to freely share data with the public. Also, the data science community has embraced the availability of large data sets such as weather data, stock data, etc. In the future, more focus will be on the combination of IoT and steaming analytics, which will provide better responsiveness and agility.

    Many researchers, media companies, and organizations now have easy access to the Twitter/Facebook API platform to study various aspects of human behavior and sentiments. Large technology companies have already democratized their data using real-time APIs.

    Thousands of sources for open data are available at your local municipalities alone.

    6G will push Wi-Fi connectivity to 1 terabyte per second! This is expected to become commercially available by 2030.

    VARIETY

    Augmented Data Management

    Trend 03 Need to manage unstructured data

    The variety of data types is increasingly diverse. Structured data often comes from relational databases, while unstructured data comes from several sources such as photos, video, text documents, cell phones, etc. The variety of data is where technology can drive business value. However, unstructured data also poses a risk, especially for external data.

    The number of IoT devices could rise to 30.9 billion by 2025.

    Source: “IoT and Non-IoT Connections Worldwide,” Statista, 2022

    The global edge computing market is expected to reach $250.6 billion by 2024.

    Source: “Edge Computing,” Statista, 2022

    Genomics research is expected to generate between 2 and 40 exabytes of data within the next decade.

    Source: NIH, 2022

    VARIETY

    Augmented Data Management

    Employ AI to automate data management

    New tools will enhance many aspects of data management:

    • Data preparation, integration, cataloging, and quality
    • Metadata management
    • Master data management

    Enabling AI-assisted decision-making tools

    The image contains logos of the AI-assisted decision-making tools. Informatica, collibra, OCTOPAI.

    VARIETY

    Augmented Data Management

    Trend in Data Variety

    Augmented data management will enhance or automate data management capabilities by leveraging AI and related advanced techniques. It is quite possible to leverage existing data management tools and techniques, but most experts have recognized that more work and advanced patterns are needed to solve many complex data problems.

    Emerging technologies and capabilities:

    Data Factory, Data Mesh, Data Fabric, Artificial Intelligence, Machine Learning

    VARIETY

    Augmented Data Management

    Data Fabric vs. Data Mesh: The Data Journey continues at an accelerated pace

    Data Fabric

    Data Mesh

    Data fabric is an architecture that facilitates the end-to-end integration of various data pipelines and cloud environments using intelligent and automated systems. It’s a data integration pattern to unify disparate data systems, embed governance, strengthen security and privacy measures, and provide more data accessibility to workers and particularly to business users.

    The data mesh architecture is an approach that aligns data sources by business domains, or functions, with data owners. With data ownership decentralization, data owners can create data products for their respective domains, meaning data consumers, both data scientists and business users, can use a combination of these data products for data analytics and data science.

    More Unstructured Data

    95% of businesses cite the need to manage unstructured data as a problem for their business.

    VERACITY

    Identity Authenticity

    Trend 04 Veracity of data is a true test of your data capabilities

    Data veracity is defined as the accuracy or truthfulness of a data set. More and more data is created in semi-structured and unstructured formats and originates from largely uncontrolled sources (e.g. social media platforms, external sources). The reliability and quality of the data being integrated should be a top concern. The veracity of data is imperative when looking to use data for predictive purposes. For example, energy companies rely heavily on weather patterns to optimize their service outputs, but weather patterns have an element of unpredictability.

    Data quality affects overall labor productivity by as much as 20%, and 30% of operating expenses are due to insufficient data.

    Source: Pragmatic Works, 2017

    Bad data costs up to
    15% to 25% of revenue.

    Source: MIT Sloan Management Review, 2017

    VERACITY

    Identity Authenticity

    Veracity of data is a true test of your data capabilities

    • Stop creating your own identity architectures and instead integrate a tried-and-true platform.
    • Aim for a single source of truth for digital identity.
    • Establish data governance that can withstand scrutiny.
    • Imagine a day in the future where verified accounts on social media platforms are available.
    • Zero-trust architecture should be used.

    VERACITY

    Identity Authenticity

    Trend in Data Veracity

    Veracity is a concept deeply linked to identity. As the value of the data increases, a greater degree of veracity is required: We must provide more proof to open a bank account than to make friends on Facebook. As a result, there is more trust in bank data than in Facebook data. There is also a growing need to protect marginalized communities.

    Emerging technologies and capabilities:

    Zero Trust, Blockchain, Data Governance, IoT, Cybersecurity

    The image contains a screenshot of Info-Tech's blueprint slide on Zero Trust.

    VERACITY

    Identity Authenticity

    The identity discussion is no longer limited to people or organizations. The development of new technologies, such as the IoT phenomenon, will lead to an explosion of objects, from refrigerators to shipping containers, coming online as well. If all these entities start communicating with each other, standards will be needed to establish who or what they are.

    IDENTITY
    IS

    Age

    Gender

    Address

    Fingerprint

    Face

    Voice

    Irises

    IDENTITY
    KNOWS

    Password

    Passphrase

    PIN

    Sequence

    IDENTITY
    HAS

    Access badge

    Smartcard

    Security token

    Mobile phone

    ID document

    IDENTITY
    DOES

    Motor skills

    Handwriting

    Gestures

    Keystrokes

    Applications use

    The IoT market is expected to grow 18% to 14.4 billion in 2022 and 27 billion by 2025.

    Source: IoT Analytics, 2022

    VALUE

    Data Monetization

    Trend 05 Not Many organization know the true value of their data

    Data can be valuable if used effectively or dangerous if mishandled. The rise of the data economy has created significant opportunities but also has its challenges. It has become urgent to understand the value of data, which may vary for stakeholders based on their business model and strategy. Organizations first need to understand ownership of their data by establishing a data strategy, then they must improve data maturity by developing a deeper understanding of data value.

    94% of enterprises say data is essential to business growth.

    Source: Find stack, 2021

    VALUE

    Data Monetization

    Start developing your data business

    • Blockbuster ran its business well, but Netflix transformed the video rental industry overnight!
    • Big players with data are catching up fast.
    • You don’t have to be a giant to monetize data.
    • Data monetization is probably closer than you think.
    • You simply need to find it, catalog it, and deliver it.

    The image contains logos of companies related to data monetization as described in the text above. The companies are Amazon Prime, Netflix, Disney Plus, Blockbuster, and Apple TV.

    VALUE

    Data Monetization

    Trend in Data Value

    Data monetization is the transformation of data into financial value. However, this does not imply selling data alone. Monetary value is produced by using data to improve and upgrade existing and new products and services. Data monetization demands an organization-wide strategy for value development.

    Emerging technologies and capabilities:

    Data Strategy, Data Monetization Strategy, Data Products

    Netflix uses big data to save $1 billion per year on customer retention.

    Source: Logidots, 2021

    VALUE

    Data Monetization

    Data is a strategic asset

    Data is beyond currency, assets, or commodities and needs to be a category
    of its own.

    • Data always outlives people, processes, and technology. They all come and go while data remains.
    • Oil is a limited resource. Data is not. Unlike oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments, including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.

    Data monetization is currently in the speculative territory, which is unacceptable. It should instead be guided by sound data management theory.

    VIRTUE

    Adaptive Data Governance

    Trend 06 Five Core Virtues: Resilience, Humility, Grit, Liberal Education, Empathy (Forbes, 2020)

    We have become more and more dependent on data, analytics, and organizational protection policies. Data virtue is about leveraging data securely and ethically. This topic has become more critical with the advent of GDPR, the right to be forgotten, and related regulations. Data governance, which seeks to establish an oversight framework that manages the creation, acquisition, integrity, security, compliance, and quality of data, is essential for any organization that makes decisions about data.

    Cultural obstacles are the greatest barrier to becoming data-driven, according to 91.9% of executives.

    Source: Harvard Business Review, 2022

    Fifty million Facebook profiles were harvested for Cambridge Analytica in a major data breach.

    Source: The Guardian, 2018

    VIRTUE

    Adaptive Data Governance

    Encourage noninvasive and automated data governance

    • Data governance affects the entire organization, not just data.
    • The old model for data governance was slow and clumsy.
    • Adaptive data governance encourages faster decision making and a more collaborative approach to governance.
    • Agile data governance allows for faster and more flexible decision making.
    • Automated data governance will simplify execution across the organization.
    • It is great for compliance, quality, impact tracking, and cross-referencing and offers independence to data users.

    VIRTUE

    Adaptive Data Governance

    Trend in Data Virtue

    Adaptive data governance encourages a flexible approach that allows an organization to employ multiple data governance strategies depending on changing business situations. The other aspect of adaptive data governance is moving away from manual (and often slow) data governance and toward aggressive automation.

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    “To effectively meet the needs and velocity of digital organizations and modern practices, IT governance must be embedded and automated where possible to drive success and value.”

    Source: Valence Howden, Info-Tech Research Group

    “Research reveals that the combination of AI and big data technologies can automate almost 80% of all physical work, 70% of data processing, and 64% of data collection tasks.”

    Source: Forbes, 2021

    VIRTUE

    Data Governance Automation

    Simple and easy Data Governance

    Tools are not the ultimate answer to implementing data governance. You will still need to secure stakeholders' buy-in and engagement in the data process. Data governance automation should be about simplifying the execution of roles and responsibilities.

    “When you can see where your data governance strategy can be improved, it’s time to put in place automation that help to streamline processes.”

    Source: Nintex, 2021

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Trend 07 Automated and augmented data storytelling is not that far away

    Today, data storytelling is led by the user. It’s the manual practice of combining narrative with data to deliver insights in a compelling form to assist decision makers in engaging with data and analytics. A story backed by data is more easily consumed and understood than a dashboard, which can be overwhelming. However, manual data storytelling has some major shortcomings.

    Problem # 1: Telling stories on more than just the insights noticed by people

    Problem # 2: Poor data literacy and the limitations of manual self-service

    Problem # 3: Scaling data storytelling across the business

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Use AI to enhance data storytelling

    • Tableau, Power BI, and many other applications already use
      AI-driven analytics.
    • Power BI and SharePoint can use AI to generate visuals for any SharePoint list in a matter of seconds.

    VISUALIZATION

    AI-Driven Storytelling & Augmented Analytics

    Trend in Data Visualization

    AI and natural language processing will drive future visualization and data storytelling. These tools and techniques are improving rapidly and are now designed in a streamlined way to guide people in understanding what their data means and how to act on it instead of expecting them to do self-service analysis with dashboards and charts and know what to do next. Ultimately, being able to understand how to translate emotion, tropes, personal interpretation, and experience and how to tell what’s most relevant to each user is the next frontier for augmented and automated analytics

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    VISUALIZATION

    Data Storytelling

    Augmented data storytelling is not that far away

    Emotions are a cornerstone of human intelligence and decision making. Mastering the art of storytelling is not easy.

    Industry experts predict the combination of data storytelling with augmented and automated techniques; these capabilities are more than capable of generating and automating parts of a data story’s creation for end users.

    The next challenge for AI is translating emotion, tropes, personal interpretation, and experience into what is most essential to end users.

    Source: Yellowfin, 2021

    VIRALITY

    Data Marketplace

    Trend 08 Missing data marketplace

    Data virality measures data spread and popularity. However, for data virality to occur, an ecosystem comparable to that of traditional or modern digital marketplaces is required. Organizations must reevaluate their data strategies to ensure investment in appropriate data domains by understanding data virality. Data virality is the exact opposite of dark data.

    Dark data is “all the information companies collect in their regular business processes, don’t use, have no plans to use, but will never throw out.”

    Source: Forbes, 2019

    VIRALITY

    Data Marketplace

    Make data easily accessible

    • Making data accessible to a broader audience is the key to successful virality.
    • Data marketplaces provide a location for you to make your data public.
    • Why do this? Contributing to public data marketplaces builds credibility, just like contributing to public GitHub projects.
    • Big players like Microsoft, Amazon, and Snowflake already do this!
    • Snowflake introduced zero-copy cloning, which allows users to interact with source data without compromising the integrity of the original source.

    The image contains the logos of Microsoft, Amazon, and Snowflake.

    VIRALITY

    Data Marketplace

    Trend in Data Virality

    The data marketplace can be defined as a dynamic marketplace where users decide what has the most value. Companies can gauge which data is most popular based on usage and decide where to invest. Users can shop for data products within the marketplace and then join these products with other ones they’ve created to launch truly powerful data-driven projects.

    Emerging technologies and capabilities:

    AI-Powered Data Catalog and Metadata Management,
    Automated Data Policy Enforcement

    The image contains a screenshot of Info-Tech's Data-as-a-Service (DaaS) Framework.

    “Data is like garbage. You’d better know what you are going to do with it before you collect it.”

    – Mark Twain

    VIRALITY

    Data Marketplace

    Journey from siloed data platforms to dynamic data marketplaces

    Data remains a complex topic due to many missing foundational components and infrastructure. Interoperability, security, quality, discoverability, speed, and ease are some of those missing foundational components that most organizations face daily.

    Data lacks an ecosystem that is comparable to those of traditional assets or commodities. Data must be available in open or closed data marketplaces to measure its value. These data marketplaces are still in their infancy.

    “Data markets are an important component of the data economy that could unleash the full potential of data generated by the digital economy and human activity in general.”

    Source: ITU Journal, 2018

    VISCOSITY

    DevOps – DataOps – XOps

    Trend 09 Increase efficiency by removing bottlenecks

    Compared to water, a fluid with a high viscosity flows more slowly, like honey. Data viscosity measures the resistance to flow in a volume of data. The data resistance may come from other Vs (variety, velocity, etc.).

    VISCOSITY

    DevOps – DataOps – XOps

    Increase efficiency by removing bottlenecks

    Consider XOps for a second. It makes no difference what X is. What's important is matching operational requirements to enterprise capabilities.

    • For example, Operations must meet the demands of Sales – hence SalesOps
      or S&Op.
    • Development resources must meet the demands of Operations – hence DevOps.
    • Finally, Data must also meet the demand of Operations.

    These Operations guys are demanding!!

    VISCOSITY

    DevOps – DataOps – XOps

    Trend in Data Viscosity

    The merger of development (Dev) and IT Operations (Ops) started in software development with the concept of DevOps. Since then, new Ops terms have formed rapidly (AIOps, MLOps, ModelOps, PlatformOps, SalesOps, SecOps, etc.). All these methodologies come from Lean manufacturing principles, which seek to identify waste by focusing on eliminating errors, cycle time, collaboration, and measurement. Buzzwords are distractions, and the focus must be on the underlying goals and principles. XOps goals should include the elimination of errors and improving efficiencies.

    Emerging technologies and capabilities:

    Collaborative Data Management, Automation Tools

    VISCOSITY

    DataOps → Data Observability

    Data observability, a subcomponent of DataOps, is a set of technical practices, cultural norms, and architecture that enables low error rates. Data observability focuses on error rates instead of only measuring data quality at a single point in time.

    Data Quality Dimensions

    • Uniqueness
    • Timeliness
    • Validity
    • Accuracy
    • Consistency

    ERROR RATES

    Lateness: Missing Your SLA

    System Processing Issues

    Code Change That Broke Something

    Data Quality

    What’s next? Go beyond the buzzwords.

    Avoid following trends solely for the sake of following them. It is critical to comprehend the concept and apply it to your industry. Every industry has its own set of problems and opportunities.

    Highlight the data trends (or lack thereof) that have been most beneficial to you in your organizations. Follow Info-Tech’s approach to building a data practice and platform to develop your data capabilities through the establishment of data goals.

    The image contains a screenshot of Info-Tech's Build Your Data Pracrice and Platform.

    Research Authors

    Rajesh Parab Chris Dyck

    Rajesh Parab

    Director, Research & Advisory

    Data and Analytics

    Chris Dyck

    Research Lead

    Data and Analytics

    “Data technologies are rapidly evolving. Understanding what’s possible is critical. Adapting to these upcoming data trends requires a solid data management foundation.”

    – Rajesh Parab

    Contributing Experts

    Carlos Thomas John Walsh

    Carlos Thomas

    Executive Counselor

    Info-Tech Research Group

    John Walsh

    Executive Counselor

    Info-Tech Research Group

    Bibliography

    Bean, Randy. “Why Becoming a Data-Driven Organization Is So Hard.” Harvard Business Review, 24 Feb. 2022. Accessed Oct. 2022.
    Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, 13 April 2021.
    Accessed Oct. 2022.
    Burciaga, Aaron. “Five Core Virtues For Data Science And Artificial Intelligence.” Forbes, 27 Feb. 2020. Accessed Aug. 2022.
    Cadwalladr, Carole, and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.”
    The Guardian, 17 March 2018. Accessed Aug. 2022.
    Carlier, Mathilde. “Connected light-duty vehicles as a share of total vehicles in 2023.” Statista, 31 Mar. 2021. Accessed Oct. 2022.
    Carter, Rebekah. “The Ultimate List of Big Data Statistics for 2022.” Findstack, 22 May 2021. Accessed Oct. 2022.
    Castelvecchi, Davide. “Underdog technologies gain ground in quantum-computing race.” Nature, 6 Nov. 2023. Accessed Feb. 2023.
    Clark-Jones, Anthony, et al. “Digital Identity:” UBS, 2016. Accessed Aug 2022.
    “The Cost of Bad Data Infographic.” Pragmatic Works, 25 May 2017. Accessed Oct. 2022.
    Demchenko, Yuri, et al. “Data as Economic Goods: Definitions, Properties, Challenges, Enabling Technologies for Future Data Markets.“ ITU Journal: ICT Discoveries, Special Issue, no. 2, vol. 23, Nov. 2018. Accessed Aug 2022.
    Feldman, Sarah. ”20 Years of Quantum Computing Growth.” Statista, 6 May 2019. Accessed Oct. 2022.
    “Genomic Data Science.” NIH, National Human Genome Research Institute, 5 April 2022. Accessed Oct. 2022.

    Bibliography

    Hasbe, Sudhir, and Ryan Lippert. “The democratization of data and insights: making real-time analytics ubiquitous.” Google Cloud, 15 Jan. 2021.
    Accessed Aug. 2022.
    Helmenstine, Anne. “Viscosity Definition and Examples.” Science Notes, 3 Aug. 2021. Accessed Aug. 2022.
    “How data storytelling and augmented analytics are shaping the future of BI together.” Yellowfin, 19 Aug. 2021. Accessed Aug. 2022.
    “How Netflix Saves $1B Annually using AI?” Logidots, 24 Sept. 2021. Accessed Oct. 2022
    Hui, Kenneth. “The AWS Love/Hate Relationship with Data Gravity.” Cloud Architect Musings, 30 Jan. 2017. Accessed Aug 2022.
    ICD. “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast.” Business Wire, 18 June 2019. Accessed Oct 2022.
    Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025” Statista, 27 Nov. 2022. Accessed Nov. 2022.
    Koch, Gunter. “The critical role of data management for autonomous driving development.” DXC Technology, 2021. Accessed Aug. 2022.
    Morris, John. “The Pull of Data Gravity.” CIO, 23 Feb. 2022. Accessed Aug. 2022.
    Nield, David. “Google's Quantum Computer Is 100 Million Times Faster Than Your Laptop.” ScienceAlert, 9 Dec. 2015. Accessed Oct. 2022.
    Redman, Thomas C. “Seizing Opportunity in Data Quality.” MIT Sloan Management Review, 27 Nov. 2017. Accessed Oct. 2022.
    Segovia Domingo, Ana I., and Álvaro Martín Enríquez. “Digital Identity: the current state of affairs.” BBVA Research, 2018. Accessed Aug. 2022.

    Bibliography

    “State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally.” IOT Analytics, 18 May 2022. Accessed. 14 Nov. 2022.
    Strod, Eran. “Data Observability and Monitoring with DataOps.” DataKitchen, 10 May 2021. Accessed Aug. 2022.
    Sujay Vailshery, Lionel. “Edge computing market value worldwide 2019-2025.” Statista, 25 Feb. 2022. Accessed Oct 2022.
    Sujay Vailshery, Lionel. “IoT and non-IoT connections worldwide 2010-2025.” Statista, 6 Sept. 2022. Accessed Oct. 2022.
    Sumina, Vladimir. “26 Cloud Computing Statistics, Facts & Trends for 2022.” Cloudwards, 7 June 2022. Accessed Oct. 2022.
    Taulli, Tom. “What You Need To Know About Dark Data.” Forbes, 27 Oct. 2019. Accessed Oct. 2022.
    Taylor, Linnet. “What is data justice? The case for connecting digital rights and freedoms globally.“ Big Data & Society, July-Dec 2017. Accessed Aug 2022.
    “Twitter: Data Collection With API Research Paper.” IvyPanda, 28 April 2022. Accessed Aug. 2022.
    “Using governance automation to reduce data risk.” Nintex, 15 Nov. 2021. Accessed Oct. 2022
    “Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025.” Statista, 8 Sept. 2022. Accessed Oct 2022.
    Wang, R. “Monday's Musings: Beyond The Three V's of Big Data – Viscosity and Virality.” Forbes, 27 Feb. 2012. Accessed Aug 2022.
    “What is a data fabric?” IBM, n.d. Accessed Aug 2022.
    Yego, Kip. “Augmented data management: Data fabric versus data mesh.” IBM, 27 April 2022. Accessed Aug 2022.

    Enable Organization-Wide Collaboration by Scaling Agile

    • Buy Link or Shortcode: {j2store}174|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $12,989 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization is realizing benefits from adopting Agile principles and practices in pockets of your organization.
    • You are starting to investigate opportunities to extend Agile beyond these pilot implementations into other areas of the organization. You are looking for a coordinated approach aligned to business priorities.

    Our Advice

    Critical Insight

    • Not all lessons from a pilot project are transferable. Pilot processes are tailored to a specific project’s scope, team, and tools, and they may not account for the diverse attributes in your organization.
    • Control may be necessary for coordination. More moving parts means enforcing consistent cadences, reporting, and communication is a must if teams are not disciplined or lack good governance.
    • Scale Agile in departments tolerable to change. Incrementally roll Agile out in departments where its principles are accepted (e.g. a culture of continuous improvement, embracing failures as lessons).

    Impact and Result

    • Complete an Agile capability assessment of your pilot functional group to gauge anticipated Agile benefits. Identify the business objectives and the group drivers that are motivating a scaled Agile implementation.
    • Understand the challenges that you may face when scaling Agile. Investigate the root causes of inefficiencies that can derail your scaling initiatives.
    • Brainstorm solutions to your scaling challenges and envision a target state for your growing Agile environment. Your target state will discover new opportunities to drive more business value and eliminate current activities driving down productivity.
    • Coordinate the implementation and execution of scaling Agile initiatives with a Scaling Agile Playbook. This organic and collaborative document will lay out the process, roles, goals, and objectives needed to successfully manage your Agile environment.

    Enable Organization-Wide Collaboration by Scaling Agile Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should scale up Agile, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gauge readiness to scale up Agile

    Evaluate the readiness of the pilot functional group and Agile development processes to adopt scaled Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 1: Gauge Readiness to Scale Up Agile
    • Scaling Agile Playbook Template
    • Scrum Development Process Template

    2. Define scaled Agile target state

    Alleviate scaling issues and risks and introduce new opportunities to enhance business value delivery with Agile practices.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 2: Define Scaled Agile Target State

    3. Create implementation plan

    Roll out scaling Agile initiatives in a gradual, iterative approach and define the right metrics to demonstrate success.

    • Enable Organization-Wide Collaboration by Scaling Agile – Phase 3: Create Implementation Plan
    [infographic]

    Workshop: Enable Organization-Wide Collaboration by Scaling Agile

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Gauge Your Readiness to Scale Up Agile

    The Purpose

    Identify the business objectives and functional group drivers for adopting Agile practices to gauge the fit of scaling Agile.

    Select the pilot project to demonstrate the value of scaling Agile.

    Review and evaluate your current Agile development process and functional group structure.

    Key Benefits Achieved

    Understanding of the notable business and functional group gaps that can derail the scaling of Agile.

    Selection of a pilot program that will be used to gather metrics to continuously improve implementation and obtain buy-in for wider rollout.

    Realization of the root causes behind functional group and process issues in the current Agile implementation.

    Activities

    1.1 Assess your pilot functional group

    Outputs

    Fit assessment of functional group to pilot Agile scaling

    Selection of pilot program

    List of critical success factors

    2 Define Your Scaled Agile Target State

    The Purpose

    Think of solutions to address the root causes of current communication and process issues that can derail scaling initiatives.

    Brainstorm opportunities to enhance the delivery of business value to customers.

    Generate a target state for your scaled Agile implementation.

    Key Benefits Achieved

    Defined Agile capabilities and services of your functional group.

    Optimized functional group team structure, development process, and program framework to support scaled Agile in your context.

    Identification and accommodation of the risks associated with implementing and executing Agile capabilities.

    Activities

    2.1 Define Agile capabilities at scale

    2.2 Build your scaled Agile target state

    Outputs

    Solutions to scaling issues and opportunities to deliver more business value

    Agile capability map

    Functional group team structure, Agile development process and program framework optimized to support scaled Agile

    Risk assessment of scaling Agile initiatives

    3 Create Your Implementation Plan

    The Purpose

    List metrics to gauge the success of your scaling Agile implementation.

    Define the initiatives to scale Agile in your organization and to prepare for a wider rollout.

    Key Benefits Achieved

    Strategic selection of the right metrics to demonstrate the value of scaling Agile initiatives.

    Scaling Agile implementation roadmap based on current resource capacities, task complexities, and business priorities.

    Activities

    3.1 Create your implementation plan

    Outputs

    List of metrics to gauge scaling Agile success

    Scaling Agile implementation roadmap

    Master Contract Review and Negotiation for Software Agreements

    • Buy Link or Shortcode: {j2store}170|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Internal stakeholders usually have different – and often conflicting – needs and expectations that require careful facilitation and management.
    • Vendors have well-honed negotiating strategies. Without understanding your own position and leverage points, it’s difficult to withstand their persuasive – and sometimes pushy – tactics.
    • Software – and software licensing – is constantly changing, making it difficult to acquire and retain subject matter expertise.

    Our Advice

    Critical Insight

    • Conservatively, it’s possible to save 5% of the overall IT budget through comprehensive software contract review.
    • Focus on the terms and conditions, not just the price.
    • Learning to negotiate is crucial.

    Impact and Result

    • Look at your contract holistically to find cost savings.
    • Guide communication between vendors and your organization for the duration of contract negotiations.
    • Redline the terms and conditions of your software contract.
    • Prioritize crucial terms and conditions to negotiate.

    Master Contract Review and Negotiation for Software Agreements Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to redline and negotiate your software agreement, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Build and manage your stakeholder team, then document your business use case.

    • Master Contract Review and Negotiation for Software Agreements – Phase 1: Gather Requirements
    • RASCI Chart
    • Vendor Communication Management Plan
    • Software Business Use Case Template
    • SaaS TCO Calculator

    2. Redline contract

    Redline your proposed software contract.

    • Master Contract Review and Negotiation for Software Agreements – Phase 2: Redline Contract
    • Software Terms & Conditions Evaluation Tool
    • Software Buyer's Checklist

    3. Negotiate contract

    Create a thorough negotiation plan.

    • Master Contract Review and Negotiation for Software Agreements – Phase 3: Negotiate Contract
    • Controlled Vendor Communications Letter
    • Key Vendor Fiscal Year End Calendar
    • Contract Negotiation Tactics Playbook
    [infographic]

    Workshop: Master Contract Review and Negotiation for Software Agreements

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect and Review Data

    The Purpose

    Assemble documentation.

    Key Benefits Achieved

    Understand current position before going forward.

    Activities

    1.1 Assemble existing contracts.

    1.2 Document their strategic and tactical objectives.

    1.3 Identify current status of the vendor relationship and any historical context.

    1.4 Clarify goals for ideal future state.

    Outputs

    Business Use Case

    2 Define Business Use Case and Build Stakeholder Team

    The Purpose

    Define business use case and build stakeholder team.

    Key Benefits Achieved

    Create business use case to document functional and nonfunctional requirements.

    Build internal cross-functional stakeholder team to negotiate contract.

    Activities

    2.1 Establish negotiation team and define roles.

    2.2 Write communication plan.

    2.3 Complete business use case.

    Outputs

    RASCI Chart

    Vendor Communication Management Plan

    SaaS TCO Calculator

    Software Business Use Case

    3 Redline Contract

    The Purpose

    Examine terms and conditions and prioritize for negotiation.

    Key Benefits Achieved

    Discover cost savings.

    Improve agreement terms.

    Prioritize terms for negotiation.

    Activities

    3.1 Review general terms and conditions.

    3.2 Review license- and application-specific terms and conditions.

    3.3 Match to business and technical requirements.

    3.4 Redline agreement.

    Outputs

    Software Terms & Conditions Evaluation Tool

    Software Buyer’s Checklist

    4 Build Negotiation Strategy

    The Purpose

    Create a negotiation strategy.

    Key Benefits Achieved

    Establish controlled communication.

    Choose negotiation tactics.

    Plot negotiation timeline.

    Activities

    4.1 Review vendor- and application-specific negotiation tactics.

    4.2 Build negotiation strategy.

    Outputs

    Contract Negotiation Tactics Playbook

    Controlled Vendor Communications Letter

    Key Vendor Fiscal Year End Calendar

    Mitigate the Risk of Cloud Downtime and Data Loss

    • Buy Link or Shortcode: {j2store}412|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
    • IT leaders have limited control over third-party incidents and that includes cloud services. Yet they are on the hot seat when cloud services go down.
    • While vendors have swooped in to provide resilience options for the more-common SaaS solutions, it is not the case for all cloud services.

    Our Advice

    Critical Insight

    • No control over the software does not mean no recovery options. Solutions range from designing an IT workaround using alternate technologies to pre-defined third-party service continuity options (e.g. see options for O365) to business workarounds.
    • Even where there is limited control, you can at least define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.
    • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA issues and overall resilience gaps.

    Impact and Result

    • Follow a structured process to assess cloud resilience risk.
    • Identify opportunities to mitigate risk – at the very least, ensure critical data is protected.
    • Summarize cloud services risk, mitigation options, and incident response for senior leadership.

    Mitigate the Risk of Cloud Downtime and Data Loss Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Mitigate the Risk of Cloud Downtime and Data Loss – Step-by-step guide to assess risk, identify risk mitigation options, and create an incident response plan.

    Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds.

    • Mitigate the Risk of Cloud Downtime and Data Loss Storyboard

    2. Cloud Services Incident Risk and Mitigation Review – Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy.

    At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.

    • Cloud Services Incident Risk and Mitigation Review Tool

    3. SaaS Incident Response Workflows – Use these examples to guide your efforts to create cloud incident response workflows.

    The examples illustrate different approaches to incident response depending on the criticality of the service and options available.

    • SaaS Incident Response Workflows (Visio)
    • SaaS Incident Response Workflows (PDF)

    4. Cloud Services Resilience Summary – Use this template to capture your results.

    Summarize cloud services risk, mitigation options, and incident response for senior leadership.

    • Cloud Services Resilience Summary
    [infographic]

    Further reading

    Mitigate the Risk of Cloud Downtime and Data Loss

    Resilience and disaster recovery in an increasingly Cloudy and SaaSy world.

    Analyst Perspective

    If you think cloud means you don’t need a response plan, then get your resume ready.

    Frank Trovato

    Most organizations are now recognizing that they can’t ignore the risk of a cloud outage or data loss, and the challenge is “what can I do about it?” since there is limited control.

    If you still think “it’s in the cloud, so I don’t need to worry about it,” then get your resume ready. When O365 goes down, your executives are calling IT, not Microsoft, for an answer of what’s being done and what can they do in the meantime to get the business up and running again.

    The key is to recognize what you can control and what actions you can take to evaluate and mitigate risk. At a minimum, you can ensure senior leadership is aware of the risk and define a plan for how you will respond to an incident, even if that is limited to monitoring and communicating status.

    Often you can do more, including defining IT workarounds, backing up your SaaS data for additional protection, and using business process workarounds to bridge the gap, as illustrated in the case studies in this blueprint.

    Frank Trovato
    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Use this blueprint to expand your DRP and BCP to account for cloud services

    As more applications are migrated to cloud-based services, disaster recovery (DR) and business continuity plans (BCP) must include an understanding of cloud risks and actions to mitigate those risks. This includes evaluating vendor and service reliability and resilience, security measures, data protection capabilities, and technology and business workarounds if there is a cloud outage or incident.

    Use the risk assessments and cloud service incident response plans developed through this blueprint to supplement your DRP and BCP as well as further inform your crisis management plans (e.g. account for cloud risks in your crisis communication planning).

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s Disaster Recovery Planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit.

    Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
    • Migrating to cloud services transfers much of the responsibility for day-to-day platform maintenance but not accountability for resilience.
    • IT leaders are often responsible for not just the organization’s IT DRP but also BCP and other elements of overall resilience. Cloud risk adds another element IT leaders need to consider.
    • IT leaders have limited control over third-party incidents and that includes cloud services. With SaaS services in particular, recovery or continuity options may be limited.
    • While vendors have swooped in to provide resilience options for the more common SaaS solutions, that is not the case for all cloud services.
    • Part of the solution is defining business process workarounds and that depends on cooperation from business leaders.
    • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.
    • Adapt how you approach downtime and data loss risk, particularly for SaaS solutions where there is limited or no control over the system.
    • Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.

    Info-Tech Insight

    Asking vendors about their DRP, BCP, and overall resilience has become commonplace. Expect your vendors to provide answers so you can assess risk. Furthermore, your vendor may have additional offerings to increase resilience or recommendations for third parties who can further assist your goals of improving cloud service resilience.

    Key deliverable

    Cloud Services Resilience Summary

    Provide leadership with a summary of cloud risk, downtime workarounds implemented, and additional data protection.

    The image contains a screenshot of the Cloud Services Resilience Summary.

    Additional tools and templates in this blueprint

    Cloud Services Incident Risk and Mitigation Review Tool

    Use this tool to gather vendor input, evaluate vendor SLAs and overall resilience, and track your own risk mitigation efforts.

    The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

    SaaS Incident Response Workflows

    Use the examples in this document as a model to develop your own incident response workflows for cloud outages or data loss.

    The image contains a screenshot of the SaaS Incident Response Workflows.

    This blueprint will step you through the following actions to evaluate and mitigate cloud services risk

    1. Assess your cloud risk
    • Review your cloud services to determine potential impact of downtime/data loss, vendor SLA gaps, and vendor’s current resilience.
  • Identify options to mitigate risk
    • Explore your cloud vendor’s resilience offerings, third-party solutions, DIY recovery options, and business workarounds.
  • Create an incident response plan
    • Document your cloud risk mitigation strategy and incident response plan, which might include a failover strategy, data protection, and/or business continuity.

    Cloud Risk Mitigation

    Identify options to mitigate risk

    Create an incident response plan

    Assess risk

    Phase 1: Assess your cloud risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Cloud does not guarantee uptime

    Public cloud services (e.g. Azure, GCP, AWS) and popular SaaS solutions experience downtime every year.

    A few cloud outage examples:

    • Microsoft Azure AD outage, March 15, 2022:
      Many users could not log into O365, Dynamics, or the Azure Portal.
      Cause: software change.
    • Three AWS outages in December 2021: December 7 (Netflix and others impacted), December 15 (Duo, Zoom, Slack, others), December 20 (Slack, Epic Games, others). Cause: network issues, power outage.
    • Salesforce outage, May 12, 2022: Users could not access the Lightning platform. Cause: expired certificate.

    Cloud availability

    • Migrating to cloud services can improve availability, as they typically offer more resilience than most organizations can afford to implement themselves.
    • However, having multiple data centers, zones, and regions doesn’t prevent all outages, as we see every year with even the largest cloud vendors.

    DR challenges for IaaS, PaaS, and cloud-native

    While there are limits to what you control, often traditional “failover” DR strategy can apply.

    High-level challenges and resilience options:

    • IaaS: No control over the hardware, but you can failover to another region. This is fairly similar to traditional DR.
    • PaaS: No control over the software platform (e.g. SQL server as a service), but you can back up your data and explore vendor options to replicate your environment.
    • Cloud-native applications: As with PaaS, you can back up your data and explore vendor options to replicate your environment.

    Plan for resilience

    • Include DR requirements when designing cloud service implementation. For example, for IaaS solutions, identify what data would need to be replicated and what services may need to be “always on” (e.g. database services where high-availability is demanded).
    • Similarly, for PaaS and cloud-native solutions, consult your vendor regarding options to build in resilience options (e.g. ability to failover to another environment).

    DR challenges for SaaS solutions

    SaaS is the biggest challenge because you have no control over any part of the base application stack.

    High-level challenges and resilience options:

    • No control over the hardware (or the facility, maintenance processes, and so on).
    • No control over the base application (control is limited to configuration settings and add-on customizations or integrations).
    • Options to back up your data will depend on the service.

    Note: The rest of this blueprint is focused primarily on SaaS resilience due to the challenges listed here. For other cloud services, leverage traditional DR strategies and vendor management to mitigate risk (as summarized on the previous slides).

    Focus on what you can control

    • For SaaS solutions in particular, you must toss out traditional DR. If Salesforce has an outage, you won’t be involved in recovering the system.
    • Instead, DR for SaaS needs to focus on improving resilience where you do have control and implementing business workarounds to bridge the gap.

    Evaluate your cloud services to clarify your specific risks

    Time and money is limited, so focus first on cloud services that are most critical and evaluate the vendors’ SLA and existing resilience capabilities.

    The activities on the next two slides will evaluate risk through two approaches:

    Activity 1: Estimate potential impact of downtime and data loss to quantify the risk and determine which cloud services are most critical and need to be prioritized. This is done through a business impact analysis that assesses:

    • Impact on revenue or costs (if applicable).
    • Impact on reputation (e.g. customer impact).
    • Impact on regulatory compliance and health and safety (if applicable).

    Activity 2: Review the vendor to identify risks and gaps. Specifically, evaluate the following:

    • Incident Management SLAs (e.g. does the SLA include RTO/RPO commitments? Do they meet your requirements?)
    • Incident Response Preparedness (e.g. does the vendor have a DRP, BCP, and security incident response plan?)
    • Data Protection (e.g. does their backup strategy and data security meet your standards?)

    Activity 1: Quantify potential impact and prioritize cloud services using a business impact analysis (BIA)

    1-3 hours

    1. Download the latest version of our DRP BIA: DRP Business Impact Analysis Tool. The tool includes instructions.
    2. Include the cloud services you want to assess in the list of applications/systems (see the tool excerpt below), and follow the BIA methodology outlined in the Create a Right-Sized Disaster Recovery Plan blueprint.
    3. Use the results to quantify potential impact and prioritize your efforts on the most-critical cloud services.

    The image contains a screenshot of the DRP Business Impact Analysis Tool.

    Materials
    • DRP BIA Tool
    Participants
    • Core group of IT management and staff who can provide a well-rounded perspective on potential impact. They will create the first draft of the BIA.
    • Review the draft BIA with relevant business leaders to refine and validate the results.

    Activity 2: Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy

    1-3 hours

    Use the Cloud Services Incident Risk and Mitigation Review Tool as follows:

    1. Send the Vendor Questionnaire tab to your cloud vendors to gather input, and review your existing agreements.
    2. Copy the vendor responses into the tool (see the instructions in the tool) and evaluate. See the example excerpt below.
    3. Identify action items to clarify gaps or address risks. Some action items might not be defined yet and will need to wait until you have had a chance to further explore risk mitigation options.

    The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

    Materials
    • Cloud Services Incident Risk and Mitigation Review Tool
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.

    Phase 2: Identify options to mitigate risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Consult your vendor to identify options to improve resilience, as a starting point

    Your vendor might also be able to suggest third parties that offer additional support, backup, or service continuity options.

    • The Vendor Questionnaire tab in the Cloud Services Incident Risk and Mitigation Review Tool includes a section at the bottom where your vendor can name additional options to improve resilience (e.g. premium support packages, potentially their own DR services).
    • If your vendor has not completed that part of the questionnaire, meet with them to discuss this. Asking service vendors about resilience has become commonplace, so they should be prepared to answer questions about their own offerings and potentially can name trusted third-party vendors who can further assist you.
    • Leverage Info-Tech’s advisory services to evaluate options outlined by your vendor and potential third-party options (e.g. enterprise backup solutions that support backing up SaaS data).

    Some SaaS solutions have plenty of resilience options; others not so much

    • The pervasiveness of O365 has led vendors to close the service continuity gap, with options to send and receive email during an outage and back up your data.
    • With many SaaS solutions, there isn’t going to be a third-party service continuity option, but you might still be able to at least back up your data and implement business process workarounds to close the service gap.

    Example SaaS risk and mitigation: O365

    Risk

    • Several outages every year (e.g. MS Teams July 20, 2022).
    • SLA exceptions include “Scheduled Downtime,” which can occur with just five days’ notice.
    • The Recycling Bin is your data backup, depending on your setup.

    Options to mitigate risk (not an exhaustive list):

    • Third-party solutions for email service continuity.
    • Several backup vendors (e.g. Veeam, Rubrik) can protect most of your O365 suite.
    • Business continuity workarounds leveraging synced OneDrive, SharePoint, and Outlook (access to calendar invites).

    Example SaaS risk and mitigation: Salesforce

    Risk

    • Downtime has been infrequent, but Salesforce did have a major outage in May 2021 (DNS issue) and May 2022 (expired certificate).
    • At the time of this writing, the Main Services Agreement does not commit to a specific uptime value and specifies the usual exclusions.
    • Similarly, there are limited commitments regarding data protection.

    Options to mitigate risk (not an exhaustive list):

    • Salesforce provides a backup and restore service offering.
    • In addition, some third-party vendors support backing up Salesforce data for additional protection against data corruption or data loss.
    • Business continuity workarounds can further reduce the impact of downtime (e.g. record updates in MS Word and leverage Outlook for contact info until Salesforce is recovered).

    Establish a baseline standard for risk mitigation, regardless of cloud service

    At a minimum, set a goal to review vendor risk at least annually, define standard processes for monitoring outages, and review options to back up your SaaS data.

    Example baseline standard for cloud risk mitigation

    • Review vendor risk at least annually. This includes reviewing SLAs, vendor’s incident preparedness (e.g. do they have a current DRP, BCP, and Security IRP?), and the vendor’s data protection strategy.
    • Incident response plans must include, at a minimum, steps to monitor vendor outage and communicate status to relevant stakeholders. Where possible, business process workarounds are defined to bridge the service gap.
    • For critical data (based on your BIA and an evaluation of risk), maintain your own backups of SaaS data for additional protection.

    Embed risk mitigation standards into existing IT operations

    • Include specific SLA requirements, including incident management processes, in your RFP process and annual vendor review.
    • Define cloud incident response in your incident management procedures.
    • Include cloud data considerations in your backup strategy reviews.

    Phase 3: Create an incident response plan

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Activity 1: Review the example incident response workflows and case studies as a starting point

    1-3 hours

    1. Review the SaaS Incident Response Workflows examples. The examples illustrate different approaches to incident response depending on the criticality of the service and options available.
    2. Review the case studies on the next few slides, which further illustrate the resilience and incident response solutions implemented.
    3. Note the key elements:
    • Detection
    • Assessment
    • Monitoring status / contacting the vendor
    • Communication with key stakeholders
    • Invoking workarounds, if applicable

    Example SaaS Incident Response Workflow Excerpt

    The image contains a screenshot of an example of the SaaS Incident Response Workflow Excerpt.
    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Relevant business process owners to provide input and define business workarounds, where applicable.

    Case Study 1: Recovery plan for critical fundraising event

    If either critical SaaS dependency fails, the following plan is executed:

    1. Donors are redirected to a predefined alternate donation page hosted by a different service. The alternate page connects to the backup payment processing service (with predefined integrations).
    2. Marketing communications support the redirect.
    3. While the backup solution doesn’t gather as much data, the payment details provide enough information to follow up with donors where necessary.

    Criticality justified a failover option

    The Annual Day of Giving generates over 50% of fundraising for the year. It’s critically dependent on two SaaS solutions that host the donation page and payment processing.

    To mitigate the risk, the organization implemented the ability to failover to an alternate “environment” – much like a traditional DR solution – supported by workarounds to manage data collection.

    Case Study 2: Protecting customer data

    Daily exports from a SaaS-hosted donations site reduce potential data loss:

    1. Daily exports to a CRM support donor profile updates and follow-ups (tax receipts, thank-you letters, etc.).
    2. The exports also mitigate the risk of data loss due to an incident with the SaaS-hosted donation site.
    3. This company is exploring more-frequent exports to further reduce the risk of data loss.

    Protecting your data gives you options

    For critical data, do you want to rely solely on the vendor’s default backup strategy?

    If your SaaS vendor is hit by ransomware or if their backup frequency doesn’t meet your needs, having your own data backup gives you options.

    It can also support business process workarounds that need to access that data while waiting for SaaS recovery.

    Case Study 3: Recovery plan for payroll

    To enable a more accurate payroll workaround, the following is done:

    1. After each payroll run, export the payroll data from the SaaS solution to a secure location.
    2. If there is a SaaS outage when payroll must be submitted, the exported data can be modified and converted to an ACH file.
    3. The ACH file is submitted to the bank, which has preapproved this workaround.

    BCP can bridge the gap

    When leadership looks to IT to mitigate cloud risk, include BCP in the discussion.

    Payroll is a good example where the best recovery option might be a business continuity workaround.

    IT often still has a role in business continuity workarounds, as in this case study: specifically, providing a solution to modify and convert the payroll data to an ACH file.

    Activity 2: Run tabletop planning exercises as a starting point to build your incident response plan

    1-3 hours

    1. Follow the tabletop planning instructions provided in the Create a Right-Sized Disaster Recovery Plan blueprint.
    2. Run the exercise for each cloud service. Keep the scenario generic at first (e.g. cloud service is down with no reported root cause) so you can focus on your response. Capture response steps and gaps.
    3. Add complexity in subsequent exercises (e.g. data loss plus downtime), and use that to expand and refine the workflow as needed.
    4. Use the resulting workflows as the core piece of your incident response plan.
    5. Supplement the workflow with relevant checklists or procedures. At this point you can choose to incorporate this into your DRP or BCP or maintain these documents as supplements to those plans.
      See the DRP Case Study and BCP Case Study for an example of DRP-BCP documentation.

    Example tabletop planning results excerpt with gaps identified

    The image contains an example tabletop planning results excerpt with gaps identified.

    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Activity 3: Summarize cloud services resilience to inform senior leadership of current risks and mitigation efforts

    1-3 hours

    1. Use the Cloud Services Resilience Summary example as a template to capture the following:
    • The results of your vendor review (i.e. incident management SLAs, incident response preparedness, data protections strategy).
    • The current state of your downtime workarounds and additional data loss protection.
    • Your baseline standard for cloud services risk mitigation.
    • Summary of resilience, risks, workarounds, and data loss protection for each individual cloud service that you have reviewed.
  • Present the results to senior leadership to:
    • Highlight risks to inform business decisions to mitigate or accept those risks.
    • Summarize actions already taken to mitigate risks.
    • Communicate next steps (e.g. action items to address remaining risks).

    Cloud Services Resilience Summary – Table of Contents

    The image contains a screenshot of Cloud Services Resilience Summary – Table of Contents.
    Materials
    • Cloud Services Resilience Summary
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Summary: For cloud services, after evaluating risk, IT must adapt how they approach risk mitigation

    1. Identify failover options where possible
    • A failover strategy is possible for many cloud services (e.g. IaaS replication to another region, or failing over SaaS to an alternate solution as in case study 1).
  • At least protect your data
    • Explore supplementary backup options to protect against ransomware, data corruption, or data loss and support business continuity workarounds (see case study 2).
  • Leverage BCP to close the gap
    • This doesn’t absolve IT of its role in mitigating cloud incident risk, but business process workarounds can bridge the gap where IT options are limited (see case study 3).

    Related Info-Tech Research

    IT DRP Maturity Assessment

    Get an objective assessment of your DRP program and recommendations for improvement.

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Implement Crisis Management Best Practices

    Don’t be another example of what not to do. Implement an effective crisis response plan to minimize the impact on business continuity, reputation, and profitability.

    The Resilience Pack

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    The Resilience Pack

    All items you need to become resilient.

    Resilience results from a clear set of governance, mindset, attitudes and actions.

    If you have not yet read "What is resilience?" I can recommend it. This pack contains the elements to start your resilience journey.

    Contact us to get started

    With this pack, we give you the right direction to become resilient. Please contact us to discuss the options.
    Tymans Group also offers consulting, as well as an extension to EU DORA compliance. 

    Continue reading

    Build a Digital Workspace Strategy

    • Buy Link or Shortcode: {j2store}294|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Strategy
    • Parent Category Link: /end-user-computing-strategy
    • IT must figure out what a digital workspace is, why they’re building one, and what type they want.
    • Remote work creates challenges that cannot be solved by technology alone.
    • Focusing solely on technology risks building something the business doesn’t want or can’t use.

    Our Advice

    Critical Insight

    Building a smaller digital workspace doesn’t mean that the workspace will have a smaller impact on the business.

    Impact and Result

    • Partner with the business to create a team of digital workspace champions.
    • Empower employees with a tool that makes remote work easier.

    Build a Digital Workspace Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should partner with the business for building a digital workspace, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the digital workspace you want to build

    Create a list of benefits that the organization will find compelling and build a cross-functional team to champion the workspace.

    • Build a Digital Workspace Strategy – Phase 1: Identify the Digital Workspace You Want to Build
    • Digital Workspace Strategy Template
    • Digital Workspace Executive Presentation Template

    2. Identify high-level requirements

    Design the digital workspace’s value proposition to drive your requirements.

    • Build a Digital Workspace Strategy – Phase 2: Identify High-Level Requirements
    • Sample Digital Workspace Value Proposition
    • Flexible Work Location Policy
    • Flexible Work Time Policy
    • Flexible Work Time Off Policy
    • Mobile Device Remote Wipe Waiver Template
    • Mobile Device Connectivity & Allowance Policy
    • General Security – User Acceptable Use Policy

    3. Identify initiatives and a high-level roadmap

    Take an agile approach to building your digital workspace.

    • Build a Digital Workspace Strategy – Phase 3: Identify Initiatives and a High-Level Roadmap
    [infographic]

    Workshop: Build a Digital Workspace Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Digital Workspace You Want to Build

    The Purpose

    Ensure that the digital workspace addresses real problems the business is facing.

    Key Benefits Achieved

    Defined benefits that will address business problems

    Identified strategic business partners

    Activities

    1.1 Identify the digital workspace’s direction.

    1.2 Prioritize benefits and define a vision.

    1.3 Assemble a team of digital workspace champions.

    Outputs

    Vision statement

    Mission statement

    Guiding principles

    Prioritized business benefits

    Metrics and key performance indicators

    Service Owner, Business Owner, and Project Sponsor role definitions

    Project roles and responsibilities

    Operational roles and responsibilities

    2 Identify Business Requirements

    The Purpose

    Drive requirements through a well-designed value proposition.

    Key Benefits Achieved

    Identified requirements that are based in employees’ needs

    Activities

    2.1 Design the value proposition.

    2.2 Identify required policies.

    2.3 Identify required level of input from users and business units.

    2.4 Document requirements for user experiences, processes, and services.

    2.5 Identify in-scope training and culture requirements.

    Outputs

    Prioritized functionality requirements

    Value proposition for three business roles

    Value proposition for two service provider roles

    Policy requirements

    Interview and focus group plan

    Business process requirements

    Training and culture initiatives

    3 Identify IT and Service Provider Requirements

    The Purpose

    Ensure that technology is an enabler.

    Key Benefits Achieved

    Documented requirements for IT and service provider technology

    Activities

    3.1 Identify systems of record requirements.

    3.2 Identify requirements for apps.

    3.3 Identify information storage requirements.

    3.4 Identify management and security integrations.

    3.5 Identify requirements for internal and external partners.

    Outputs

    Requirements for systems for record

    Prioritized list of apps

    Storage system requirements

    Data and security requirements

    Outsourcing requirements

    Reduce Manual Repetitive Work With IT Automation

    • Buy Link or Shortcode: {j2store}458|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $34,099 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Our Advice

    Critical Insight

    • Optimize before you automate.
    • Foster an engineering mindset.
    • Build a process to iterate.

    Impact and Result

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Reduce Manual Repetitive Work With IT Automation Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you should reduce manual repetitive work with IT automation.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify automation candidates

    Select the top automation candidates to score some quick wins.

    • Reduce Manual Repetitive Work With IT Automation – Phase 1: Identify Automation Candidates
    • IT Automation Presentation
    • IT Automation Worksheet

    2. Map and optimize process flows

    Map and optimize process flows for each task you wish to automate.

    • Reduce Manual Repetitive Work With IT Automation – Phase 2: Map & Optimize Process Flows

    3. Build a process for managing automation

    Build a process around managing IT automation to drive value over the long term.

    • Reduce Manual Repetitive Work With IT Automation – Phase 3: Build a Process for Managing Automation

    4. Build automation roadmap

    Build a long-term roadmap to enhance your organization's automation capabilities.

    • Reduce Manual Repetitive Work With IT Automation – Phase 4: Build Automation Roadmap
    • IT Automation Roadmap
    [infographic]

    Workshop: Reduce Manual Repetitive Work With IT Automation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Candidates

    The Purpose

    Identify top candidates for automation.

    Key Benefits Achieved

    Plan to achieve quick wins with automation for early value.

    Activities

    1.1 Identify MRW pain points.

    1.2 Drill down pain points into tasks.

    1.3 Estimate the MRW involved in each task.

    1.4 Rank the tasks based on value and ease.

    1.5 Select top candidates and define metrics.

    1.6 Draft project charters.

    Outputs

    MRW pain points

    MRW tasks

    Estimate of MRW involved in each task

    Ranking of tasks for suitability for automation

    Top candidates for automation & success metrics

    Project charter(s)

    2 Map & Optimize Processes

    The Purpose

    Map and optimize the process flow of the top candidate(s).

    Key Benefits Achieved

    Requirements for automation of the top task(s).

    Activities

    2.1 Map process flows.

    2.2 Review and optimize process flows.

    2.3 Clarify logic and finalize future-state process flows.

    Outputs

    Current-state process flows

    Optimized process flows

    Future-state process flows with complete logic

    3 Build a Process for Managing Automation

    The Purpose

    Develop a lightweight process for rolling out automation and for managing the automation program.

    Key Benefits Achieved

    Ability to measure and to demonstrate success of each task automation, and of the program as a whole.

    Activities

    3.1 Kick off your test plan for each automation.

    3.2 Define process for automation rollout.

    3.3 Define process to manage your automation program.

    3.4 Define metrics to measure success of your automation program.

    Outputs

    Test plan considerations

    Automation rollout process

    Automation program management process

    Automation program metrics

    4 Build Automation Roadmap

    The Purpose

    Build a roadmap to enhance automation capabilities.

    Key Benefits Achieved

    A clear timeline of initiatives that will drive improvement in the automation program to reduce MRW.

    Activities

    4.1 Build a roadmap for next steps.

    Outputs

    IT automation roadmap

    Further reading

    Reduce Manual Repetitive Work With IT Automation

    Free up time for value-adding jobs.

    ANALYST PERSPECTIVE

    Automation cuts both ways.

    Automation can be very, very good, or very, very bad.
    Do it right, and you can make your life a whole lot easier.
    Do it wrong, and you can suffer some serious pain.
    All too often, automation is deployed willy-nilly, without regard to the overall systems or business processes in which it lives.
    IT professionals should follow a disciplined and consistent approach to automation to ensure that they maximize its value for their organization.

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive summary

    Situation

    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Complication

    • Automation is simple to say, but hard to implement.
    • Vendors claim automation will solve all your problems.
    • You have no process for managing automation.

    Resolution

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Info-Tech Insight

    1. Optimize before you automate.The current way isn’t necessarily the best way.
    2. Foster an engineering mindset.Your team members may not be process engineers, but they should learn to think like one.
    3. Build a process to iterate.Effective automation can't be a one-and-done. Define a lightweight process to manage your program.

    Infrastructure & operations teams are overloaded with work

    • DevOps and digital transformation initiatives demand increased speed.
    • I&O is still tasked with security and compliance and audit.
    • I&O is often overloaded and unable to keep up with demand.

    Manual repetitive work (MRW) sucks up time

    • Manual repetitive work is a fact of life in I&O.
    • DevOps circles refer to this type of work simply as “toil.”
    • Toil is like treading water: it must be done, but it consumes precious energy and effort just to stay in the same place.
    • Some amount of toil is inevitable, but it's important to measure and cap toil, so it does not end up overwhelming your team's whole capacity for engineering work.

    Info-Tech Insight

    Follow our methodology to focus IT automation on reducing toil.

    Manual hand-offs create costly delays

    • Every time there is a hand-off, we lose efficiency and productivity.
    • In addition to the cost of performing manual work itself, we must also consider the impact of lost productivity caused by the delay of waiting for that work to be performed.

    Every queue is a tire fire

    Queues create waste and are extremely damaging. Like a tire fire, once you get started, they’re almost impossible to stamp out!

    Increase queues if you want

    • “More overhead”
    • “Lower quality”
    • “More variability”
    • “Less motivation”
    • “Longer cycle time”
    • “Increased risk”

    (Source: Edwards, citing Donald G. Reinersten: The Principles of Product Development Flow: Second Generation Lean Product Development )

    Increasing complexity makes I&O’s job harder

    Every additional layer of complexity multiplies points of failure. Beyond a certain level of complexity, troubleshooting can become a nightmare.

    Today, Operations is responsible for the outcomes of a full stack of a very complex, software-defined, API-enabled system running on infrastructure they may or may not own.
    – Edwards

    Growing technical debt means an ever-rising workload

    • Enterprises naturally accumulate technical debt.
    • All technology requires care and feeding.
    • I&O cannot control how much technology it’s expected to support.
    • I&O faces a larger and larger workload as technical debt accumulates.

    The systems built under each new technology paradigm never fully replace the systems built under the old paradigms. It’s not uncommon for an enterprise to have an accumulation of systems built over 10-15 years and have no budget, risk appetite, or even a viable path to replace them all. With each shift, who bares [SIC] the brunt of the responsibility for making sure the old and the new hang together? Operations, of course. With each new advance, Operations juggles more complexity and more layers of legacy technologies than ever before.
    – Edwards

    Most IT shops can’t have a dedicated engineering team

    • In most organizations, the team that builds things is best equipped to support them.
    • Often the knowledge to design systems and the knowledge to run those systems naturally co-exists in the same personnel resources.
    • When your I&O team is trying to do engineering work, they can end up frequently interrupted to perform operational tasks.
    A Venn Diagram is depicted which compares People who build things with People who run things. the two circles are almost completely overlapping, indicating the strong connection between the two groups.

    Personnel resources in most IT organizations overlap heavily between “build” and “run.”

    IT operations must become an engineering practice

    • Usually you can’t double your staff or double their hours.
    • IT professionals must become engineers.
    • We do this by automating manual repetitive work and reducing toil.
    Two scenarios are depicted. The first scenario is found at a hypothetical work camp, in which one employee performs the task of manually splitting firewood with an axe. In order to split twice as much firewood, the employee would need to spend twice the time. The second scenario is Engineering Operations. in this scenario, a wood processor is used to automate the task, allowing far more wood to be split in same amount of time.

    Build your Sys Admin an Iron Man suit

    Some CIOs see a Sys Admin and want to replace them with a Roomba. I see a Sys Admin and want to build them an Iron Man suit.
    – Deepak Giridharagopal, CTO, Puppet

    Two Scenarios are depicted. In one, an employee is replaced by automation, represented by a Roomba, reducing costs by laying off a single employee. In the second scenario, the single employee is given automated tools to do their job, represented by an iron-man suit, leading to a 10X boost in employee productivity.

    Use automation to reduce risk

    Consistency

    When we automate, we can make sure we do something the same way every time and produce a consistent result.

    Auditing and Compliance

    We can design an automated execution that will ship logs that provide the context of the action for a detailed audit trail.

    Change

    • Enterprise environments are continually changing.
    • When context changes, so does the procedure.
    • You can update your docs all you want, but you can't make people read them before executing a procedure.
    • When you update the procedure itself, you can make sure it’s executed properly.

    Follow Info-Tech’s approach: Start small and snowball

    • It’s difficult for I&O to get the staffing resources it needs for engineering work.
    • Rather than trying to get buy-in for resources using a “top down” approach, Info-Tech recommends that I&O score some quick wins to build momentum.
    • Show success while giving your team the opportunity to build their engineering chops.

    Because the C-suite relies on upwards communication — often filtered and sanitized by the time it reaches them — executives don’t see the bottlenecks and broken processes that are stalling progress.
    – Andi Mann

    Info-Tech’s methodology employs a targeted approach

    • You aren’t going to automate IT operations end-to-end overnight.
    • In fact, such a large undertaking might be more effort than it’s worth.
    • Info-Tech’s methodology employs a targeted approach to identify which candidates will score some quick wins.
    • We’ll demonstrate success, gain momentum, and then iterate for continual improvement.

    Invest in automation to reap long-term rewards

    • All too often people think of automation like a vacuum cleaner you can buy once and then forget.
    • The reality is you need to perform care and feeding for automation like for any other process or program.
    • To reap the greatest rewards you must continually invest in automation – and invest wisely.

    To get the full ROI on your automation, you need to treat it like an employee. When you hire an employee, you invest in that person. You spend time and resources training and nurturing new employees so they can reach their full potential. The investment in a new employee is no different than your investment in automation.– Edwards

    Measure the success of your automation program

    Example of How to Estimate Dollar Value Impact of Automation
    Metric Timeline Target Value
    Hours of manual repetitive work 12 months 20% reduction $48,000/yr.(1)
    Hours of project capacity 18 months 30% increase $108,000/yr.(2)
    Downtime caused by errors 6 months 50% reduction $62,500/yr.(3)

    1 15 FTEs x 80k/yr.; 20% of time on MRW, reduced by 20%
    2 15 FTEs x 80k/yr.; 30% project capacity, increased by 30%
    3 25k/hr. of downtime.; 5 hours per year of downtime caused by errors

    Automating failover for disaster recovery

    CASE STUDY

    Industry Financial Services
    Source Interview

    Challenge

    An IT infrastructure manager had established DR failover procedures, but these required a lot of manual work to execute. His team lacked the expertise to build automation for the failover.

    Solution

    The manager hired consultants to build scripts that would execute portions of the failover and pause at certain points to report on outcomes and ask the human operator whether to proceed with the next step.

    Results

    The infrastructure team reduced their achievable RTOs as follows:
    Tier 1: 2.5h → 0.5h
    Tier 2: 4h → 1.5h
    Tier 3: 8h → 2.5h
    And now, anyone on the team could execute the entire failover!

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Reduce Manual Repetitive Work With IT Automation – project overview

    1. Select Candidates 2. Map Process Flows 3. Build Process 4. Build Roadmap
    Best-Practice Toolkit

    1.1 Identify MRW pain points

    1.2 Drill down pain points into tasks

    1.3 Estimate the MRW involved in each task

    1.4 Rank the tasks based on value and ease

    1.5 Select top candidates and define metrics

    1.6 Draft project charters

    2.1 Map process flows

    2.2 Review and optimize process flows

    2.3 Clarify logic and finalize future-state process flows

    3.1 Kick off your test plan for each automation

    3.2 Define process for automation rollout

    3.3 Define process to manage your automation program

    3.4 Define metrics to measure success of your automation program

    4.1 Build automation roadmap

    Guided Implementations

    Introduce methodology.

    Review automation candidates.

    Review success metrics.

    Review process flows.

    Review end-to-end process flows.

    Review testing considerations.

    Review automation SDLC.

    Review automation program metrics.

    Review automation roadmap.

    Onsite Workshop Module 1:
    Identify Automation Candidates
    Module 2:
    Map and Optimize Processes
    Module 3:
    Build a Process for Managing Automation
    Module 4:
    Build Automation Roadmap
    Phase 1 Results:
    Automation candidates and success metrics
    Phase 2 Results:
    End-to-end process flows for automation
    Phase 3 Results:
    Automation SDLC process, and automation program management process
    Phase 4 Results:
    Automation roadmap

    Become a Strategic CIO

    • Buy Link or Shortcode: {j2store}80|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a CIO, you are currently operating in a stable and trusted IT environment, but you would like to advance your role to strategic business partner.
    • CIOs are often overlooked as a strategic partner by their peers, and therefore face the challenge of proving they deserve a seat at the table.

    Our Advice

    Critical Insight

    • To become a strategic business partner, you must think and act as a business person that works in IT, rather than an IT person that works for the business.
    • Career advancement is not a solo effort. Building relationships with your executive business stakeholders will be critical to becoming a respected business partner.

    Impact and Result

    • Create a personal development plan and stakeholder management strategy to accelerate your career and become a strategic business partner. For a CIO to be considered a strategic business partner, he or she must be able to:
      • Act as a business person that works in IT, rather than an IT person that works for the business. This involves meeting executive stakeholder expectations, facilitating innovation, and managing stakeholder relationships.
      • Align IT with the customer. This involves providing business stakeholders with information to support stronger decision making, keeping up with disruptive technologies, and constantly adapting to the ever-changing end-customer needs.
      • Manage talent and change. This involves performing strategic workforce planning, and being actively engaged in identifying opportunities to introduce change in your organization, suggesting ways to improve, and then acting on them.

    Become a Strategic CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should become a strategic CIO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.

    • Become a Strategic CIO – Phase 1: Launch

    2. Assess

    Evaluate strategic CIO competencies and business stakeholder relationships.

    • Become a Strategic CIO – Phase 2: Assess
    • CIO Strategic Competency Evaluation Tool
    • CIO Stakeholder Power Map Template

    3. Plan

    Create a personal development plan and stakeholder management strategy.

    • Become a Strategic CIO – Phase 3: Plan
    • CIO Personal Development Plan
    • CIO Stakeholder Management Strategy Template

    4. Execute

    Develop a scorecard to track personal development initiatives.

    • Become a Strategic CIO – Phase 4: Execute
    • CIO Strategic Competency Scorecard
    [infographic]

    Workshop: Become a Strategic CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Competencies & Stakeholder Relationships

    The Purpose

    Gather and review information from business stakeholders.

    Assess strategic CIO competencies and business stakeholder relationships.

    Key Benefits Achieved

    Gathered information to create a personal development plan and stakeholder management strategy.

    Analyzed the information from diagnostics and determined the appropriate next steps.

    Identified and prioritized strategic CIO competency gaps.

    Evaluated the power, impact, and support of key business stakeholders.

    Activities

    1.1 Conduct CIO Business Vision diagnostic

    1.2 Conduct CXO-CIO Alignment program

    1.3 Assess CIO competencies

    1.4 Assess business stakeholder relationships

    Outputs

    CIO Business Vision results

    CXO-CIO Alignment Program results

    CIO competency gaps

    Executive Stakeholder Power Map

    2 Take Control of Your Personal Development

    The Purpose

    Create a personal development plan and stakeholder management strategy.

    Track your personal development and establish checkpoints to revise initiatives.

    Key Benefits Achieved

    Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.

    Identified key performance indicators and benchmarks/targets to track competency development.

    Activities

    2.1 Create a personal development plan

    2.2 Create a stakeholder management strategy

    2.3 Establish key performance indicators and benchmarks/targets

    Outputs

    Personal Development Plan

    Stakeholder Management Strategy

    Strategic CIO Competency Scorecard

    Minimize the Damage of IT Cost Cuts

    • Buy Link or Shortcode: {j2store}53|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Average growth rates for Opex and Capex budgets are expected to continue to decline over the next fiscal year.
    • Common “quick-win” cost-cutting initiatives are not enough to satisfy the organization’s mandate.
    • Cost-cutting initiatives often take longer than expected, failing to provide cost savings before the organization’s deadline.
    • Cost-optimization projects often have unanticipated consequences that offset potential cost savings and result in business dissatisfaction.

    Our Advice

    Critical Insight

    • IT costs affect the entire business, not just IT. For this reason, IT must work with the business collaboratively to convey the full implications of IT cost cuts.
    • Avoid making all your cuts at once; phase your cuts by taking into account the magnitude and urgency of your cuts and avoid unintended consequences.
    • Don’t be afraid to completely cut a service if it should not be delivered in the first place.

    Impact and Result

    • Take a value-based approach to cost optimization.
    • Reduce IT spend while continuing to deliver the most important services.
    • Involve the business in the cost-cutting process.
    • Develop a plan for cost cutting that avoids unintended interruptions to the business.

    Minimize the Damage of IT Cost Cuts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take a value-based approach to cutting IT costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the mandate and take immediate action

    Determine your approach for cutting costs.

    • Minimize the Damage of IT Cost Cuts – Phase 1: Understand the Mandate and Take Immediate Action
    • Cost-Cutting Plan
    • Cost-Cutting Planning Tool

    2. Select cost-cutting initiatives

    Identify the cost-cutting initiatives and design your roadmap.

    • Minimize the Damage of IT Cost Cuts – Phase 2: Select Cost-Cutting Initiatives

    3. Get approval for your cost-cutting plan and adopt change management best practices

    Communicate your roadmap to the business and attain approval.

    • Minimize the Damage of IT Cost Cuts – Phase 3: Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices
    • IT Personnel Engagement Plan
    • Stakeholder Communication Planning Tool
    [infographic]

    Workshop: Minimize the Damage of IT Cost Cuts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Mandate and Take Immediate Action

    The Purpose

    Determine your cost-optimization stance.

    Build momentum with quick wins.

    Key Benefits Achieved

    Understand the internal and external drivers behind your cost-cutting mandate and the types of initiatives that align with it.

    Activities

    1.1 Develop SMART project metrics.

    1.2 Dissect the mandate.

    1.3 Identify your cost-cutting stance.

    1.4 Select and implement quick wins.

    1.5 Plan to report progress to Finance.

    Outputs

    Project metrics and mandate documentation

    List of quick-win initiatives

    2 Select Cost-Cutting Initiatives

    The Purpose

    Create the plan for your cost-cutting initiatives.

    Key Benefits Achieved

    Choose the correct initiatives for your roadmap.

    Create a sensible and intelligent roadmap for the cost-cutting initiatives.

    Activities

    2.1 Identify cost-cutting initiatives.

    2.2 Select initiatives.

    2.3 Build a roadmap.

    Outputs

    High-level cost-cutting initiatives

    Cost-cutting roadmap

    3 Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices

    The Purpose

    Finalize the cost-cutting plan and present it to the business.

    Key Benefits Achieved

    Attain engagement with key stakeholders.

    Activities

    3.1 Customize your cost-cutting plan.

    3.2 Create stakeholder engagement plans.

    3.3 Monitor cost savings.

    Outputs

    Cost-cutting plan

    Stakeholder engagement plan

    Cost-monitoring plan

    Select a Sourcing Partner for Your Development Team

    • Buy Link or Shortcode: {j2store}508|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Application Development
    • Parent Category Link: /application-development
    • You have identified that a change to your sourcing strategy is required, based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improved financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to prevent losing clients and falling further behind your performance targets and your market.

    Our Advice

    Critical Insight

    Selecting a sourcing partner is a function of matching complex factors to your own firm. It is not a simple RFP exercise; it requires significant introspection, proactive planning, and in-depth investigation of potential partners to choose the right fit.

    Impact and Result

    Choosing the right sourcing partner is a four-step process:

    1. Assess your companies' skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on the choice of partner, build a plan to implement the partnership, define metrics to measure success, and a process to monitor.

    Select a Sourcing Partner for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Sourcing Partner for Your Development Team Storyboard – Use this presentation to select a partner to best fit your sourcing needs and deliver long-term value.

    This project helps select a partner for sourcing of your development team so that you can realize the benefits from changing your sourcing strategy.

    • Select a Sourcing Partner for Your Development Team Storyboard

    2. Select a Sourcing Partner for Your Development Team Presentation Template – Use this template to build a presentation to detail your decision on a sourcing partner for your development team.

    This presentation template is designed to capture the results from the exercises within the storyboard and allow users to build a presentation to leadership showing how selection was done.

    • Select a Sourcing Partner for Your Development Team Presentation Template

    3. Select a Sourcing Partner for Your Development Team Presentation Example – Use this as a completed example of the template.

    This presentation template portrays what the completed template looks like by showing sample data in all tables. It allows members to see how each exercise leads to the final selection of a partner.

    • Select a Sourcing Partner for Your Development Team Example Template
    [infographic]

    Further reading

    Select a Sourcing Partner for Your Application Development Team

    Choose the right partner to enable your firm to maximize the value realized from your sourcing strategy.

    Analyst Perspective

    Selecting the right partner for your sourcing needs is no longer a cost-based exercise. Driving long-term value comes from selecting the partner who best matches your firm on a wide swath of factors and fits your needs like a glove.

    Sourcing in the past dealt with a different kind of conversation involving two key questions:

    Where will the work be done?

    How much will it cost?

    How people think about sourcing has changed significantly. People are focused on gaining a partner, and not just a vendor to execute a single transaction. They will add skills your team lacks, and an ability to adapt to your changing needs, all while ensuring you operate within any constraints based on your business.

    Selecting a sourcing partner is a matching exercise that requires you to look deep into yourself, understand key factors about your firm, and then seek the partner who best meets your profile.

    The image contains a picture of Dr. Suneel Ghei.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You have identified that a change to your sourcing strategy is required based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improve financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to avoid falling further behind your performance targets and your market, and losing clients.

    Almost half of all sourcing initiatives do not realize the projected savings, and the biggest reason is the choice of partner.

    The market for Application Development partners has become more diverse, increasing choice and the risk of making a costly mistake by choosing the wrong partner.

    Firms struggle with how best to support the sourcing partner and allocate resources with the right skills to maximize success, increasing the cost and time to implement, and limiting benefits.

    Making the wrong choice means inferior products, and higher costs and losing both clients and reputation.

    • Choosing the right sourcing partner is a four-step process:
    1. Assess your company's skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on your choice of partner, build a plan to implement the partnership, and define metrics to measure success and a process to monitor.

    Info-Tech Insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    You need a new source for development resources

    You are facing immediate challenges that require a new approach to development resourcing.

    • Your firm is under fire; you are facing pressures financially from clients and your competitors.
    • Your pace of innovation and talent sourcing is too slow and too limiting.
    • Your competition is moving faster and your clients are considering their options.
    • Revenues and costs of development are trending in the wrong direction.
    • You need to act now to avoid spiraling further.

    Given how critical our applications are to the business and our clients, there is no room for error in choosing our partner.

    A study of 121 firms outsourcing various processes found that 50% of those surveyed saw no gains from the outsourcing arrangement, so it is critical to make the right choice the first time.

    Source: Zhang et al

    Big challenges await you on the journey

    The road to improving sourcing has many potholes.

    • In a study of 121 firms who moved development offshore, almost 50% of all outsourcing and offshoring initiatives do not achieve the desired results.
    • In another study focused on large corporations, it was shown that 70% of respondents saw negative outcomes from offshoring development.
    • Globalization of IT Services and the ability to work from anywhere have contributed to a significant increase in the number of development firms to choose from.
    • Choosing and implementing a new partner is costly, and the cost of choosing the wrong partner and then trying to correct your course is significant in dollars and reputation:
      • Costs to find a new partner and transition
      • Lost revenue due to product issues
      • Loss of brand and reputation due to poor choice
    • The wrong choice can also cost you in terms of your own resources, increasing the risk of losing more knowledge and skills.

    A survey of 25 large corporate firms that outsourced development offshore found that 70% of them had negative outcomes.

    (Source: University of Oregon Applied Information Management, 2019)

    Info-Tech’s approach

    Selecting the right partner is a matching exercise.

    Selecting the right partner is a complex exercise with many factors

    1. Look inward. Assess your culture, your skills, and your needs.
    • Market
    • People
    • Culture
    • Technical aspects
  • Create a profile for the perfect partner to fit your firm.
    • Sourcing Strategy
    • Priorities
    • Profile
  • Find the partner that best fits your needs
    • Define RFx
    • Target Partners
    • Evaluate
  • Implement the partner and put in metrics and process to manage.
    • Contract Partner
    • Develop Goals
    • Create Process and Metrics

    The Info-Tech difference:

    1. Assess your own organization’s characteristics and capabilities in four key areas.
    2. Based on these characteristics and the sourcing strategy you are seeking to implement, build a profile for your perfect partner.
    3. Define an RFx and assessment matrix to survey the market and select the best partner.
    4. Implement the partner with process and controls to manage the relationship, built collaboratively and in place day 1.

    Insight summary

    Overarching insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    Phase 1 insight

    Fitting each of these pieces to the right partner is key to building a long-term relationship of value.

    Selecting a partner requires you to look at your firm in depth from a business, technical, and organizational culture perspective.

    Phase 2 insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Phase 3/4 insight

    Implement the relationship the same way you want it to work, as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. By making this transparent you hasten the development of a joint team, which will lead to long-term success.

    Tactical insight

    Ensure you assess not just where you are but where you are going, in choosing a partner. For example, you must consider future markets you might enter when choosing the right sourcing, or outsourcing location to maintain compliance.

    Tactical insight

    Sourcing is not a replacement for your full team. Skills must be maintained in house as well, so the partner must be willing to work with the in-house team to share knowledge and collaborate on deliverables.

    Addressing the myth – Single country offshoring or outsourcing

    Research shows that a multi-country approach has a higher chance of success.

    • Research shows that firms trying their own captive development centers fail 20% of the time. ( Journal of Information Technology, 2008)
    • Further, the overall cost of ownership for an offshore center has shown to be significantly higher than the cost of outsourcing, as the offshore center requires more internal management and leadership.
    • Research shows that offshoring requires the offshore location to also house business team members to allow key relationships to be built and ensure more access to expertise. (Arxiv, 2021)
    • Given the specificity of employment laws, cultural differences, and leadership needs, it is very beneficial to have a Corporate HR presence in countries where an offshore center is being set up. (Arxiv, 2021)
    • Lastly, given the changing climate on security, geopolitical changes, and economic factors, our research with service providers and corporate clients shows a need to have more diversity in provider location than a single center can provide.

    Info-Tech Insight

    Long-term success of sourcing requires more than a development center. It requires a location that houses business and HR staff to enable the new development team to learn and succeed.

    Addressing the myth – Outsourcing is a simple RFP for skills and lowest cost

    Success in outsourcing is an exercise in finding a match based on complex factors.

    • In the past, outsourcing was a simple RFP exercise to find the cheapest country with the skills.
    • Our research shows this is no longer true; the decision is now more complex.
    • Competition has driven costs higher, while time business integration and security constraints have served to limit the markets available.
    • Company culture fit is key to the ability to work as one team, which research shows is a key element in delivery of long-term value. (University of Oregon, 2019).
    • These are some of the many factors that need to be considered as you choose your outsourcing partner.
    • The right decision is to find the vendor that best matches the current state of your culture, meets your market constraints, and will allow for best integration to your team – it's not about cheapest or pure skills. (IEEE Access, 2020)

    Info-Tech Insight

    Finding the right outsourcing vendor is an exercise in knowing yourself and then finding the best match to align with your key traits. It's not just costs and skills, but the partner who best matches with your ability to mitigate the risks of outsourcing.

    Phase 1

    Look inward to gain insight on key factors

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will walk you through assessing and documenting the key driving factors about your firm and the current situation.

    By defining these factors, you will be able to apply this information in the matching process to select the best fit in a partner.

    This phase involves the following participants:

    Line of Business leaders

    Technology leaders

    Key criteria to assess your firm

    Research shows firms must assess themselves in different areas.

    Market factors

    • Who are your clients and your competitors, and what legal constraints do you face?

    People / Process factors

    • What employee skills are you seeking, what is your maturity in product management and stakeholder engagement, and what languages are spoken most predominantly?

    Cultural factors

    • What is your culture around communications, collaboration, change management, and conflict resolution?

    Technical factors

    • What is your current / future technical platform, and what is the maturity of your applications?

    Info-Tech Best Practice

    When assessing these areas, consider where you are today and where you want to go tomorrow, as choosing a partner is a long-term endeavor.

    Step 1.1

    Assess your market factors

    Activities

    1.1.1 Review your client list and future projections to determine your market factors.

    1.1.2 Review your competitive analysis to determine your competitive factors

    This step involves the following participants:

    Business leaders

    Product Owners

    Technology leaders

    Outcomes of this step

    Details of key market factors that will drive the selection of the right partner.

    Market factors

    The Market has a lot to say about the best match for your application development partner.

    Research in the space has defined key market-based factors that are critical when selecting a partner.

    1. Market sectors you service or plan to service – This is critical, as many market sectors have constraints on where their data can be accessed or stored. These restrictions also change over time, so they must be consistently reviewed.
    • E.g. Canadian government data must be stored and only accessed in Canada.
    • E.g. US Government contracts require service providers to avoid certain countries.
  • Your competitors – Your competitors can often seize on differences and turn them to differentiators; for example, offshoring to certain countries can be played up as a risk by a competitor who does all their work in a particular country.
  • Your clients – Research shows that clients can have very distinct views on services being performed in certain countries due to perceived risk, culture, and geopolitical factors. Understanding the views of major clients on globalization of services is a key factor in maintaining client satisfaction.
  • Info-Tech Insight

    Understanding your current and future market factors ensure that your business can not only be successful with the chosen partner today, but also in the future.

    1.1.1 Assess your market factors

    30 min

    Market factors

    1. Group your current client list into three categories:
      1. Those that have no restrictions on data security, privacy or location.
      2. Those that ask for assurances on data security, privacy and location.
      3. Those clients who have compliance restrictions related to data security, privacy, and location.
    2. Categorize future markets into the same three categories.
    3. Based on revenue projections, estimate the revenue from each category as a percentage of your total revenue.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Assess your market factors

    Market and sector

    Market share and constraints

    Market category

    Sector – Public, private or both

    Market share of category

    Key areas of concern

    Not constrained by data privacy, security or location

    Private

    50%

    Require assurances on data security, privacy or location

    Public

    45%

    Data access

    Have constraints that preclude choices related to data security, privacy and location

    Public

    5%

    Data residency

    1.1.2 Review your competitive factors

    30 min

    Competitive factors

    1. List your largest competitors.
    2. Document their sourcing strategies for their development team – are they all onshore or nearshore? Do they outsource?
    3. Based on this, identify competitive threats based on changing sourcing strategies.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Review your competitive factors

    Competitors

    Competitor sourcing strategy

    Competitive threats

    Competitor

    Where is the market?

    Is this onshore / near shore / offshore?

    Data residency

    How could competitors take advantage of a change in our sourcing strategy?

    Competitor X

    Canada / US

    All work done in house and onshore

    Kept in Canada / US

    If we source offshore, we will face a Made in Canada / US threat

    Step 1.2

    Consider your people-related factors

    Activities

    1.2.1 Define your people factors

    1.2.2 Assess your process factors

    This step involves the following participants:

    Technical leaders

    Outcomes of this step

    Details of key people factors that will drive the selection of the right partner.

    People / process factors

    People and process have a large hand in the success or failure of a partner relationship.

    • Alignment of people and process are critical to the success of the partner relationship over the long term.
    • In research on outsourcing / offshoring, Rahman et al identified ten factors that directly impact success or failure in offshoring or outsourcing of development.
    • Key among them are the following:
      • Employee skills
      • Project management
      • Maturity of process concerning product and client management
      • Language barrier

    Info-Tech Insight

    People are a critical resource in any sourcing strategy. Making sure the people and the processes will mesh seamlessly is how to ensure success.

    1.2.1 Define your people factors

    30 min

    Skills Inventory

    1. List skills needed in the development team to service current needs.
    2. Based on future innovation and product direction, add skills you foresee needing in the next 12-24 months. Where do you see a new technology platform (e.g. move from .NET to Java) or innovation (addition of Mobile)?
    3. List current skills present in the team.
    4. Identify skills gaps.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your people - Skills inventory

    Skills required

    Strategic value

    Skills present

    Skill you are seeking

    Required today or in the future

    Rate the skill level required in this area

    Is this a strategic focus for the firm for future targets?

    Is this skill present in the team today?

    Rate current skill level (H/M/L)

    Java Development

    Future

    High

    Yes

    No

    Low

    .Net Development

    Today

    Med

    No

    Yes

    High

    1.2.2 Assess your process factors

    30 min

    Process factors

    1. Do you have a defined product ownership practice?
    2. How mature is the product ownership for the product you are seeking to change sourcing for (H/M/L)?
    3. Do you have project management principles and governance in place for software releases?
    4. What is the relative maturity / skill in the areas you are seeking sourcing for (H/M/L)?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your process factors

    Product ownership

    Project management

    Product where sourcing is being changed

    Product ownership in place?

    Skills / maturity rating (H/M/L)

    Project management / governance in place for software releases

    Rate current maturity / skill level (H/M/L)

    ABC

    Yes

    High

    Yes

    High

    SQW

    No

    Low

    Yes

    High

    Step 1.3

    Review your current culture

    Activities

    1.3.1 Assess your communications factors

    1.3.2 Assess your conflict resolution factors

    This step involves the following participants:

    Technical leaders

    Product owners

    Project managers

    Outcomes of this step

    Details of key culture factors that will drive the selection of the right partner.

    Cultural factors

    Organization culture fit is a driver of collaboration between the teams, which drives success.

    • In their study of country attractiveness for sourcing development, Kotlarsky and Oshri point to the ability of the client and their sourcing partner to work as one team as a key to success.
    • This requires synergies in many cultural factors to avoid costly miscommunications and misinterpretations that damage collaboration.
    • Key factors in achieving this are:
      • Communications methodology and frequency; managing and communicating to the teams as one team vs two, and communicating at all levels, vs top down.
      • Managing the team as one integrated team, with collaboration enabled between all resources, rather than the more adversarial client vs partner approach.
      • Conflict resolution strategies must align so all members of the extended team work together to resolve conflict vs the traditional “Blame the Contractors”.
      • Strong change management is required to keep all team members aligned.

    Info-Tech Insight

    Synergy of culture is what enables a good partner selection to become a long-term relationship of value.

    1.3.1 Assess your communications factors

    30 min

    1. List all the methods you use to communicate with your development team – face to face, email, conference call, written.
    2. For each form of communication confirm frequency, medium, and audience (team vs one-on-one)
    3. Confirm if these communications take into account External vs Internal resources and different time zones, languages, and cultures.
    4. Is your development team broken up into teams by function, by location, by skill, etc., or do you operate as one team?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your communications strategy

    Communications

    Type

    Frequency

    Audience

    One communication or one per audience?

    Level of two-way dialogue

    Face-to-face team meetings

    Weekly

    All developers

    One

    High

    Daily standup

    Daily

    Per team

    One per audience

    Low

    1.3.2 Assess your conflict resolution factors

    30 min

    1. How does your organization handle the following types of conflict? Rate from 1-5, with 1 being hierarchical and 5 being openly collaborative.
      1. Developers on a team disagree.
      2. Development team disagrees with manager.
      3. Development team disagrees with product owner.
      4. Development team disagrees with line of business.
    2. Rate each conflict resolution strategy based on effectiveness.
    3. Confirm if this type of strategy is used for internal and external resources, or internal only.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your conflict resolution strategy

    Conflict

    Resolution strategy

    Effectiveness

    Audience

    Conflict type

    Rate the resolution strategy from hierarchical to collaborative (1-5)

    How effective is this method of resolution from 1-5?

    Is this strategy used for external parties as well as internal?

    Developer to product owner

    44

    Yes

    Developer to manager

    12

    Yes

    Step 1.4

    Document your technical factors

    Activities

    1.4.1 Document your product / platform factors

    1.4.2 Document your environment details

    This step involves the following participants:

    Technical leaders

    Product owners

    Outcomes of this step

    Details of key technical factors that will drive the selection of the right partner.

    Technical factors

    Technical factors are still the foundation for a Development sourcing relationship.

    • While there are many organizational factors to consider, the matching of technological factors is still the root on which the sourcing relationship is built; the end goal is to build better software.
    • Key technical Items that need to be aligned based on the research are:
      • Technical infrastructure
      • Development environments
      • Development methodology and tools
      • Deployment methodology and tools
      • Lack of/poor-quality technical documentation
    • Most RFPs focus purely on skills, but without alignment on the above items, work becomes impossible to move forward quickly, limiting the chances of success.

    Info-Tech Insight

    Technical factors are the glue that enables teams to function together. Ensuring that they are fully integrated is what enables team integration; seams in that integration represent failure points.

    1.4.1 Document your product / platform factors

    30 mins

    1. How many environments does each software release go through from the start of development through release to production?
    2. What is the infrastructure and development platform?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document your product / platform

    Product / Platform

    Product you are seeking a sourcing solution for

    What is the current infrastructure platform?

    How many environments does the product pass through?

    What is the current development toolset?

    ABC

    Windows

    Dev – QA – Preprod - Prod

    .Net / Visual Studio

    1.4.2 Document your environment details

    30 min

    For each environment detail the following:

    1. Environment on premises or in cloud
    2. Access allowed to external parties
    3. Production data present and unmasked
    4. Deployment process: automated or manual
    5. Tools used for automated deployment
    6. Can the environment be restored to last known state automatically?
    7. Does documentation exist on the environment, processes and procedures?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document Your Environment Details

    Environment

    Location

    Access

    Deployment

    Data

    Name of Environment

    Is the environment on premises or in the cloud (which cloud)?

    Is external access allowed?

    Is deployment automated or manual?

    Tool used for deployment

    Is reset automated?

    Does the environment contain unmasked production data?

    Dev

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    QA

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    Preprod

    On Premises

    No

    Manual

    N/A

    No

    Yes

    Phase 2

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will help you to build a profile of the partner you should target in your search for a sourcing partner.

    This phase involves the following participants:

    Technology leaders

    Procurement leaders

    Product owners

    Project managers

    Build a profile for the right partner

    • Finding the perfect partner is a puzzle to solve, an exercise between the firm and the partners.
    • It is necessary to be able to prioritize and to identify opportunities where you can adapt to create a fit.
    • You must also bring forward the sourcing model you are seeking and prioritize factors based on that; for example, if you are seeking a nearshore partner, language may be less of a factor.

    Review factors based on sourcing choice

    Different factors are more important depending on whether you are insourcing or outsourcing.

    Key risks for insourcing

    • Alignment on communication strategy and method
    • Ability to align culturally
    • Need for face-to-face relationship building
    • Need for coaching skills

    Key risks for outsourcing

    • Giving control to the vendor
    • Legal and regulatory issues
    • Lack of knowledge at the vendor
    • Language and cultural fit

    Assessing your firm's position

    • The model you derived from the Sourcing Strategy research will inform the prioritization of factors for matching partners.

    Info-Tech Insight

    To find the best location for insourcing, or the best vendor for outsourcing, you need to identify your firm's positions on key risk areas.

    Step 2.1

    Recall your sourcing strategy

    Activities

    2.1.1 Define the key factors in your sourcing strategy

    This step involves the following participants:

    Technology Leaders

    Outcomes of this step

    Documentation of the Sourcing Strategy you arrived at in the Define a Sourcing Strategy exercises

    Choosing the right model

    The image contains a screenshot of the legend that will be used down below. The legend contains circles, from the left there is a empty circle, a one quarter filled circle, half filled circle, three-quarter filled circle , and a fully filled in circle.

    Determinant

    Key Questions to Ask

    Onshore

    Nearshore

    Offshore

    Outsource role(s)

    Outsource team

    Outsource product(s)

    Business dependence

    How much do you rely on business resources during the development cycle?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Absorptive capacity

    How successful has the organization been at bringing outside knowledge back into the firm?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Integration complexity

    How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Product ownership

    Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Organization culture fit

    What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Vendor mgmt skills

    What is your skill level in vendor management? How old are your longest-standing vendor relationships?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    2.1.1 Define the key factors in your sourcing strategy

    30 min

    For each product you are seeking a sourcing strategy for, document the following:

    1. Product or team name.
    2. Sourcing strategy based on Define a Sourcing Strategy.
    3. The primary drivers that led to this selection – Business Dependence, Absorptive Capacity, Integration Complexity, Product Ownership, Culture or Vendor Management.
    4. The reasoning for the selection based on that factor – e.g. we chose nearshoring based on high business dependence by our development team.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Sourcing Strategy from Define a Sourcing Strategy for your Development Team
    • Reasoning that drove the sourcing strategy selection
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leadership

    Define sourcing strategy factors

    Sourcing strategy

    Factors that led to selection

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to that choice

    Reasoning

    ABC

    Outsourcing - Offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership and low requirement for direct business involvement.

    Mature product with lower environments in cloud.

    Step 2.2

    Prioritize your company factors

    Activities

    2.2.1 Prioritize the factors from your sourcing strategy and confirm if mitigation or adaptation are possible.

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Prioritized list of key factors

    2.2.1 Prioritize your sourcing strategy factors

    30 min

    1. For each of the factors listed in exercise 2.1, prioritize them by importance to the firm.
    2. For each factor, please confirm if there is room to drive change internally to overcome the lack of a match – for example, if the culture being changed in language and conflict resolution is an option, then say Yes for that factor.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Sourcing Strategy factors from 2.1
    • Prioritized list of sourcing strategy factors
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders

    Sourcing strategy factors and priority

    Sourcing strategy

    Factors that led to selection

    Priority of factor in decision

    Change possible

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to your choice

    Reasoning

    Priority of factor 1-x

    Is there an opportunity to adapt this factor to a partner?

    ABC

    Outsourcing - offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership

    Low requirement for direct business involvement

    Mature product with lower environments in cloud

    2

    1

    3

    N

    N

    Y

    Step 2.3

    Create target profile

    Activities

    2.3.1 Profile your best fit

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Profile of the target partner

    Profiling your best fit

    Creating a target profile will help you determine which partners should be included in the process.

    Given the complexity of all the factors and trying to find the best fit from a multitude of partners, Info-Tech recommends forming a target profile for your best fit of partner.

    This profile provides a detailed assessment matrix to use to review potential partners.

    Profile should be created based on priority; "must haves" are high priority, while properties that have mitigation opportunities are optional or lower priority.

    Criteria

    Priority

    Some US Govt contracts – data and staff in NATO

    1

    Windows environment – Azure DEVOPS

    2

    Clients in FS

    3

    Agile SDLC

    4

    Collaborative communication and conflict resolution

    5

    Mature product management

    6

    Languages English and Spanish

    7

    Partner Profile

    • Teams in NATO and non-NATO countries
    • Windows skills with Azure
    • Financial Services experience
    • Utilize Agile and willing to plug into our teams
    • Used to collaborating with clients in one team environment
    • One centre in Latin / South America

    Info-Tech Insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Case study: Cognizant is partnering with clients on product development

    INDUSTRY: Technology Services

    SOURCE: Interview with Jay MacIsaac, Cognizant

    Cognizant is driving quality solutions for clients

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Seeks to carefully consider client culture to create one team.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs the more traditional order taker development partner
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Realizes today’s clients don’t typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Understands that clients do want to know where the work is being delivered from and how it's being delivered, and want to help manage expectations and overall risk.

    Synergy with Info-Tech’s approach

    • Best relationship comes when teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Goal is a one-team culture with shared goals and delivering business value.
    • Ideal is a partner that will add to their thinking, not echo it.

    Results of this approach

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Case study: Cabot Technology Solutions uses industry knowledge to drive successful partnerships

    INDUSTRY: Technology Services

    SOURCE: Interview with Shibu Basheer, Cabot Technology Solutions

    Cabot Technology Solutions findings

    • Cabot Technology Solutions looks to partner with clients and deliver expertise and value, not just application development.
      • Focus on building deep knowledge in their chosen vertical, Healthcare.
      • Focus on partnering with clients in this space who are seeking a partner to provide industry knowledge and use this to propel them forward.
      • Look to work with clients seeking a one team philosophy.
      • Avoid clients looking for a cheap provider.
    • Recognizing the initial apprehension to India as a location, they have built a practice in Ontario that serves as a bridge for their offshore team.
    • Cabot overcame initial views and built trust, while integrating the India team in parallel.

    Synergy with Info-Tech approach

    • Preference is partners, not a client/vendor relationship.
    • Single country model is set aside in favor of mix of near and offshore.
    • Culture is a one team approach, not the more adversarial order-taker approach.
    • Goal is to build long-term relationships of value, not task management.

    Results of this approach

    • Cabot is a recognized as a top software development company in many markets across the USA.
    • Cabot continues to drive growth and build referenceable client relationships across North America.

    2.3.1 Profile your best fit

    30 min

    1. Document the list of skills you are seeking from the People Factors – Skills Inventory in Section 1.2 – these represent the skills you are seeking in a partner.
    2. Document the culture you are looking for in a partner with respect to communications and conflict resolution in the culture section of the requirements – this comes from Section 1.3.
    3. Confirm the type of partner you are seeking – nearshore, offshore, or outsourcing based on the sourcing strategy priorities in Section 2.2.
    4. Confirm constraints that the partner must work under based on constraints from your market and competitor factors in Section 1.1.
    5. Confirm your technical requirements in terms of environments, tools, and processes that the vendor must align to from Section 1.4.

    Download the Select a Sourcing Partner Presentation Template

    Input Output

    All exercises done in Steps 11-1.4 and 2.1-2.2

    Profile of a target partner to drive the RFx Criteria

    Materials Participants

    Select a Sourcing Partner for Your Development Team Presentation template

    Development leaders

    Deployment team leaders

    Infrastructure leaders

    IT operations leaders

    Product owners

    Project managers

    RFP skills requirement

    People skills required

    Product ownership

    Project management

    Skill

    Skill level required

    Tools / platform requirement

    Details of product management methodology and skills

    Details of firm's project management methodology

    .NET

    Medium

    Windows

    Highly mature, high skill

    Highly mature, high skill

    Java

    High

    Windows

    Low

    High

    RFx cultural characteristics

    Communication strategy

    Conflict resolution

    Organization / management

    Communication mediums supported

    Frequency of meetings expected

    Conflict resolutions strategies used at the firm

    Management methodology

    Face to face

    Weekly

    Collaborative

    Online

    Daily

    Hierarchical with manager

    Hierarchical

    RFx market constraints

    Constraints

    Partner proposal

    Constraint type

    Restrictions

    Market size required for

    Reasoning

    Data residency

    Data must stay in Canada for Canadian Gov't clients

    5% Canada public sector

    Competitive

    Offshoring dev means competition can take advantage

    95% Clients

    Need strategy to show data and leadership in NA, but delivering more innovation at lower cost by going offshore

    RFx technical requirements

    Technical environments

    Infrastructure

    Alignment of SDLC

    Tools required for development team

    Access control software required

    Infrastructure location

    Number of environments from development to production

    .Net Visual Studio

    Microsoft

    Azure

    4

    RFx scope of services

    Work being sourced

    Team sizing

    Work being sourced

    Skill level required

    Average size of release

    Releases per year

    Java development of new product

    High

    3-month development

    6

    .NET staff augmentation

    Medium

    ½-month development

    12

    Phase 3

    Choose the partner that will best enable you to move forward as one integrated team.

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    For more details on Partner Selection, please refer to our research blueprint entitled Select an ERP Partner

    This phase will help you define your RFx for your provider search

    This phase involves the following participants:

    Vendor Management Team

    IT Leadership

    Finance Team

    Finding the right fit should always come before rates to determine value

    The right fit

    Determined in previous activities

    Negotiating will eventually bring the two together

    Value

    Rates

    Determined by skill and location

    Statement of Work (SOW) quality

    A quality SOW is the result of a quality RFI/RFP (RFx).

    The process up to now has been gathering the materials needed to build a quality RFx. Take this opportunity to review the outputs of the preceding activities to ensure that:

    • All the right stake holders have been engaged.
    • The requirements are complete.

    Info-Tech’s RFP Review as a Service looks for key items to ensure your RFx will generate quality responses and SOWs.

    • Is it well-structured with a consistent use of fonts and bullets?
    • Is it laid out in sections that are easily identifiable and progress from high-level to more detailed information?
    • Can a vendor quickly identify the ten (or fewer) things that are most important to you?

    The image contains a screenshot of the Request for Proposal Review as a Service.

    Step 3.1

    Review your RFx

    Activities

    3.1.1 Select your RFx template

    3.1.2 Finalize your RFx

    3.1.3 Weight each evaluation criteria

    This step involves the following participants:

    • Project team
    • Evaluation team
    • Vendor management team
    • CIO

    Outcomes of this step

    • Completed RFx

    Info-Tech’s RFI/RFP process

    Info-Tech has well-established vendor management templates and practices

    • Identify Need
    • Define Business Requirements
    • Gain Business Authorization
    • Perform RFI/RFP
    • Negotiate Agreement
    • Purchase Goods and Services
    • Assess and Measure Performance

    Info-Tech Best Practice

    You’ll want to customize templates for your organization, but we strongly suggest that you take whatever you feel best meets your needs from both the long- and short-form RFPs presented in this blueprint.

    The secret to managing an RFP is to make it manageable. And the secret to making an RFP manageable is to treat it like any other aspect of business – by developing a process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.

    Your RFP process should be tailored to fit the needs and specifics of your organization and IT.

    Info-Tech Insight

    Create a better RFP process using Info-Tech’s well-established templates and methodology.

    Create a Better RFP Process

    In a hurry? Consider an enhanced RFI instead of an RFP.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations. An enhanced RFI (ERFI) is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Stage 1:

    Create an RFI with all the customary components. Next, add a few additional RFP-like requirements (e.g. operational and technical requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all the vendors. Finally, notify the vendors that you will not be doing an RFP – this is it!

    Stage 2:

    Review the vendors’ proposals and select the best two. Negotiate with both vendors and then make your decision.

    The ERFI shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    RFI Template

    The image contains a screenshot of the RFI Template.

    Use this template to create your RFI baseline template. Be sure to modify and configure the template to your organization’s specifications.

    Request for Information Template

    Long-Form RFP Template

    Configure Info-Tech’s Long-Form RFP Template for major initiatives

    The image contains a screenshot of the long-form RFP Template.

    A long-form or major RFP is an excellent tool for more complex and complicated requirements. This example is for a baseline RFP.

    It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review, and the vendors to respond.

    You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Source: Info-Tech’s The Art of Creating a Quality RFP

    Short-Form RFP Template

    Configure Info-Tech’s Short-Form RFP Template for minor or smaller initiatives

    The image contains a screenshot of the Short-Form RFP Template.

    This example is for a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves time for both your team and the vendors. Of course, the short-form RFP contains fewer specific instructions, guidelines, and rules for vendors’ proposal submissions.

    We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that require significant vendor's risk assessment.

    Source: The Art of Creating a Quality RFP

    3.1.1 Select your RFx template

    1-3 hours

    1. As a group, download the RFx templates from the previous three slides.
    2. Review your RFx process as a group. Be sure to include the vendor management team.
    3. Be sure to consider organization-specific procurement guidelines. These can be included. The objective here is to find the template that is the best fit. We will finalize the template in the next activity.
    4. Determine the best template for this project.
    Input Output
    • RFx templates
    • The RFx template that will be used for this project
    Materials Participants
    • Info-Tech’s Enhanced RFI Template, Long-Form RFP Template, and Short-Form RFP Template
    • Vendor management team
    • Project team
    • Project manager

    Finalize your RFx

    Key insights

    Leverage the power of the RFP

    • Too often RFPs fail to achieve their intended purposes, and your organization feels the effects of a poorly created RFP for many years.
    • If you are faced with a single source vendor, you can perform an RFP to one to create the competitive leverage.

    Make the response and evaluation process easier

    • Being strategic in your wording and formatting makes it easier on both parties – easier for the vendors to submit meaningful proposals, and easier for customer teams to evaluate.
    • Create a level playing field to encourage competition. Without multiple proposals, your options are limited and your chances for a successful project plummet.

    Maximize the competition

    • Leverage a pre-proposal conference to resolve vendor questions and to ensure all vendors receive the same answers to all questions. No vendor should have an information advantage.

    Do’s

    • Leverage your team’s knowledge.
    • Document and explain your RFP process to stakeholders and vendors.
    • Include contract terms in your RFP.
    • Measure and manage performance after contract award.
    • Seek feedback from the RFP team on your process and improve it as necessary.

    Don'ts

    • Reveal your budget.
    • Do an RFP in a vacuum.
    • Send an RFP to a vendor your team is not willing to award the business to.
    • Hold separate conversations with candidate vendors during your RFP process.
    • Skimp on the requirements definition to speed the process.
    • Tell the vendor they are selected before negotiating.

    3.1.2 Finalize your RFx

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is YOUR document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Add the content created in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the RFx Vendor Evaluation Tool

    Download the Supplementary RFx Material

    InputOutput
    • RFx template
    • Organizational specific guidelines
    • Materials from Steps 1 and 2
    • Supplementary RFx Material
    • Finalized RFx
    MaterialsParticipants
    • Electronic RFP document for editing
    • Vendor management team
    • Project team
    • Project manager

    3.1.2 Bring it all together

    Supplementary RFx Material

    The image contains a screenshot of Supplementary RFx Material.

    Review the sample content to get a feel for how to incorporate the results of the activities you have worked through into the RFx template.

    RFx Templates

    Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.

    Exercises in Steps 1 and 2

    The image contains a screenshot of Exercises in Steps 1 and 2

    Use the material gathered during each activity to inform and populate the implementation partner requirements that are specific for your organization and project.

    The image contains a screenshot of the Long Form RFx template.The image contains a screenshot of the Short Form RFx template.

    3.1.3 Weight each evaluation criteria

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is your document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Utilize the content defined in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the Supplementary RFx Material

    InputOutput

    RFx Vendor Evaluation Tool

    Exercises from Steps 1 and 2

    • Weighted scoring tool to evaluate responses
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Supplementary RFx Material
    • Vendor management team
    • Project team
    • Project manager

    3.1.3 Apply weight to each evaluation criteria

    Use this tool to weight each critical success factor based on results of the activities within the vendor selection workbook for later scoring results.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Step 3.2

    Identify target vendors

    Activities

    3.2.1 Identify target vendors

    3.2.2 Define your RFx timeline

    This step involves the following participants:

    • Project team
    • Vendor management team

    Outcomes of this step

    • Targeted vendor list
    • Initial RFx timeline

    3.2.1 Identify target vendors

    1-3 hours

    1. Based on the profile defined in Step 2.3, research potential partners that fit the profile, starting with those you may have used in the past. From this, build your initial list of vendors to target with your RFx.
    2. Break into smaller groups (or continue as a single group if it is already small) and review each shortlisted vendor to see if they will likely respond to the RFx.
    Input Output
    • Websites
    • Peers
    • Advisory groups
    • A shortlist of vendors to target with your RFx
    Materials Participants
    • RFx Vendor Evaluation Tool
    • CIO
    • Vendor management team
    • Project team
    • Evaluation team

    Download the RFx Vendor Evaluation Tool

    Define your RFx timeline

    Provider RFx timelines need to be clearly defined to keep the project and participants on track. These projects and processes can be long. Set yourself up for success by identifying the time frames clearly and communicating them to participants.

    1. Current
    • Concurrent ERP product selection
    • RFx preparation
    • Release of RFX
  • Near-term
    • Responses received
    • Scoring responses
    • Shortlisting providers
    • Provider interviews
    • Provider selection
    • Provider contract negotiations
    • Contract with provider
  • Future
    • Initiation of knowledge transfer
    • Joint development period
    • Cutover to provider team

    89% of roadmap views have at least some representation of time. (Roadmunk, n.d.)

    Info-Tech Insight

    The true value of time horizons is in dividing your timeline and applying different standards and rules, which allows you to speak to different audiences and achieve different communication objectives.

    3.2.2 Define your RFx timeline

    1-3 hours

    1. As a group identify an appropriate timeline for your RFP process. Info-Tech recommends no less than three months from RFx release to contract signing.

      Keep in mind that you need to allow for time to engage the team and perform some level of knowledge transfer, and to seed the team with internal resources for the initial period.
    2. Leave enough time for vendor responses, interviews, and reference checks.
    3. Once the timeline is finalized, document it and communicate it to the organization.

    Download the RFx Vendor Evaluation Tool

    Input Output
    • RFx template
    • Provider RFx timeline
    Materials Participants
    • RFx Vendor Evaluation Tool
    • Vendor management team
    • Project team
    • Project manager

    Define your RFx timeline

    The image contains a screenshot of an example of an RFx timeline.

    Step 3.3

    Evaluate vendor responses

    Activities

    3.3.1 Evaluate responses

    This step involves the following participants:

    • Evaluation team

    Outcomes of this step

    • Vendor submission scores

    3.3.1 Evaluate responses

    1-3 hours

    1. Use the RFx Vendor Evaluation Tool to collect and record the evaluation team's scores for each vendor's response to your RFx.
    2. Then record and compare each team member's scores to rank the vendors' responses.
    3. The higher the score, the closer the fit.

    Download the RFx Vendor Evaluation Tool

    InputOutput
    • Vendor responses
    • Vendor presentations
    • Vendor scores
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Evaluation team

    3.3.1 Score vendor results

    Use the RFx Vendor Evaluation Tool to score the vendors' responses to your RFx using the weighted scale from Activity 3.1.3.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Phase 4

    Measuring the new relationship

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will allow you to define the relationship with your newly chosen partner, including choosing the right contract mechanism, defining shared goals for the relationship, and selecting the metrics and processes to measure performance.

    This phase involves the following participants:

    IT leadership

    Procurement team

    Product owners

    Project managers

    Implementing the Partner

    Implementing the new partner is an exercise in collaboration

    • Successfully implementing your new partner is an exercise in working together
    1. Define a contract mechanism that is appropriate for the relationship, but is not meant as punitive, contract-based management – this sets you up for failure.
    2. Engage with your team and your partner as one team to build shared, measurable goals
    3. Work with the team to define the metrics and processes by which progress against these goals will be measured
  • Goals, metrics and process should be transparent to the team so all can see how their performance ties to success
  • Make sure to take time to celebrate successes with the whole team as one
  • Info-Tech Insight

    Implement the relationship the same way you want it to work: as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. This transparency and collaboration will build a one team view, leading to long-term success.

    Step 4.1

    Engage partner to choose contract mechanism

    Activities

    4.1.1 Confirm your contract mechanism

    This step involves the following participants:

    IT leadership

    Procurement team

    Vendor team

    Outcomes of this step

    Contract between the vendor and the firm for the services

    Negotiate agreement

    Evaluate your RFP responses to see if they are complete and if the vendor followed your instructions.

    Then:

    Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.

    Select finalist(s).

    Apply selection criteria.

    Resolve vendors' exceptions.

    Negotiate before you select your vendor:

    Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.

    Perform legal reviews as necessary.

    Use sound competitive negotiations principles.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement, as the standard for an underperforming vendor.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Leverage ITRG's negotiation process research for additional information

    For more details on this process please see our research Drive Successful Sourcing Outcomes with a Robust RFP Process

    4.1.1 Confirm your contract mechanism

    30 min

    1. Does the firm have prior experience with this type of sourcing arrangement?
    2. Does the firm have an existing services agreement with the selected partner?
    3. What contract mechanisms have been used in the past for these types of arrangements?
    4. What mechanism was proposed by the partner in their RFP response?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Past sourcing agreements from Procurement
    • Proposed agreement from partner
    • Agreed upon contract mechanism
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Vendor management group
    • Partner leaders

    Choose the appropriate contract method

    Work being sourced

    Partner proposal

    Agreed-upon mechanism

    Work being sourced

    Vendor management experience with type

    Partner proposed contract method

    Agreed-upon contract method

    Java development team to build new product

    Similar work done with fixed price with another vendor

    Time and materials per scrum team

    Time and materials per scrum team to avoid vendor conflicts inherent in fixed price which limit innovation

    Step 4.2

    Engage partner team to define shared goals

    Activities

    4.2.1 Define your shared goals

    This step involves the following participants:

    IT leadership

    Vendor leadership

    Outcomes of this step

    Shared goals for the team

    Define success and shared goals

    Work together to define how you will measure yourselves.

    One team

    • Treating the new center and the existing team as one team is critical to long-term success.
    • Having a plan that allows for teams to meet frequently face-to-face "get to know you" and "stay connected" sessions will help the team gel.

    Shared goals

    • New group must share common goals and measurements.

    Common understanding

    • New team must have a common understanding and culture on key facets such as:
      • Measurement of quality
      • Openness to feedback and knowledge sharing
      • Culture of collaboration
      • Issue and Risk Management

    4.2.1 Define your shared goals

    30 min

    1. List each item in the scope of work for the sourcing arrangement – e.g. development of product XXX.
    2. For each scope item, detail the benefit expected by the firm – e.g. development cost expected to drop by 10% per year, or customer satisfaction improvement.
    3. For each benefit define how you will measure success – e.g. track cost of development for the development team assigned, or track Customer Satisfaction Survey results.
    4. For each measure, define a target for this year – e.g. 10% decrease over last year's cost, or customer satisfaction improvement from 6 to 7.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Services being procured from RFx
    • Benefits expected from the sourcing strategy
    • Baseline scores for measurements
    • Shared goals agreed upon between team and partner
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Partner leaders

    Define goals collaboratively

    Role and benefit

    Goals and objectives

    Role / work being sourced

    Benefit expected

    Measure of success

    Year over year targets

    Java development team to build new product

    New product to replace aging legacy

    Launch of new product

    Agree on launch schedule and MVP for each release / roadmap

    Step 4.3

    Choose your success metrics

    Activities

    4,3.1 Define metrics and process to monitor

    This step involves the following participants:

    IT leadership

    Product owners

    Project managers

    Vendor leaders

    Outcomes of this step

    Metrics and process to measure performance

    4.3.1 Define metrics and process to monitor

    30 min

    1. For each goal defined and measure of success, break down the measure into quantifiable, measurable factors – e.g. Development cost is defined as all the costs tracked to the project including development, deployment, project management, etc.
    2. For each factor choose the metric that can be reported on – e.g. project actuals.
    3. For each metric define the report and reporting frequency – e.g. monthly project actuals from project manager.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT Security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Agreed-upon metrics

    Goal

    Metrics and process

    Agreed-upon goal

    Year 1 target

    Metric to measure success

    Measurement mechanism

    Deliver roadmap of releases

    3 releases – MVP in roadmap

    Features and stories delivered

    Measure delivery of stories from Jira

    Research Contributor

    The image contains a picture of Alaisdar Graham.

    Alaisdar Graham

    Executive Counsellor

    Info-Tech Research Group

    During Alaisdar’s 35-year career in information and operational technology, Alaisdar has been CIO for public sector organizations and private sector companies. He has been an entrepreneur with his own consultancy and a founder or business advisor with four cyber-security start-ups, Alaisdar has developed experience across a broad range of industries within a number of different countries and become known for his ability to drive business benefits and improvements through the use of technology.

    Alaisdar has worked with CXO-level executives across different businesses. Whether undertaking a digital transformation, building and improving IT functions across your span of control, or helping you create and execute an integrated technology strategy, Alaisdar can provide insight while introducing you to Info-Tech Research Group’s experts. Alaisdar’s experience with organizational turn- around, governance, project, program and portfolio management, change management, risk and security will support your organization’s success.

    Research Contributor

    The image contains a picture of Richard Nachazel.

    Richard Nachazel

    Executive Counsellor

    Info-Tech Research Group

    • Richard has more than 40 years working in various Fortune 500 organizations. His specialties are collaborating with business and IT executives and senior stakeholders to define strategic goals and transform operational protocols, standards, and methodologies. He has established a reputation at multiple large companies for taking charge of critical, high-profile enterprise projects in jeopardy of failure and turning them around. Colleagues and peers recognize his ability to organize enterprise efforts, build, develop, and motivate teams, and deliver outstanding outcomes.
    • Richard has worked as a Global CISO & Head of IT Governance for a Swiss Insurance company, Richard developed and led a comprehensive Cyber-Security Framework that provided leadership and oversight of the cyber-security program. Additionally, he was responsible for their IT Governance Risk & Compliance Operation and the information data security compliance in a complex global environment. Richard’s experience with organizational turn around, governance, risk, and controls, and security supports technology delivery integration with business success. Richard’s ability to engage executive and senior management decision makers and champion vision will prove beneficial to your organization.

    Research Contributor

    The image contains a picture of Craig Broussard.

    Craig Broussard

    Executive Counsellor

    Info-Tech Research Group

    • Craig has over 35 years of IT experience including software development, enterprise system management, infrastructure, and cyber security operations. Over the last 20 years, his focus has been on infrastructure and security along with IT service management. He’s been an accomplished speaker and panelist at industry trade events over the past decade.
    • Craig has served as Global Infrastructure Director for NCH Corporation, VP of Information Technology at ATOS, and earlier in his career as the Global Head of Data Center Services at Nokia Siemens Networks. Craig also worked for MicroSolutions (a Mark Cuban Company). Additionally, Craig received formal consulting training while working for IBM Global Services.
    • Craig’s deep experience across many aspects of IT from Governance through Delivery makes him an ideal partner for Info-Tech members.

    Bibliography

    Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model. (n.d.).
    Offshore Dedicated Development Team – A Compelling Hiring Guide. (n.d.).
    The Three Non-Negotiables Of IT Offshoring. (n.d.). Forbes.
    Top Ten Countries For Offshoring. Forbes, 2004.
    Nearshoring in Europe: Choose the Best Country for IT Outsourcing - The World Financial Review. (n.d.).
    Select an Offshore Jurisdiction. The Best Countries for Business in 2021-2022! | InternationalWealth.info. (n.d.).
    How to Find the Best Country to Set Up an Offshore Company. (n.d.). biz30.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Carmel, E., & Abbott, P. (2006). Configurations of global software development: offshore versus nearshore. … on Global Software Development for the Practitioner, 3–7.
    Hanafizadeh, P., & Zare Ravasan, A. (2018). A model for selecting IT outsourcing strategy: the case of e-banking channels. Journal of Global Information Technology Management, 21(2), 111–138.
    Ishizaka, A., Bhattacharya, A., Gunasekaran, A., Dekkers, R., & Pereira, V. (2019). Outsourcing and offshoring decision making. International Journal of Production Research, 57(13), 4187–4193.
    Jeong, J. J. (2021). Success in IT offshoring: Does it depend on the location or the company? Arxiv.
    Joanna Minkiewicz, J. E. (2009). Deakin Research Online Online. 2007, Interrelationships between Innovation and Market Orientation in SMEs, Management Research News, Vol. 30, No. 12, Pp. 878-891., 30(12), 878–891.

    Bibliography

    King, W. R., & Torkzadeh, G. (2016). Special Issue Information Systems Offshoring : Research Status and Issues. MIS Quarterly, 32(2), 205–225.
    Kotlarsky, J., & Oshri, I. (2008). Country attractiveness for offshoring and offshore outsourcing: Additional considerations. Journal of Information Technology, 23(4), 228–231.
    Lehdonvirta, V., Kässi, O., Hjorth, I., Barnard, H., & Graham, M. (2019). The Global Platform Economy: A New Offshoring Institution Enabling Emerging-Economy Microproviders. Journal of Management, 45(2), 567–599.
    Mahajan, A. (2018). Risks and Benefits of Using Single Supplier in Software Development. Oulu University of Applied Sciences. Retrieved from
    Murberg, D. (2019). IT Offshore Outsourcing: Best Practices for U.S.-Based Companies. University of Oregon Applied Information Management, 1277(800), 824–2714.
    Nassimbeni, G., Sartor, M., & Dus, D. (2012). Security risks in service offshoring and outsourcing. Industrial Management and Data Systems, 112(3), 405–440.
    Olson, G. M., & Olson, J. S. (2000). Distance matters. Human-Computer Interaction, 15(2–3), 139–178.
    Pilkova, A., & Holienka, M. (2018). Home-Based Business in Visegrad Countries: Gem Perspective. Innovation Management, Entrepreneurship and Sustainability 2018 Proceedings of the 6th International Conference.
    Rahman, H. U., Raza, M., Afsar, P., Alharbi, A., Ahmad, S., & Alyami, H. (2021). Multi-criteria decision making model for application maintenance offshoring using analytic hierarchy process. Applied Sciences (Switzerland), 11(18).
    Rahman, H. U., Raza, M., Afsar, P., Khan, H. U., & Nazir, S. (2020). Analyzing factors that influence offshore outsourcing decision of application maintenance. IEEE Access, 8, 183913–183926.
    Roadmunk. What is a product roadmap? Roadmunk, n.d. Accessed 12 Oct. 2021.
    Rottman, J. W., & Lacity, M. C. (2006). Proven practices for effectively offshoring IT work. MIT Sloan Management Review.
    Smite, D., Moe, N. B., Krekling, T., & Stray, V. (2019). Offshore Outsourcing Costs: Known or Still Hidden? Proceedings - 2019 ACM/IEEE 14th International Conference on Global Software Engineering, ICGSE 2019, 40–47.
    Welsum, D. Van, & Reif, X. (2005). Potential Offshoring: Evidence from Selected OECD Countries. Brookings Trade Forum, 2005(1), 165–194.
    Zhang, Y., Liu, S., Tan, J., Jiang, G., & Zhu, Q. (2018). Effects of risks on the performance of business process outsourcing projects: The moderating roles of knowledge management capabilities. International Journal of Project Management, 36(4), 627–639.

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Build a Vendor Security Assessment Service

    • Buy Link or Shortcode: {j2store}318|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $17,501 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
    • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
    • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

    Our Advice

    Critical Insight

    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

    Impact and Result

    • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
    • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
    • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

    Build a Vendor Security Assessment Service Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define governance and process

    Determine your business requirements and build your process to meet them.

    • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
    • Vendor Security Policy Template
    • Vendor Security Process Template
    • Vendor Security Process Diagram (Visio)
    • Vendor Security Process Diagram (PDF)

    2. Develop assessment methodology

    Develop the specific procedures and tools required to assess vendor risk.

    • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
    • Service Risk Assessment Questionnaire
    • Vendor Security Questionnaire
    • Vendor Security Assessment Inventory

    3. Deploy and monitor process

    Implement the process and develop metrics to measure effectiveness.

    • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
    • Vendor Security Requirements Template
    [infographic]

    Workshop: Build a Vendor Security Assessment Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Governance and Process

    The Purpose

    Understand business and compliance requirements.

    Identify roles and responsibilities.

    Define the process.

    Key Benefits Achieved

    Understanding of key goals for process outcomes.

    Documented service that leverages existing processes.

    Activities

    1.1 Review current processes and pain points.

    1.2 Identify key stakeholders.

    1.3 Define policy.

    1.4 Develop process.

    Outputs

    RACI Matrix

    Vendor Security Policy

    Defined process

    2 Define Methodology

    The Purpose

    Determine methodology for assessing procurement risk.

    Develop procedures for performing vendor security assessments.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    2.1 Identify organizational security risk tolerance.

    2.2 Develop risk treatment action plans.

    2.3 Define schedule for re-assessments.

    2.4 Develop methodology for assessing service risk.

    Outputs

    Security risk tolerance statement

    Risk treatment matrix

    Service Risk Questionnaire

    3 Continue Methodology

    The Purpose

    Develop procedures for performing vendor security assessments.

    Establish vendor inventory.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    3.1 Develop vendor security questionnaire.

    3.2 Define procedures for vendor security assessments.

    3.3 Customize the vendor security inventory.

    Outputs

    Vendor security questionnaire

    Vendor security inventory

    4 Deploy Process

    The Purpose

    Define risk treatment actions.

    Deploy the process.

    Monitor the process.

    Key Benefits Achieved

    Understanding of how to treat different risks according to the risk tolerance.

    Defined implementation strategy.

    Activities

    4.1 Define risk treatment action plans.

    4.2 Develop implementation strategy.

    4.3 Identify process metrics.

    Outputs

    Vendor security requirements

    Understanding of required implementation plans

    Metrics inventory

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact: 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Infrastructure and Operations Priorities 2023

    • Buy Link or Shortcode: {j2store}54|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Disruptive & Emerging Technologies
    • Parent Category Link: /disruptive-emerging-technologies
    • Get out of your I&O silo. I&O teams must be expected to work alongside and integrate with cyber security operations.
    • Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.
    • Get ahead of inflationary pressures with early budgetary planning and identify the gap between the catchup projects and required critical net new investments.

    Our Advice

    Critical Insight

    • Establish I&O within an AI governance program to build trust in AI results, behaviors, and limit legal exposure.
    • Develop data governance program that includes an I&O data steward for oversight.
    • Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    Impact and Result

    • Provide a framework that highlight the impacts the threats of an economic slowdown, growing regulatory reporting requirements, cyber security attacks and opportunity that smart governance over AI, data stewardship and the looming explosion of augmented reality and Web 3.0 technologies.
    • Info-Tech can help communicate your I&O priorities into compelling cases for your stakeholders.

    Infrastructure and Operations Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Infrastructure & Operations Priorities 2023 – A framework to dive deeper into the trends most relevant to you and your organization

    Discover Info-Tech's six priorities for Infrastructure & Operations leaders.

    Infographic

    Further reading

    Infrastructure &Operations Priorities 2023

    Navigate the liminal space between threats and opportunities.

    2023: A liminal space between threats and opportunities

    Over the last several years, successful CEOs turned to their Infrastructure and Operations (I&O) departments to survive the effects of the pandemic. It was I&O leaders who were able to reconfigure critical infrastructure on the fly to support remote work, adapt to critical supply chain shortages, and work with lines of business managers to innovate operational workflows.

    2023 promises to bring a new set of challenges. Building on the credibility established during the pandemic, I&O is in a unique position to influence the direction a business will take to be successful in a time of austerity.

    I&O members are going to be asked to mitigate the threats of volatility from recession pressures, new cybersecurity attacks, and operational process and litigation from regulatory mandates. At the same time, I&O members are being asked for fundamental digital transformation items to realize long-term opportunities to their organizations in 2023.

    Seemingly counter-intuitive in a time of economic slowdown, organizations in 2023 will want to start the groundwork to realizing the I&O opportunities that unstructured data and artificial intelligence have promised, while prepping for what has been mislabeled as the Metaverse.

    If you are in a traditionally risk adverse industry, you’re more likely to be impacted by the threat mitigation.

    Opportunistic I&O members will use 2023 to proactively jumpstart digital transformation.

    Introduction

    Welcome to the Info-Tech 2023 I&O Priorities Report

    If I&O members learned anything from the last few years, it’s how to tactically respond to the disruptive waves often arising from sources external to the organization. The good news is that Info-Tech’s I&O priorities report provides forward-looking insights to help members become more proactive to the tsunami of change predicted in our Trends Report to happen over the next three to five years.

    Info-Tech I&O priorities are generated through a phased approach. The first phase senses and identifies mega and macro tends in the digital landscape to formulate hypotheses about the trends for the next three to five years. These hypotheses are validated by sending out a survey to Info-Tech members. The responses from 813 members was used to produce an Info-Tech Trends Report focused on major long-term trends.

    The I&O Priorities were determined by combining the I&O member responses within the Info-tech Trends Survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors. The six I&O priorities identified in this report are presented in a framework that highlight the impacts of an economic slowdown, growing regulatory reporting requirements, cybersecurity threats, smart governance of AI, embracing stewardship of data, and the looming explosion of augmented reality and Web 3.0 technologies.

    We also have a challenge exercise to help you communicate which priorities to focus your I&O organization on. Additionally, we linked some Info-tech research and tools related to the priorities that help your I&O organization formulate actionable plans for each area.

    Priorities

    Six forward-looking priorities for the next year.

    Focus

    Activity to help select which priorities are relevant for you.

    Actions

    Actionable Info-tech research and tools to help you deliver.

    Infrastructure & Operations priorities

    The I&O priorities were determined by combining I&O member responses from the Tech Trends and Priorities 2023 survey with insightful signals from secondary research, economic markets, regulatory bodies, industry organizations, and vendors.

    The image contains a screenshot of the Infrastructure & Operations priorities.

    I&O Priorities 2023

    The image contains a screenshot of the I&O Priorities.

    I&O priorities framework

    Threats signals

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Get out of your silo. Forget your job description and start doing what needs to be done.

    Infrastructure rarely has authority in these areas, but somehow it ends up with many of the responsibilities. You can't afford to be reactive. Forget about your traditional silo and get out in front of these topics. Not in your job description? Find out whose job it is and make them aware. Better yet – take charge! If you're going to be responsible you might as well be in control.

    Opportunities signals

    AI Governance: Watching the Watchers

    Prep for A Brave New Metaverse

    Data Governance: Cornerstone of Value

    Proper stewardship of data is an I&O must. If thought you had problems with your unstructured data, wait until you see the data sprawl coming from the metaverse.

    I&O needs to be so much more than just an order taker for the dev teams and lines of business. The sprawl of unstructured data in Word, Excel, PDF and PowerPoint was bad historically; imagine those same problems at metaverse scale! Simple storage and connectivity is no longer enough – I&O must move upstream with more sophisticated service and product offerings generated through proper governance and stewardship.

    Challenge: Expand the I&O border

    The hidden message in this report is that I&O priorities extend beyond the traditional scope of I&O functions. I&O members need to collaborate across functional areas to successfully address the priorities presented in this report.

    Info-Tech can help! Align your priorities with our material on how to Build a Business-Aligned IT Strategy. Use a modified version of the Strategy Initiative Template (next slide) to convey your strong opinion on the priorities you need your stakeholders to know about. And do so in a way that is familiar so they will easily understand.

    The image contains a screenshot of Info-Tech's Maturity Ladder.
    Info-Tech 2023 Trends Survey Results

    Call your Executive Advisor or Counselor to help identify the one or two key messages you want to bring forward for success in 2023!

    Info-Tech IT Strategy Initiative Template, from the IT Strategy Presentation Template & Priorities Report Initiative Template

    .
    The image contains a screenshot of a template for your priorities.

    Protect from threats

    Get out of your silo. Forget your job description and just start doing what needs to be done.

    Enhance I&O Cybersecurity

    Produce ESG Reporting

    Recession Readiness

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity incidents are
    a clear and present danger
    to I&O members.

    Cybersecurity incidents have
    a large financial impact
    on organizations.

    Related Info-Tech Research

    Of the surveyed I&O members, 53% identified cybersecurity incidents as the number one threat disrupting their operations in 2023. It’s understandable, as over 18% of surveyed I&O members experienced a cybersecurity incident in 2022. Alarmingly, 10% of surveyed I&O members didn’t know if they had a cybersecurity incident. The impact to the organization was with 14% of those incidents directly impacting their organizations for anywhere from 6 to 60 days.

    The 2022 report “Cost of a Data Breach” was conducted by IBM and the Ponemon Institute using data from 550 companies (across 17 countries) that experienced a security incident during a 12-month period ending in March 2022. It highlighted that the average total organizational cost of a security breach globally was USD 4.35M (locally these numbers expand to USA at USD 9.44M, Canada at USD 5.64, UK at USD 5.05M, Germany at USD 4.85M).

    (Source: IBM, 2022)

    Enhance cybersecurity response

    SIGNALS

    Organizations' exposure comes from internal and external sources.

    The right tools and process can reduce the impact of a cybersecurity incident.

    Related Info-Tech Research

    The IBM/Ponemon Institute report highlighted the following:

    • 59% of organizations didn’t deploy a zero-trust architecture on critical infrastructure to reduce exposure.
    • 19% of the breaches originated from within their business partner eco-system.
    • 45% were cloud-based.

    (Source: IBM, 2022)

    The IBM/Ponemon Institute report also identified technologies and procedures to reduce the fiscal impacts of cybersecurity breaches. Having a dedicated security incident response team with a regularly tested plan reduced the incident cost by an average of USD 2.66M. A fully implemented AI security deduction and response automation system can provide average incident savings of 27.6%.

    Enhance cybersecurity response

    SIGNALS

    Cybersecurity spending is a major and expanding expenditure for our members.

    Cybersecurity is going
    to include brand misinformation.

    For 36% of surveyed I&O members, cybersecurity consumed between 10-20% of their total budget in 2022. Moreover, cybersecurity defense funding is expected to increase for 57% of I&O members.

    A third of surveyed I&O members viewed misinformation as a major risk to their organization for 2023 and 2024. Only 38% of the I&O members reported that they will have software in place to monitor and manage social media posts.

    Increasing environment and regulatory complexity demands more sophisticated cybersecurity operations.

    Infrastructure teams must be expected to work alongside and integrate with cybersecurity operations.

    Enhance cybersecurity response

    CALL TO ACTION

    Get out of your I&O silo and form cross-functional cybersecurity teams.

    I&O priority actions

    Establish a cross-functional security steering committee to coordinate security processes and technologies. The complexity of managing security across modern applications, cloud, IoT, and network infrastructure that members operate is greater than ever before and requires coordinated teamwork.

    Contain the cyber threat with zero trust (ZT) architecture. Extend ZT to network and critical infrastructure to limit exposure.

    Leverage AI to build vigilant security intelligence. Smart I&O operators will make use of AI automation to augment their security technologies to help detect threats and contain security incidents on critical infrastructure.

    Enhance cybersecurity response

    I&O priority actions

    Build specialized cybersecurity incident management protocols with your service desk. Build integrated security focused teams within service desk operations that continually test and improve security incident response protocols internally and with specialized security vendors. In some organizations, security incident response teams extend beyond traditional infrastructure into social media. Work cross-functionally to determine the risk exposure to misinformation and incident response procedures.

    Treat lost or stolen equipment as a security incident. Develop hardware asset management protocols for tracking and reporting on these incidents and keep a record of equipment disposal. Implement tools that allow for remote deletion of data and report on lost or stolen equipment.

    Produce ESG reporting

    SIGNALS

    Government mandates present an operational risk to I&O members.

    ESG reporting is
    often incomplete.

    Related Info-Tech Research

    Surveyed members identified government-enacted policy changes to be a top risk to disrupting to their business operations in 2023. One of the trends identified by Info-Tech is that the impact of regulations on environmental, social, and governance (ESG) reporting are being rolled out by governments worldwide.

    Alarmingly, only 7% of surveyed members responded that they could very accurately report on their carbon footprint and 23% said they were not able to report accurately at all.

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    ESG reporting has greatly expanded since a 2017 report by Task Force on Climate-Related Financial Disclosures (TCFD, 2017) which recommended that organizations disclose climate-related financial metrics for investors to appropriately price climate-related risks to share price. In 2021, the Swiss Finance Institute research paper (Sautner, 2021) identified 29 countries that require ESG reporting, primarily for larger public companies, financial institutions, and state-owned corporations.

    Global ESG mandates

    The image contains a screenshot of a world map that demonstrates the Global ESG Mandates.

    29 nations with ESG mandates identified by the Swiss Finance Institute

    Produce ESG reporting

    SIGNALS

    ESG mandates are being rolled out globally.

    The EU has mandated ESG reporting for approximately 11,700 large public companies with more than 500 employees under the Non-Financial Reporting Directive (NFRD), since 2014. The EU is going to replace the NFRD with the Corporate Sustainability Reporting Directive (European Council, 2022), which has set a 3-year timetable for escalating the ESG reporting level to what is estimated to be about 75% of EU total turnover (WorldFavor, 2022).

    • 2024: Companies with 500 or more employees.
    • 2025: Companies with 250 or more employee or 40M EU in revenue/20M in total assets.
    • 2026: SMEs, smaller credit financial, and captive insurance institutions.

    It's been a long time since most enterprises had to report on things like power efficiency factors.

    But don't think that being in the cloud will insulate you from a renewed interest in ESG reporting.

    Produce ESG reporting

    CALL TO ACTION

    Being unprepared for new ESG reporting mandates without a clear and validated ESG reporting process puts your organization at risk.

    I&O priority actions

    Understand ESG risk exposure. Define the gap between what ESG reporting is required in your jurisdiction and current reporting capabilities to meet them. Build the I&O role with responsibility for ESG reporting.

    Include vendors in ESG reporting. Review infrastructure facilities with landlords, utilities, and hosting providers to see if they can provide ESG reporting on sustainable power generation, then map it to I&O power consumption as part of their contractual obligations. Ask equipment vendors to provide ESG reporting on manufacturing materials and energy consumption to boot-strap data collection.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reporting on waste and recycle volumes.

    Produce ESG reporting

    I&O priority actions

    Implement an ESG reporting framework. There are five major ESG reporting frameworks being used globally. Select one of the frameworks below that makes sense for your organization, and implement it.

    ISO 14001 Environmental Management: Part of the ISO Technical Committee family of standards that allows your organization to understand its legal requirements to become certified in ESG.

    Global Reporting Initiative (GRI) Sustainability Reporting Standards: GRI has been developing ESG reporting standards since 1997. GRI provides a modular ESG framework applicable to all sizes and sectors of organizations worldwide.

    Principles for Responsible Investment: UN-developed framework for ESG reporting framework for disclosure in responsible investments.

    Sustainability Accounting Standards Board (SASB): ESG report framework to be used by investors.

    UN Global Compact: ESG reporting framework based on 10 principles that organizations can voluntarily contribute data to.

    Implement a HAM process to track asset disposal and other types of e-waste. Update agreements with disposal vendors to get reports on waste and recycle volumes.

    Recession readiness

    SIGNALS

    Managing accelerated technical debt.

    Recessionary pressures.

    Related Info-Tech Research

    I&O members experienced a spike in technical debt following the global pandemic economic shutdown, workforce displacement, and highly disrupted supply chains. 2023 presents a clear opportunity to work on these projects.

    The shortages in workforce and supply chain have accelerated inflation post pandemic. Central banks have started to slow down inflation in 2022 by raising interest rates. However, the World Bank has forecast a potential 2% rise in interest rates as the battle with inflation continues into 2023 and beyond, which could set off a global slowdown in GDP growth to 0.5%, qualifying as a recession. If interest rates continue to climb, I&O members may struggle with the higher cost of capital for their investments.

    (Source: World Bank Organization, 2022)

    Recession readiness

    SIGNALS

    I&O budgets expected to increase.

    Focused budgetary increases.

    Despite economists’ prediction of a looming recession and inflationary pressures, only 11% of I&O members surveyed indicated that they anticipated any reduction in IT budgets for 2023. In fact, 44% of I&O members expected an increase of IT budgets of between 6% and 30%.

    These increases in budget are not uniform across all investments. Surveyed I&O members indicated that the largest anticipated budget increases (compared to 2022) were in the areas of:

    • AI/machine learning ( +7.5%)
    • 5G (+7%)
    • Data Mesh/Fabric and Data Lake infrastructure (+5.7% and +4.4%, respectively)
    • Mixed reality technologies (augmented or virtual reality) (+3.3%)
    • Next generation cybersecurity (+1.7%)

    "2022 has been the first true opportunity to start getting caught up on technical debt stemming from the post pandemic supply chain and resource shortages. That catch-up is going to continue for some time.

    Unfortunately, the world isn't sitting still while doing that. In fact, we see new challenges around inflationary pressures. 2023 planning is going to be a balancing act between old and new projects."

    Paul Sparks,
    CTO at Brookshire Grocery Company

    Recession readiness

    SIGNALS

    Tough choices on budgetary spends.

    The responses indicated that I&O members expect decreased reinvestment for 2023 for the following:

    • API programming (-21.7%)
    • Cloud computing (-19.4%)
    • 44% of I&O members indicated if 2023 requires costs cutting, 5-20% of their cloud computing investment will be at risk of the chopping block!
    • Workforce management (-9.4%)
    • No-code /low-code infrastructure (-5.3%)

    Make sure you can clearly measure the value of all budgeted I&O activities.

    Anything that can't demonstrate clear value to leadership is potentially on the chopping block.

    Recession readiness

    CALL TO ACTION

    Get ahead of inflationary pressures with early budgetary planning, and identify the gap between the catch-up projects and required critical net new investments.

    II&O priority actions

    Hedge against inflation on infrastructure projects. Develop and communicate value-based strategies to lock in pricing and mitigate inflationary risk with vendors.

    Communicate value-add on all I&O budgeted items. Define an infrastructure roadmap to highlight which projects are technical debt and which are new strategic investments, and note their value to the organization.

    Look for cost saving technologies. Focus on I&O projects that automate services to increase productivity and optimize head count.

    Realize opportunities

    Build on a record of COVID-related innovation success and position the enterprise to take advantage of 2023.

    AI governance: Watching the watchers

    Data stewardship: Cornerstone of value

    Prep for a brave new metaverse

    AI governance: Watching the watchers

    SIGNALS

    Continued investment
    in AI technologies

    AI technology is permeating diverse I&O functional areas.

    Related Info-Tech Research

    About 32% of survey respondents who work in I&O said that they already invest in AI, and 40% intend to invest in 2023.

    I&O members have identified the following areas as the top five focal points for AI uses within their organizations.

    • Automated repetitive, low-level tasks
    • Business analytics or intelligence
    • Identification of risks and improvement of security response
    • Monitoring and governance
    • Sensor data analysis

    AI governance: Watching the watchers

    SIGNALS

    Consequences for misbehaving AI.

    I&O leaders can expect to have silos of AI in pockets scattered across the enterprise. Without oversight on the learning model and the data used for training and analytics there is a risk of overprovisioning, which could reduce the efficiency and effectiveness of AI models and results.

    This scale advantage of AI could result in operational inefficiencies without oversight. For example, bad governance means garbage in / garbage out. Which is worse: getting 100 outputs from a system with a 1% error rate, or getting 10,000 outputs from a system with an 1% error rate?

    These are just the operational issues; legally you can be on the hook, as well. The EU Parliament has issued a civil liability regime for AI (European Parliament, n.d.) which imposes liability to operators of AI systems, regardless of whether they acted with operational due diligence. Additionally, the IEEE (IEEE, 2019) is advocating for legal frameworks and accountability for AI that violates human rights and privacy laws and causes legal harm.

    Who is going to instill standards for AI Operations? Who is going to put in the mechanisms to validate and explain the output of AI black boxes?

    If you said it’s going to end up
    being Infrastructure and Operations – you were right!

    AI governance: Watching the watchers

    CALL TO ACTION

    Establish I&O within an AI governance program to build trust in AI results and behaviors and limit legal exposure.

    I&O priority actions

    Define who has overall AI accountability for AI governance within I&O. This role is responsible for establishing strategic governance metrics over AI use and results, and identifying liability risks.

    Maintain an inventory of AI use. Conduct an audit of where AI is used within I&O, and identify gaps in documentation and alignment with I&O processes and organizational values.

    Define an I&O success map. Provide transparency of AI use by generating pseudo code of AI models, and scorecard AI decision making with expected predictions and behavioral actions taken.

    AI governance: Watching the watchers

    Manage bias in AI decision making. Work with AI technology vendors to identify how unethical bias can enter the results, using operational data sets for validation prior to rollout.

    Protect AI data sets from manipulation. Generate new secure storage for AI technology audit trails on AI design making and results. Work with your security team to ensure data sets used by AI for training can’t be corrupted.

    Data governance: Cornerstone of value

    SIGNALS

    Data volumes grow
    with time.

    Data is seen as a source for generating new value.

    Related Info-Tech Research

    Of surveyed I&O members, 63% expected to see the data storage grow by at least 10% in 2023, and 15% expected a 30% or more growth in data storage volumes.

    I&O members identified the top three ways data brings value to the organization:

    • Helping reduce operational costs.
    • Presenting value-added to existing products and services.
    • Acquiring new customers.

    Data governance: Cornerstone of value

    SIGNALS

    Approach to data analysis is primarily done in-house.

    85% of surveyed I&O members are doing data analysis with custom-made or external tools. Interestingly, 10% of I&O members do not conduct any data analysis.

    Members are missing a formal data governance process.

    81% of surveyed I&O members do not have a formal or automated process for data governance. Ironically, 24% of members responded that they aim to have publicly accessible data-as-a-service or information repositories.

    Despite investment in data initiatives, organizations carry high levels of data debt.

    Info-Tech research, Establish Data Governance, points out that data debt, the accumulated cost associated with sub-optimal governance of data assets, is a problem for 78% of organizations.

    What the enterprise expects out of enterprise storage is much more complicated in 2023.

    Data protection and governance are non-negotiable aspects of enterprise storage, even when it’s unstructured.

    Data governance: Cornerstone of value

    SIGNALS

    Data quality is the primary driver for data governance.

    The data governance market
    is booming.

    Related Info-Tech Research

    In the 2022 Zaloni survey of data governance professionals, 71% indicated that consistent data quality was the top metric for data governance, followed by reduced time to insight and regulatory compliance.

    (Source: Zaloni DATAVERSITY, 2022)

    The Business Research Company determined that the global data governance market is expected to grow from $3.28 billion in 2022 to $7.42 billion in 2026 at a CAGR of 22.7% in response to 74 zettabytes of data in 2021, with a growth rate of 1.145 trillion MB of new data being created every day.

    (Source: Business Research Company, 2022)

    Data governance: Cornerstone of value

    CALL TO ACTION

    Develop a data governance program that includes an I&O data steward for oversight.

    I&O priority actions

    Establish an I&O data steward. Make data governance by establishing a data steward role with accountability for governance. The steward works collaboratively with DataOPs to control access to I&O data, enforce policies, and reduce the time to make use of the data.

    Define a comprehensive storage architecture. If you thought you had a data sprawl problem before, wait until you see the volume of data generated from IoT and Web 3.0 applications. Get ahead of the problem by creating an infrastructure roadmap for structured and unstructured data storage.

    Build a solid backbone for AI Operations using data quality best practices. Data quality is the foundation for generation of operational value from the data and artificial intelligence efforts. Focus on using a methodology to build a culture of data quality within I&O systems and applications that generate data rather than reactive fixes.

    Look to partner with third-party vendors for your master data management (MDM) efforts. Modern MDM vendors can work with your existing data fabrics/lake and help leverage your data governance policies into the cloud.

    Prep for a brave new metaverse

    SIGNALS

    From science fiction to science fact.

    The term metaverse was coined in 1992 by Neal Stephenson and is a common theme in science fiction. For most I&O surveyed professionals, the term metaverse conjures up more confusion than clarity, as it’s not one place, but multiple metaverse worlds. The primordial metaverse was focused on multiplayer gaming and some educational experiences. It wasn’t until recently that it gained a critical mass in the fashion and entertainment industries with the use of non-fungible tokens (NFT). The pandemic created a unique opportunity for metaverse-related technologies to expand Web 3.0.

    Related Info-Tech Research

    Prep for a brave new metaverse

    SIGNALS

    Collaboration and beyond.

    On one hand, metaverse technologies virtual reality(VR)/augmented reality (AR) headsets can be a method of collaborating internally within a single organization. About 10% of our surveyed I&O members engaged this type of collaborative metaverse in 2022, with another 24% looking to run proof of concept projects in 2023. However, there is a much larger terrain for metaverse projects outside of workforce collaboration, which 17% of surveyed I&O members are planning to engage with in 2023.

    These are sophisticated new metaverse worlds, and digital twins of production environments are being created for B2B collaboration, operations, engineering, healthcare, architecture, and education that include the use of block chain, NFTs, smart contracts, and other Web 3.0 technologies

    “They are the audiovisual bodies that people use to communicate with each other in the Metaverse.”

    Neal Stephenson,
    Snow Crash 1992

    Prep for a brave new metaverse

    SIGNALS

    Metaverse requires multidimensional security.

    Security in the context of the metaverse presents new challenges to I&O. The infrastructure that runs the metaverse is still vulnerable to “traditional” security threats. New attack vectors include financial and identity fraud, privacy and data loss, along with new cyber-physical threats which are predicted to occur as the metaverse begins to integrate with IoT and other 3D objects in the physical world.

    The ultimate in "not a product" – the metaverse promises to be a hodgepodge of badly standardized technologies for the near future.

    Be prepared to take care of pets and not cattle for the foreseeable future, but keep putting the fencing around the ranch.

    Prep for a brave new metaverse

    SIGNALS

    Generating new wave of sophisticated engineering coming.

    Economics boom around metaverse set to explode.

    Related Info-Tech Research

    Beyond the current online educational resources, there are reputable universities around the world, including Stanford University, that are offering courses on metaverse and Web 3.0 concepts.

    (Source: Arti, 2022)

    So, what’s providing the impetus for all this activity and investment? Economics. In their 2022 report, Metaverse and Money, Citi estimated that the economic value of the metaverse(s) will have 900M to 1B VR/AR users and 5 billion Web 3.0 users with market sizes of $1-2T and $8-$13T, respectively. Yes, that’s a “T” for Trillions.

    (Source: Ghose, 2022)

    Prep for a brave new metaverse

    CALL TO ACTION

    Ready or not, the metaverse is coming to an infrastructure near you. Start expanding I&O technologies and processes to support a metaverse infrastructure.

    I&O priority actions

    Develop a plan for network upgrades.

    A truly immersive VR/AR experience requires very low latency. Identify gaps and develop a plan to enhance your network infrastructure surrounding your metaverse space(s) and end users.

    Extend security posture into the metaverse.

    Securing the infrastructure that runs your metaverse is going to extend the end-user equipment used to navigate it. More importantly, security policies need to encompass the avatars that navigate it and the spatial web that they interact with, which can include physical world items like IoT.

    Prep for a brave new metaverse

    I&O priority actions

    Metaverse theft prevention

    Leverage existing strategies to identify management in the metaverse. Privacy policies need to extend their focus to data loss prevention within the metaverse.

    Collaborate

    The skill set required to build, deploy, manage, and support the metaverse is complex. Develop a metaverse support organization that extends beyond I&O functions into security, DevOps, and end-user experiences.

    Educate

    Web 3.0 technologies and business models are complex. Education of I&O technical- and commerce-focused team members is going to help prevent you from getting blindsided. Seek out specialized training programs for technical staff and strategic education for executives, like the Wharton School of Business certification program.

    Authors

    John Annand

    Theo Antoniadis

    John Annand

    Principal Research Director

    Theo Antoniadis

    Principal Research Director

    Contributors

    Paul Sparks,
    CTO at Brookshire Grocery Company

    2 Anonymous Contributors

    Figuring out the true nature of the “Turbo” button of his 486DX100 launched John on a 20-year career in managed services and solution architecture, exploring the secrets of HPC, virtualization, and DIY WANs built with banks of USR TotalControl modems. Today he focuses his research and advisory on software-defined infrastructure technologies, strategy, organization, and service design in an increasingly Agile and DevOps world.

    Theo has decades of operational and project management experience with start-ups and multinationals across North America and Europe. He has held various consulting, IT management and operations leadership positions within telecommunications, SaaS, and software companies.

    Bibliography

    “3 Cybersecurity Trends that are Changing Financial Data Management." FIMA US. Accessed August 2022.
    Arti. “While much of the world is just discovering the Metaverse, a number of universities have already established centers for studying Web 3." Analytics Insight. 10 July 2022.
    “Artificial intelligence (AI) for cybersecurity." IBM. Accessed September 2022
    “Business in the Metaverse Economy." Wharton School of University of Pennsylvania. Accessed October 2022.
    “Cost of a data breach 2022: A million-dollar race to detect and respond." IBM. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list." New Zealand Ministry of Business, Innovation & Employment. Accessed September 2022.
    “Countries affected by mandatory ESG reporting – here’s the list.” WorldFavor. Accessed September 2022.
    Crenshaw, Caroline A. “SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices." U.S. Securities and Exchange Commission. May 2022.
    “Cutting through the metaverse hype: Practical guidance and use cases for business." Avanade. Accessed October 2022.
    “Data Governance Global Market Sees Growth Rate Of 25% Through 2022." The Business Research Company. August 2022.
    “DIRECTIVE 2014/95/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups." UER-Lex. Accessed September 2022.
    "Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems." IEEE. March 2019.
    “European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence." European Parliament. Accessed October 2022.
    Ghose, Ronit et al. "Metaverse and Money." Citi GPS. March 2022.
    Hernandez, Roberto, et al. “Demystifying the metaverse." PWC. Accessed August 2022.
    Info-Tech Trends Report Survey, 2023; N=813.
    “ISO 14000 Family: Environmental Management." ISO. Accessed October 2022.
    Knight, Michelle & Bishop, Annie, ”The 2022 State of Cloud Data Governance.“ Zaloni DATAVERSITY. 2022.

    Bibliography

    Kompella, Kashyap, “What is AI governance and why do you need it?“ TechTarget. March 2022.
    “Management of electronic waste worldwide in 2019, by method." Statista. 2022.
    “Model Artificial Intelligence Governance Framework and Assessment Guide.“ World Economic Forum. Accessed September 2022.
    “Model Artificial Intelligence Governance Framework." PDPC Singapore. Accessed October 2022.
    “New rules on corporate sustainability reporting: provisional political agreement between the Council and the European Parliament.“ European Council. June 2022.
    "OECD Economic Outlook Volume 2022." OECD iLibrary. June 2022.
    "Recommendations of the Task Force on Climate-related Financial Disclosures." TCFD. Accessed August 2022.
    “Risk of Global Recession in 2023 Rises Amid Simultaneous Rate Hikes.” World Bank Organization. September 2022.
    Sautner, Zacharias, et al. “The Effects of Mandatory ESG Disclosure around the World.” SSRN. November 2021.
    Sondergaard, Peter. “AI GOVERNANCE – WHAT ARE THE KPIS? AND WHO IS ACCOUNTABLE?“ The Sondergaard Group. November 2019.
    Srivastavam Sudeep, “How can your business enter the Metaverse?." Appinventiv.
    September 2022.
    “Standards Overview." SASB. Accessed October 2022.
    Stephenson, Neal. Snow Crash. Bantam Books, 1992.
    “Sustainability Reporting Standards." Global Reporting Initiative. Accessed October 2022.
    “The Ten Principles of the UN Global Compact." UN Global Compact. Accessed October 2022.
    Tian Tong Lee, Sheryl. "China Unveils ESG Reporting Guidelines to Catch Peers.” Bloomberg. May 2022.
    “What are the Principles for Responsible Investment?" UNPRI. Accessed October 2022.
    "What is the EU's Corporate Sustainability Reporting Directive (CSRD)?" WorldFavor.
    June 2022.
    West, Darrell M. “Six Steps to Responsible AI in the Federal Government.“ Brookings Institution. March 2022. Web.

    Tech Trend Update: If Digital Ethics Then Data Equity

    • Buy Link or Shortcode: {j2store}100|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    COVID-19 is driving the need for quick technology solutions, including some that require personal data collection. Organizations are uncertain about the right thing to do.

    Our Advice

    Critical Insight

    Data equity approaches personal data like money, putting the owner in control and helping to protect against unethical systems.

    Impact and Result

    There are some key considerations for businesses grappling with digital ethics:

    1. If partnering, set expectations.
    2. If building, invite criticism.
    3. If imbuing authority, consider the most vulnerable.

    Tech Trend Update: If Digital Ethics Then Data Equity Research & Tools

    Tech Trend Update: If Digital Ethics Then Data Equity

    Understand how to use data equity as an ethical guidepost to create technology that will benefit everyone.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Tech Trend Update: If Digital Ethics Then Data Equity Storyboard
    [infographic]

    The latest burning platform: Exit Plans in a shifting world

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    The current global situation, marked by significant trade tensions and retaliatory measures between major economic powers, has elevated the importance of more detailed, robust, and executable exit plans for businesses in nearly all industries. The current geopolitical headwinds create an unpredictable environment that can severely impact supply chains, technology partnerships, and overall business operations. What was once a prudent measure is now a critical necessity – a “burning platform” – for ensuring business continuity and resilience.

    Here I will delve deeper into the essential components of an effective exit plan, outline the practical steps for its implementation, and explain the crucial role of testing in validating its readiness.

    exit plan

    Continue reading

    Applications Priorities 2023

    • Buy Link or Shortcode: {j2store}186|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.
    • These tools and technologies must meet the top business goals of CXOs: ensure service continuity, improve customer experience, and make data-driven decisions.
    • While today’s business applications are good and well received, there is still room for improvement. The average business application satisfaction score among IT leadership was 72% (n=1582, CIO Business Vision).

    Our Advice

    Critical Insight

    • Applications are critical components in any business strategic plan. They can directly influence an organization’s internal and external brand and reputation, such as their uniqueness, competitiveness and innovativeness in the industry
    • Business leaders are continuously looking for innovative ways to better position their application portfolio to satisfy their goals and objectives, i.e., application priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfies the different needs very different customers, stakeholders, and users.
    • Unfortunately, expectations on your applications team have increased while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    Impact and Result

    Learn and explore the technology and practice initiatives in this report to determine which initiatives should be prioritized in your application strategy and align to your business organizational objectives:

    • Optimize the effectiveness of the IT organization.
    • Boost the productivity of the enterprise.
    • Enable business growth through technology.

    Applications Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Applications Priorities Report 2023 – A report that introduces and describes five opportunities to prioritize in your 2023 application strategy.

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the ambitions of your organization.

    • Applications Priorities 2023 Report

    Infographic

    Further reading

    Applications Priorities 2023

    Applications are the engine of the business: keep them relevant and modern

    What we are facing today is transforming the ways in which we work, live, and relate to one another. Applications teams and portfolios MUST change to meet this reality.

    Economic, social, and regulatory conditions have changed livelihoods, businesses, and marketplaces. Modern tools and technologies have acted as lifelines by minimizing operating and delivery costs, and in the process, establishing a strong foundation for growth and maturity.

    As organizations continue to strengthen business continuity, disaster recovery, and system resilience, activities to simply "keep the lights on" are not enough. Be pragmatic in the prioritization and planning of your applications initiatives, and use your technologies as a foundation for your growth.

    Your applications must meet the top business goals of your CXOs

    • Ensure service continuity
    • Improve customer experience
    • Make data-driven decisions
    • Maximize stakeholder value
    • Manage risk

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Select and align your applications priorities to your business goals and objectives

    Applications are critical components in any business strategic plan. They can directly influence an organization's internal and external brand and reputation, such as their:

    • Uniqueness, competitiveness, and innovativeness in the industry.
    • Ability to be dynamic, flexible, and responsive to changing expectations, business conditions, and technologies.

    Therefore, business leaders are continuously looking for innovative ways to better position their application portfolios to satisfy their goals and objectives, i.e. applications priorities. Given the scope and costs often involved, these priorities must be carefully crafted to clearly state achievable business outcomes that satisfy
    the different needs of very different customers, stakeholders, and users.

    Today's business applications are good but leave room for improvement

    72%
    Average business application satisfaction score among IT leadership in 1582 organizations.

    Source: CIO Business Vision, August 2021 to July 2022, N=190.

    Five Applications Priorities for 2023

    In this report, we explore five priorities for emerging and leading-edge technologies and practices that can improve on capabilities needed to meet the Ambitions of your organization.

    this is an image of the Five Applications Priorities for which will be addressed in this blueprint.

    Strengthen your foundations to better support your applications priorities

    These key capabilities are imperative to the success of your applications strategy.

    KPI and Metrics

    Easily attainable and insightful measurements to gauge the progress of meeting strategic objectives and goals (KPIs), and the performance of individual teams, practices and processes (metrics).

    BUSINESS ALIGNMENT

    Gain an accurate understanding and interpretation of stakeholder, end-user, and customer expectations and priorities. These define the success of business products and services considering the priorities of individual business units and teams.

    EFFICIENT DELIVERY & SUPPORT PRACTICE

    Software delivery and support roles, processes, and tools are collaborative, well equipped and resourced, and optimized to meet changing stakeholder expectations.

    Data Management & Governance

    Ensuring data is continuously reliable and trustworthy. Data structure and integrations are defined, governed, and monitored.

    Product & Service Ownership

    Complete inventory and rationalization of the product and service portfolio, prioritized backlogs, roadmaps, and clear product and service ownership with good governance. This helps ensure this portfolio is optimized to meet its goals and objectives.

    Strengthen your foundations to better support your applications priorities (cont'd)

    These key capabilities are imperative to the success of your applications strategy.

    Organizational Change Management

    Manage the adoption of new and modified processes and technologies considering reputational, human, and operational concerns.

    IT Operational Management

    Continuous monitoring and upkeep of products and services to assure business continuity, and system reliability, robustness and disaster recovery.

    Architectural Framework

    A set of principles and standards that guides the consistent, sustainable and scalable growth of enterprise technologies. Changes to the architecture are made in collaboration with affected parties, such as security and infrastructure.

    Application Security

    The measures, controls, and tactics at the application layer that prevent vulnerabilities against external and internal threats and ensure compliance to industry and regulatory security frameworks and standards.

    There are many factors that can stand in your team's way

    Expectations on your applications team have increased, while the gap between how stakeholders and applications teams perceive effectiveness remains wide. This points to a need to clarify the requirements to deliver valuable and quality applications and address the pressures challenging your teams.

    1. Attracting and retaining talent
    2. Maximizing the return on technology
    3. Confidently shifting to digital
    4. Addressing competing priorities
    5. Fostering a collaborative culture
    6. Creating high-throughput teams

    CIOs agree that at least some improvement is needed across key IT activities

    A bar graph is depicted which shows the proportion of CIOs who believe that some, or significant improvement is necessary for the following categories: Measure IT Project Success; Align IT Budget; Align IT Project Approval Process; Measure Stakeholder Satisfaction With IT; Define and Align IT Strategy; Understand Business Goals

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022, n=568.

    Pressure Point 1:
    Attracting and Retaining Talent

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Lack of employee empowerment and few opportunities for learning and development.
    • Poor coworker and manager relationships.
    • Compensation and benefits are inadequate to maintain desired quality of life.
    • Unproductive work environment and conflicting balance of work and life.
    • Unsatisfactory employee experience, including lack of employee recognition
      and transparency of organizational change.

    While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing.
    62% of organizations reported increased working hours, while 80% reported an increase in flexibility.
    Source: McLean & Company, 2022; n=394.

    Be strategic in how you fill and train key IT skills and capabilities

    • Cybersecurity
    • Big Data/Analytics
    • Technical Architecture
    • DevOps
    • Development
    • Cloud

    Source: Harvey Nash Group, 2021; n=2120.

    Pressure Point 2:
    Maximizing the Return of Technology

    Recent environmental pressures impacted traditional working arrangements and showed more workplace flexibility is often possible. At the same time, many employees' expectations about how, when, and where they choose to work have also evolved. Recruitment and retention are reflections of different sides of the same employee value proposition coin. Organizations that fail to reinvent their approach to attracting and retaining talent by focusing on candidate and employee experience risk turnover, vacancies, and lost opportunities that can negatively impact the bottom line.

    Address the underlying challenges

    • Inability to analyze, propose, justify, and communicate modernization solutions in language the stakeholders understand and in a way that shows they clearly support business priorities and KPIs and mitigate risks.
    • Little interest in documenting and rationalizing products and services through business-IT collaboration.
    • Lack of internal knowledge of the system and loss of vendor support.
    • Undefined, siloed product and service ownership and governance, preventing solutions from working together to collectively deliver more value.
    • Little stakeholder appetite to invest in activities beyond "keeping the lights on."

    Only 64% of applications were identified as effective by end users.
    Effective applications are identified as at least highly important and have high feature and usability satisfaction.
    Source: Application Portfolio Assessment, August 2021 to July 2022; N=315.

    "Regardless of the many definitions of modernization floating around, the one characteristic that we should be striving for is to ensure our applications do an outstanding job of supporting the users and the business in the most effective and efficient manner possible."
    Source: looksoftware.

    Pressure Point 3:
    Confidently Shifting to Digital

    "Going digital" reshapes how the business operates and drives value by optimizing how digital and traditional technologies and tactics work together. This shift often presents significant business and technical risks to business processes, enterprise data, applications, and systems which stakeholders and teams are not aware of or prepared to accommodate.

    Address the underlying challenges

    • Differing perspectives on digital can lead to disjointed transformation initiatives, oversold benefits, and a lack of synergy among digital technologies and processes.
    • Organizations have difficulty adapting to new technologies or rethinking current business models, processes, and ways of working because of the potential human, ethical, and reputational impacts and restrictions from legacy systems.
    • Management lacks a framework to evaluate how their organization manages and governs business value delivery.
    • IT is not equipped or resourced to address these rapidly changing business, customer, and technology needs.
    • The wrong tools and technologies were chosen to support the shift to digital.

    The shift to digital processes is starting, but slowly.
    62% of respondents indicated that 1-20% of their processes were digitized during the past year.
    Source: Tech Trends and Priorities 2023; N=500

    Resistance to change and time/budget constraints are top barriers preventing companies from modernizing their applications.
    Source: Konveyor, 2022; n=600.

    Pressure Point 4:
    Addressing Competing Priorities

    Enterprise products and services are not used, operated, or branded in isolation. The various parties involved may have competing priorities, which often leads to disagreements on when certain business and technology changes should be made and how resources, budget, and other assets should be allocated. Without a broader product vision, portfolio vision, and roadmap, the various dependent or related products and services will not deliver the same level of value as if they were managed collectively.

    Address the underlying challenges

    • Undefined product and service ownership and governance, including escalation procedures when consensus cannot be reached.
    • Lack of a unified and grounded set of value and quality definitions, guiding principles, prioritization standards, and broad visibility across portfolios, business capabilities, and business functions.
    • Distrust between business units and IT teams, which leads to the scaling of unmanaged applications and fragmented changes and projects.
    • Decisions are based on opinions and experiences without supporting data.

    55% of CXOs stated some improvement is necessary in activities to understand business goals.
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    CXOs are moderately satisfied with IT's performance as a business partner (average score of 69% among all CXOs). This sentiment is similarly felt among CIOs (64%).
    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    Pressure Point 5:
    Fostering a Collaborative Culture

    Culture impacts business results, including bottom-line revenue and productivity metrics. Leaders appreciate the impact culture can have on applications initiatives and wish to leverage this. How culture translates from an abstract concept to something that is measurable and actionable is not straightforward. Executives need to clarify how the desired culture will help achieve their applications strategy and need to focus on the items that will have the most impact.

    Address the underlying challenges

    • Broad changes do not consider the unique subcultures, personalities, and behaviors of the various teams and individuals in the organization.
    • Leaders mandate cultural changes without alleviating critical barriers and do not embody the principles of the target state.
    • Bureaucracy and politics restrict changes and encourage the status quo.
    • Industry standards, technologies, and frameworks do not support or cannot be tailored to fit the desired culture.
    • Some teams are deliberately excluded from the scoping, planning, and execution of key product and service delivery and management activities.

    Agile does not solve team culture challenges.
    43% of organizations cited organizational culture as a significant barrier to adopting and scaling Agile practices.
    Source: Digital.ai, 2021.

    "Providing a great employee experience" as the second priority (after recruiting) highlights the emphasis organizations are placing on helping employees adjust after having been forced to change the way work gets done.
    Source: McLean & Company, 2022; N=826.

    Use your applications priorities to help address your pressure points

    Success can be dependent on your ability to navigate around or alleviate your pressure points. Design and market your applications priorities to bring attention to your pressure points and position them as key risk factors to their success.

    Applications Priorities
    Digital Experience (DX) Intelligent Automation Proactive Application Management Multisource Systems Digital Organization as a Platform
    Attracting and Retaining Talent Enhance the employee experience Be transparent and support role changes Shift focus from maintenance to innovation Enable business-managed applications Promote and showcase achievements and successes
    Maximizing the Return on Technology Modernize or extend the use of existing investments Automate applications across multiple business functions Improve the reliability of mission-critical applications Enhance the functionality of existing applications Increase visibility of underused applications
    Confidently Shifting to Digital Prioritize DX in your shift to digital Select the capabilities that will benefit most from automation Prepare applications to support digital tools and technologies Use best-of-breed tools to meet specific digital needs Bring all applications up to a common digital standard
    Addressing Competing Priorities Ground your digital vision, goals, and objectives Recognize and evaluate the architectural impact Rationalize the health of the applications Agree on a common philosophy on system composition Map to a holistic platform vision, goals, and objectives
    Fostering a Collaborative Culture Involve all perspectives in defining and delivering DX Involve the end user in the delivery and testing of the automated process Include the technical perspective in the viability of future applications plans Discuss how applications can work together better in an ecosystem Ensure the platform is configured to meet the individual needs of the users
    Creating High-Throughput Teams Establish delivery principles centered on DX Remove manual, error-prone, and mundane tasks Simplify applications to ease delivery and maintenance Alleviate delivery bottlenecks and issues Abstract the enterprise system to expedite delivery

    Digital Experience (DX)

    PRIORITY 1

    • Deliver Valuable User, Customer, Employee, and Brand Experiences

    Delivering valuable digital experiences requires the adoption of good management, governance, and operational practices to accommodate stakeholder, employee, customer, and end-user expectations of digital experiences (e.g. product management, automation, and iterative delivery). Technologies are chosen based on what best enables, delivers, and supports these expectations.

    Introduction

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    What is digital experience (DX)?

    Digital experience (DX) refers to the interaction between a user and an organization through digital products and services. Digital products and services are tools, systems, devices, and resources that gather, store, and process data; are continuously modernized; and embody eight key attributes that are described on the following slide. DX is broken down into four distinct perspectives*:

    • Customer Experience – The immediate perceptions of transactions and interactions experienced through a customer's journey in the use of the organization's digital
      products and services.
    • End-User Experience – Users' emotions, beliefs, and physical and psychological responses
      that occur before, during, or after interacting with a digital product or service.
    • Brand Experience – The broader perceptions, emotions, thoughts, feelings and actions the public associate with the organization's brand and reputation or its products and services. Brand experience evolves over time as customers continuously engage with the brand.
    • Employee Experience – The satisfaction and experience of an employee through their journey with the organization, from recruitment and hiring to their departure. How an employee embodies and promotes the organization brand and culture can affect their performance, trust, respect, and drive to innovate and optimize.
    Digital Products and Services
    Customer Experience Brand Experience Employee Experience End-User Experience

    Digital products and services have a common set of attributes

    Digital transformation is not just about new tools and technologies. It is also about delivering a valuable digital experience

    • Digital products and services must keep pace with changing business and end-user needs as well as tightly supporting your maturing business model with continuous modernization. Focus your continuous modernization on the key characteristics that drive business value.
    • Fit for purpose: Functionalities are designed and implemented for the purpose of satisfying the end user's needs and solving their problems.
    • User-centric: End users see the product as rewarding, engaging, intuitive, and emotionally satisfying. They want to come back to it.
    • Adaptable: The product can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components.
    • Accessible: The product is available on demand and on the end user's preferred interface.
      End users have a seamless experience across all devices.
    • Private and secured: The end user's activity and data are protected from unauthorized access.
    • Informative and insightful: The product delivers consumable, accurate, and trustworthy real-time data that is important to the end user.
    • Seamless application connection: The product facilitates direct interactions with one or more other products through an uninterrupted user experience.
    • Relationship and network building: The product enables and promotes the connection and interaction of people.

    The Business Value cycle of continuous modernization.

    Signals

    DX is critical for business growth and maturity, but the organization may not be ready

    A good DX has become a key differentiator that gives organizations an advantage over their competition and peers. Shifts in working environments; employee, customer, and stakeholder expectations; and the advancements in modern technologies have raised the importance of adopting and transitioning to digital processes and tools to stay relevant and responsive to changing business and technology conditions.

    Applications teams are critical to ensuring the successful delivery and operation of these digital processes and tools. However, they are often under-resourced and challenged to meet their DX goals.

    • 7% of both business and IT respondents think IT has the resources needed to keep up with digital transformation initiatives and meet deadlines (Cyara, 2021).
    • 43% of respondents said that the core barrier to digital transformation is a lack of skilled resources (Creatio, 2021).
    A circle graph is shown with 91% of the circle coloured in dark blue, with the number 91% in the centre.

    of organizations stated that at least 1% of processes were shifted from being manually completed to digitally completed in the last year. 29% of organizations stated at least 21% were shifted.

    Source: Tech Trends and Priorities 2023; N=500.

    A circle graph is shown with 98% of the circle coloured in dark blue, with the number 98% in the centre.

    of organizations recognized digital transformation is important for competitive advantage. 94% stated it is important to enhance customer experience, and 91% stated it will have a positive impact on revenue.

    Source: Cyara, 2021.

    Drivers

    Brand and reputation

    Customers are swayed by the innovations and advancements in digital technologies and expect your applications team to deliver and support them. Your leaders recognize the importance of these expectations and are integrating them into their business strategy and brand (how the organization presents itself to its customers, employees and the public). They hope that their actions will improve and shape the company's reputation (public perception of the company) as effective, customer-focused, and forward-thinking.

    Worker productivity

    As you evolve and adopt more complex tools and technology, your stakeholders will expect more from business units and IT teams. Unfortunately, teams employing manual processes and legacy systems will struggle to meet these expectations. Digital products and services promote the simplification of complex operations and applications and help the business and your teams better align operational practices with strategic goals and deliver valuable DX.

    Organization modernization

    Legacy processes, systems, and ways of working are no longer suitable for meeting the strategic digital objectives and DX needs stakeholders expect. They drive up operational costs without increased benefits, impede business growth and innovation, and consume scarce budgets that could be used for other priorities. Shifting to digital tools and technologies will bring these challenges to light and demonstrate how modernization is an integral part of DX success.

    Benefits & Risks

    Benefits

    • Flexibility & Satisfaction
    • Adoption
    • Reliability

    Employees and customers can choose how they want to access, modify, and consume digital products and services. They can be tailored to meet the specific functional needs, behaviors, and habits of the end user.

    The customer, end user, brand, and employee drive selection, design, and delivery of digital products and services. Even the most advanced technologies will fail if key roles do not see the value in their use.

    Digital products and services are delivered with technical quality built into them, ensuring they meet the industry, regulatory, and company standards throughout their lifespan and in various conditions.

    Risks

    • Legacy & Lore
    • Bureaucracy & Politics
    • Process Inefficiencies
    • No Quality Standards

    Some stakeholders may not be willing to change due to their familiarity and comfort of business practices.

    Competing and conflicting priorities of strategic products and services undermine digital transformation and broader modernization efforts.

    Business processes are often burdened by wasteful activities. Digital products and services are only as valuable as the processes they support.

    The performance and support of your digital products and services are hampered due to unmanageable technical debt because of a deliberate decision to bypass or omit quality good practices.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enhance the employee experience.

    Design the digital processes, tools, and technologies to meet the individual needs of the employee.

    Maximizing the Return on Technology

    Modernize or extend the use of existing investments.

    Drive higher adoption of applications and higher user value and productivity by implementing digital capabilities to the applications that will gain the most.

    Confidently Shifting to Digital

    Prioritize DX in your shift to digital. Include DX as part of your definition of success.

    Your products and services are not valuable if users, customers, and employees do not use them.

    Addressing Competing Priorities

    Ground your digital vision, goals, and objectives

    Establish clear ownership of DX and digital products and services with a cross-functional prioritization framework.

    Fostering a Collaborative Culture

    Involve all perspectives in defining and delivering DX.

    Maintain a committee of owners, stakeholders, and delivery teams to ensure consensus and discuss how to address cross-functional opportunities and risks.

    Creating High-Throughput Teams

    Establish delivery principles centered on DX.

    Enforce guiding principles to streamline and simplify DX delivery, such as plug-and-play architecture and quality standards.

    Recommendations

    Build a digital business strategy

    A digital business strategy clearly articulates the goals and ambitions of the business to adopt digital practices, tools, and technologies. This document:

    • Looks for ways to transform the business by identifying what technologies to embrace, what processes to automate, and what new business models to create.
    • Unifies digital possibilities with your customer experiences.
    • Establishes accountability with the executive leadership.
    • States the importance of cross-functional participation from senior management across the organization.

    Related Research:

    Learn, understand, and empathize with your users, employees, and customers

    • To create a better product, solution, or service, understanding those who use it, their needs, and their context is critical.
    • A great experience design practice can help you balance those goals so that they are in harmony with those of your users.
    • IT leaders must find ways to understand the needs of the business and develop empathy on a much deeper level. This empathy is the foundation for a thriving business partnership.

    Related Research:

    Recommendations

    Center product and service delivery decisions and activities on DX and quality

    User, customer, employee, and brand are integral perspectives on the software development lifecycle (SDLC) and the management and governance practices supporting digital products and services. It ensures quality standards and controls are consistently upheld while maintaining alignment with various needs and priorities. The goal is to come to a consensus on a universal definition and approach to embed quality and DX-thinking throughout the delivery process.

    Related Research:

    Instill collaborative delivery practices

    Today's rapidly scaling and increasingly complex digital products and services create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality. This pressure is further compounded by the competing priorities of individual stakeholders and the nuances among different personas of digital products and services.

    A collaborative delivery practice sets the activities, channels, and relationships needed to deliver a valuable and quality product or service with cross-functional awareness, accountability, and agreement.

    Related Research:

    Recommendations

    Continuously monitor and modernize your digital products and services

    Today's modern digital products and services are tomorrow's shelfware. They gradually lose their value, and the supporting technologies will become obsolete. Modernization is a continuous need.

    Data-driven insights help decision makers decide which products and services to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Enhancements focusing on critical business capabilities strengthen the case for investment and build trust with all stakeholders.

    Related Research:

    CASE STUDY
    Mastercard in Asia

    Focus on the customer journey

    Chief Marketing Officer M.V. Rajamannar (Raja) wanted to change Mastercard's iconic "Priceless" ad campaign (with the slogan "There are some things money can't buy. For everything else there's Mastercard."). The main reasons were that the campaign relied on one-way communication and targeted end customers, even though Mastercard doesn't issue cards directly to customers; partner banks do. To drive the change in campaign, Raja and his team created a digital engine that leveraged digital and social media. Digital engine is a seven-step process based on insights gleaned from data and real-time optimization.

    1. Emotional spark: Using data to understand customers' passion points, Mastercard builds videos and creatives to ignite an emotional spark and give customers a reason to engage. For example, weeks before New Year's Eve, Mastercard produced a video with Hugh Jackman to encourage customers to submit a story about someone who deeply mattered to them. The authors of the winning story would be flown to reunite with those both distant and dear.
    2. Engagement: Mastercard targets the right audience with a spark video through social media to encourage customers to share their stories.
    3. Offers: To help its partner banks and merchants in driving their business, the company identifies the best offers to match consumers' interests. In the above campaign, Mastercard's Asia-Pacific team found that Singapore was a favorite destination for Indian customers, so they partnered with Singapore's Resorts World Sentosa with an attractive offer.
    4. Real-time optimization: Mastercard optimizes, in real time, a portfolio of several offers through A/B testing and other analysis.
    5. Amplification: Real-time testing provides confidence to Mastercard about the potential success of these offers and encourages its bank and merchant partners to co-market and co-fund these campaigns.
    6. Network effects: A few weeks after consumers submitted their stories about distant loved ones, Mastercard selected winners, produced videos of them surprising their friends and families, and used these videos in social media to encourage sharing.
    7. Incremental transactions: These programs translate into incremental business for banks who issue cards, for merchants where customers spend money, and for Mastercard, which gets a portion of every transaction.

    Source: Harvard Business Review Press

    CASE STUDY
    Mastercard in Asia (cont'd)

    Focus on the customer journey

    1. Emotional Spark
      Drives genuine personal stories
    2. Engagement
      Through Facebook
      and social media
    3. Offers
      From merchants
      and Mastercard assets
    4. Optimization
      Real-time testing of offers and themes
    5. Amplification
      Paid and organic programmatic buying
    6. Network Effects
      Sharing and
      mass engagement
    7. Incremental Transactions
      Win-win for all parties

    CASE STUDY
    Mastercard in Asia (cont'd)

    The Mastercard case highlights important lessons on how to engage customers:

    • Have a broad message. Brands need to connect with consumers over how they live and spend their time. Organizations need to go beyond the brand or product message to become more relevant to consumers' lives. Dove soap was very successful in creating a conversation among consumers with its "Real Beauty" campaign, which focused not on the brand or even the product category, but on how women and society view beauty.
    • Shift from storytelling to story making. To break through the clutter of advertising, companies need to move from storytelling to story making. A broader message that is emotionally engaging allows for a two-way conversation.
    • Be consistent with the brand value. The brand needs to stand for something, and the content should be relevant to and consistent with the image of the brand. Pepsi announced an award of $20 million in grants to individuals, businesses, and nonprofits that promote a new idea to make a positive impact on community. A large number of submissions were about social causes that had nothing to do with Pepsi, and some, like reducing obesity, were in conflict with Pepsi's product.
    • Create engagement that drives business. Too much entertainment in ads may engage customers but detract from both communicating the brand message and increasing sales. Simply measuring the number of video views provides only a partial picture of a program's success.

    Intelligent Automation

    PRIORITY 2

    • Extend Automation Practices with AI and ML

    AI and ML are rapidly growing. Organizations see the value of machines intelligently executing high-performance and dynamic tasks such as driving cars and detecting fraud. Senior leaders see AI and ML as opportunities to extend their business process automation investments.

    Introduction

    Intelligent automation is the next step in your business process automation journey

    What is intelligent automation (IA)?

    Intelligent automation (IA) is the combination of traditional automation technologies, such as business process management (BPM) and robotic process automation (RPA), with AI and ML. The goal is to further streamline and scale decision making across various business processes by:

    • Removing human interactions.
    • Addressing decisions that involve complex variables.
    • Automatically adapting processes to changing conditions.
    • Bridging disparate automation technologies into an integrated end-to-end value delivery pipeline.

    "For IA to succeed, employees must be involved in the transformation journey so they can experience firsthand the benefits of a new way of working and creating business value," (Cognizant).

    What is the difference between IA and hyperautomation?

    "Hyperautomation is the act of automating everything in an organization that can be automated. The intent is to streamline processes across an organization using intelligent automation, which includes AI, RPA and other technologies, to run without human intervention. … Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible" (IBM, 2021).

    Note that hyperautomation often enables IA, but teams solely adopting IA do not need to abide to its automation-first principles.

    IA is a combination of various tools and technologies

    What tools and technologies are involved in IA?

    • Artificial intelligence (AI) & Machine Learning (ML) – AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. AI is making its own decisions without human intervention. Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned. AI is a combination of technologies and can include machine learning.
    • Intelligent Business Process Management System (iBPMS) – Combination of BPM tools with AI and other intelligence capabilities.
    • Robotic Process Automation (RPA) – Robots leveraging an application's UI rather than programmatic access. Automate rules-based, repetitive tasks performed by human workers with AI/ML.
    • Process Mining & Discovery – Process mining involves reading system event logs and application transactions and applying algorithmic analysis to automatically identify and map inferred business processes. Process discovery involves unintrusive virtual agents that sit on a user's desktop and record and monitor how they interact with applications to perform tasks and processes. Algorithms are then used to map and analyze the processes.
    • Intelligent Document Processing – The conversion of physical or unstructured documents into a structured, digital format that can be used in automation solutions. Optical character recognition (OCR) and natural language processing (NPL) are common tools used to enable this capability.
    • Advanced Analytics – The gathering, synthesis, transformation, and delivery of insightful and consumable information that supports data-driven decision making. Data is queried from various disparate sources and can take on a variety of structured and unstructured formats.

    The cycle of IA technologies

    Signals

    Process automation is an executive priority and requires organizational buy-in

    Stakeholders recognize the importance of business process automation and AI and are looking for ways to deliver more value using these technologies.

    • 90% of executives stated automating business workflows post-COVID-19 will ensure business continuity (Kofax, 2022).
    • 88% of executives stated they need to fast-track their end-to-end digital transformation (Kofax, 2022).

    However, the advertised benefits to vendors of enabling these desired automations may not be easily achievable because of:

    • Manual and undocumented business processes.
    • Fragmented and inaccessible systems.
    • Poor data quality, insights, and security.
    • The lack of process governance and management practice.
    A circle graph is shown with 49% of the circle coloured in dark blue, with the number 49% in the centre.

    of CXOs stated staff sufficiency, skill and engagement issues as a minor IT pain point compared to 51% of CIOs stated this issue as a major pain point.

    Source: CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568.

    A circle graph is shown with 36% of the circle coloured in dark blue, with the number 36% in the centre.

    of organizations have already invested in AI or machine learning.

    Source: Tech Trends and Priorities 2023; N=662

    Drivers

    Quality & throughput

    Products and services delivered through an undefined and manual process risk the creation of preventable and catchable defects, security flaws and holes, missing information, and other quality issues. IA solutions consistently reinforce quality standards the same way across all products and services while tailoring outputs to meet an individual's specific needs. Success is dependent on the accurate interpretation and application of quality standards and the user's expectations.

    Worker productivity

    IA removes the tedious, routine, and mundane tasks that distract and restrict employees from doing more valuable, impactful, and cognitively focused activities. Practical insights can also be generated through IA tools that help employees make data-driven decisions, evaluate problems from different angles, and improve the usability and value of the products and services they produce.

    Good process management practices

    Automation magnifies existing inefficiencies of a business process management practice, such as unclear and outdated process documentation and incorrect assumptions. IA reinforces the importance of good business process optimization practices, such as removing waste and inefficiencies in a thoughtful way, choosing the most appropriate automation solution, and configuring the process in the right way to maximize the solution's value.

    Benefits & Risks

    Benefits

    • Documentation
    • Hands-Off
    • Reusability

    All business processes must be mapped and documented to be automated, including business rules, data entities, applications, and control points.

    IA can be configured and orchestrated to automatically execute when certain business, process, or technology conditions are met in an unattended or attended manner.

    IA is applicable in use cases beyond traditional business processes, such as automated testing, quality control, audit, website scraping, integration platform, customer service, and data transfer.

    Risks

    • Data Quality & Bias
    • Ethics
    • Recovery & Security
    • Management

    The accuracy and relevance of the decisions IA makes are dependent on the overall quality of the data
    used to train it.

    Some decisions can have significant reputational, moral, and ethical impacts if made incorrectly.
    The question is whether it is appropriate for a non-human to make that decision.

    IA is composed of technologies that can be compromised or fail. Without the proper monitoring, controls,
    and recovery protocols, impacted IA will generate significant business and IT costs and can potentially harm customers, employees, and the organization.

    Low- and no-code capabilities ease and streamline IA development, which makes it susceptible to becoming unmanageable. Discipline is needed to ensure IA owners are aware of the size and health of the IA portfolio.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Be transparent and support role changes.

    Plan to address the human sentiment with automation (e.g. job security) and the transition of the role to other activities.

    Maximizing the Return on Technology

    Automate applications across multiple business functions.

    Recognize the value opportunities of improving and automating the integration of cross-functional processes.

    Confidently Shifting to Digital

    Maximize the learning of automation fit.

    Select the right capabilities to demonstrate the value of IA while using lessons learned to establish the appropriate support.

    Addressing Competing Priorities

    Recognize automation opportunities with capability maps.

    Use a capability diagram to align strategic IA objectives with tactical and technical IA initiatives.

    Fostering a Collaborative Culture

    Involve the user in the delivery process.

    Maximize automation adoption by ensuring the user finds value in its use before deployment.

    Creating High-Throughput Teams

    Remove manual, error-prone, and mundane tasks.

    Look for ways to improve team throughput by removing wasteful activities, enforcing quality, and automating away tasks driving down productivity.

    Recommendations

    Build your business process automation playbook and practice

    Formalize your business process automation practice with a good toolkit and a repeatable set of tactics and techniques.

    • Clarify the problem being solved with IA.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases.

    Related Research:

    Explore the various IA tooling options

    Each IA tool will address a different problem. Which tool to choose is dependent on a variety of factors, such as functional suitability, technology suitability, delivery and support capabilities, alignment to strategic business goals, and the value it is designed to deliver.

    Related Research:

    Recommendations

    Introduce AI and ML thoughtfully and with a plan

    Despite the many promises of AI, organizations are struggling to fully realize its potential. The reasons boil down to a lack of understanding of when these technologies should and shouldn't be used, as well as a fear of the unknown. The plan to adopt AI should include:

    • Understanding of what AI really means in practice.
    • Identifying specific applications of AI in the business.
    • Understanding the type of AI applicable for the situation.

    Related Research:

    Mitigate AI and ML bias

    Biases can be introduced into an IA system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used and what assumptions were made. In most cases, AI and ML bias is a is a social, political, and business problem.

    While bias may not be intentional nor completely prevented or eliminated, early detection, good design, and other proactive preventative steps can be taken to minimize its scope and impact.

    Related Research:

    CASE STUDY
    University Hospitals

    Challenge

    University Hospitals Cleveland (UH) faces the same challenge that every major hospital confronts regarding how to deliver increasingly complex, high-quality healthcare to a diverse population efficiently and economically. In 2017, UH embarked on a value improvement program aiming to improve quality while saving $400 million over a five-year period.

    In emergency department (ED) and inpatient units, leaders found anticipating demand difficult, and consequently units were often over-staffed when demand was low and under-staffed when demand was high. Hospital leaders were uncertain about how to reallocate resources based on capacity needs.

    Solution

    UH turned to Hospital IQ's Census Solution to proactively manage capacity, staff, and flow in the ED and inpatient areas.

    By applying AI, ML, and external data (e.g. weather forecasts) to the hospital's own data (including EMR data and hospital policies), the solution helped UH make two-day census forecasts that managers used to determine whether to open or close in-patient beds and, when necessary, divert low-acuity patients to other hospitals in the system to handle predicted patient volume.

    Source: University Hospitals

    Results

    ED boarding hours have declined by 10% and the hospital has seen a 50% reduction in the number of patients who leave the hospital without
    being seen.

    UH also predicts in advance patients ready for discharge and identifies roadblocks, reducing the average length of stay by 15%. UH is able to better manage staff, reducing overtime and cutting overall labor costs.

    The hospital has also increased staff satisfaction and improved patient safety by closing specific units on weekends and increasing the number of rooms that can be sterilized.

    Proactive Application Management

    PRIORITY 3

    • Strengthen Applications to Prevent and Minimize the Impact of Future Issues

    Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on application management when it becomes a problem. The lack of governance and practice accountability leaves this practice in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated. As a result, application management is often reactive and brushed aside for new development.

    Introduction

    What is application management?

    Application management ensures valuable software is successfully delivered and is maintained for continuous and sustainable business operations. It contains a repeatable set of activities needed to rationalize and roadmap products and services while balancing priorities of new features and maintenance tasks.

    Unfortunately, application management is commonly perceived as a practice that solely addresses issues, updates, and incidents. However, application management teams are also tasked with new value delivery that was not part of the original release.

    Why is an effective application maintenance (reactive) practice not good enough?

    Application maintenance is the "process of modifying a software system or its components after delivery to correct faults, improve performance or other attributes, or adapt to a changed environment or business process," (IEEE, 1998). While it is critical to quickly fix defects and issues when they occur, reactively addressing them is more expensive than discovering them early and employing the practices to prevent them.

    Even if an application is working well, its framework, architecture, and technology may not be compatible with the possible upcoming changes stakeholders and vendors may want to undertake. Applications may not be problems now, but they soon can be.

    What motivates proactive application changes?

    This image shows the motivations for proactive application changes, sorted by external and internal sources.

    Proactive application management must be disciplined and applied strategically

    Proactive application management practices are critical to maintaining business continuity. They require continuous review and modification so that applications are resilient and can address current and future scenarios. Depending on the value of the application, its criticality to business operations, and its susceptibility to technology change, a more proactive management approach may be warranted. Stakeholders can then better manage resources and budget according to the needs of specific products.

    Reactive Management

    Run-to-Failure

    Fix and enhance the product when it breaks. In most cases, a plan is in place ahead of a failure, so that the problem can be addressed without significant disruption and costs.

    Preventive

    Regularly inspect and optimize the product to reduce the likelihood that it will fail in the future. Schedule inspections based on a specific timeframe or usage threshold.

    Predictive

    Predict failures before they happen using performance and usage data to alert teams when products are at risk of failure according to specified conditions.

    Reliability and Risk Based

    Analyze all possible failure scenarios for each component of the product and create tailored delivery plans to improve the stability, reliability, and value of each product.

    Proactive Management

    Signals

    Applications begin to degrade as soon as they are used

    Today's applications are tomorrow's shelfware. They gradually lose their value, stability, robustness, and compatibility with other enterprise technologies. The longer these applications are left unattended or simply "keeping the lights on," the more risks they will bring to the application portfolio, such as:

    • Discovery and exploitation of security flaws and gaps.
    • Increasing the lock-in to specific vendor technologies.
    • Inconsistent application performance across various workloads.

    These impacts are further compounded by the continuous work done on a system burdened with technical debt. Technical debt describes the result of avoided costs that, over time, cause ongoing business impacts. Left unaddressed, technical debt can become an existential threat that risks your organization's ability to effectively compete and serve its customers. Unfortunately, most organizations have a significant, growing, unmanageable technical debt portfolio.

    A circle graph is shown with 60% of the circle coloured in dark green, with the number 60% in the centre.

    of respondents stated they saw an increase in perceived change in technical debt during the past three years. A quarter of respondents indicated that it stayed the same.

    Source: McKinsey Digital, 2020.

    US
    $4.35
    Million

    is the average cost of a data breach in 2022. This figure represents a 2.6% increase from last year. The average cost has climbed 12.7% since 2020.

    Source: IBM, 2022; N=537.

    Drivers

    Technical debt

    Historical decisions to meet business demands by deferring key quality, architectural, or other software delivery activities often lead to inefficient and incomplete code, fragile legacy systems, broken processes, data quality problems, and the other contributors to technical debt. The impacts for this challenge is further heightened if organizations are not actively refactoring and updating their applications behind the scenes. Proactive application management is intended to raise awareness of application fragility and prioritize comprehensive refactoring activities alongside new feature development.

    Long-term application value

    Applications are designed, developed, and tested against a specific set of parameters which may become less relevant over time as the business matures, technology changes, and user behaviors and interactions shift. Continuous monitoring of the application system, regular stakeholder and user feedback, and active technology trend research and vendor engagement will reveal tasks to prepare an application for future value opportunities or stability and resilience concerns.

    Security and resiliency

    Innovative approaches to infiltrating and compromising applications are becoming prevailing stakeholder concerns. The loopholes and gaps in existing application security protocols, control points, and end-user training are exploited to gain the trust of unsuspecting users and systems. Proactive application management enforces continuous security reviews to determine whether applications are at risk. The goal is to prevent an incident from happening by hardening or complementing measures already in place.

    Benefits & Risks

    Benefits

    • Consistent Performance
    • Robustness
    • Operating Costs

    Users expect the same level of performance and experience from their applications in all scenarios. A proactive approach ensures the configurations meet the current needs of users and dependent technologies.

    Proactively managed applications are resilient to the latest security concerns and upcoming trends.

    Continuous improvements to the underlying architecture, codebase, and interfaces can minimize the cost to maintain and operate the application, such as the transition to a loosely coupled architecture and the standardization of REST APIs.

    Risks

    • Stakeholder Buy-In
    • Delayed Feature Releases
    • Team Capacity
    • Discipline

    Stakeholders may not see the association between the application's value and its technical quality.

    Updates and enhancements are system changes much like any application function. Depending
    on the priority of these changes, new functions may be pushed off to a future release cycle.

    Applications teams require dedicated capacity to proactively manage applications, but they are often occupied meeting other stakeholder demands.

    Overinvesting in certain application management activities (such as refactoring, re-architecture, and redesign) can create more challenges. Knowing how much to do is important.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Shift focus from maintenance to innovation.

    Work on the most pressing and critical requests first, with a prioritization framework reflecting cross-functional priorities.

    Maximizing the Return on Technology

    Improve the reliability of mission-critical applications.

    Regularly verify and validate applications are up to date with the latest patches and fixes and comply with industry good practices and regulations.

    Confidently Shifting to Digital

    Prepare applications to support digital tools and technologies.

    Focus enhancements on the key components required to support the integration, performance, and security needs of digital.

    Addressing Competing Priorities

    Rationalize the health of the applications.

    Use data-driven, compelling insights to justify the direction and prioritization of applications initiatives.

    Fostering a Collaborative Culture

    Include the technical perspective in the viability of future applications plans.

    Demonstrate how poorly maintained applications impede the team's ability to deliver confidently and quickly.

    Creating High-Throughput Teams

    Simplify applications to ease delivery and maintenance.

    Refactor away application complexities and align the application portfolio to a common quality standard to reduce the effort to deliver and test changes.

    Recommendations

    Reinforce your application maintenance practice

    Maintenance is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on maintenance when it becomes a problem.

    • Justify the necessity of streamlined maintenance.
    • Strengthen triaging and prioritization practices.
    • Establish and govern a repeatable process.

    Ensure product issues, incidents, defects, and change requests are promptly handled to minimize business and IT risks.

    Related Research:

    Build an application management practice

    Apply the appropriate management approaches to maintain business continuity and balance priorities and commitments among maintenance and new development requests.

    This practice serves as the foundation for creating exceptional customer experience by emphasizing cross-functional accountability for business value and product and service quality.

    Related Research:

    Recommendations

    Manage your technical debt

    Technical debt is a type of technical risk, which in turn is business risk. It's up to the business to decide whether to accept technical debt or mitigate it. Create a compelling argument to stakeholders as to why technical debt should be a business priority rather than just an IT one.

    • Define and identify your technical debt.
    • Conduct a business impact analysis.
    • Identify opportunities to better manage technical debt.

    Related Research:

    Gauge your application's health

    Application portfolio management is nearly impossible to perform without an honest and thorough understanding of your portfolio's alignment to business capabilities, business value, total cost of ownership, end-user reception and satisfaction, and technical health.

    Develop data-driven insights to help you decide which applications to retire, upgrade, retrain on, or maintain to meet the demands of the business.

    Related Research:

    Recommendations

    Adopt site reliability engineering (SRE) and DevOps practices

    Site reliability engineering (SRE) is an operational model for running online services more reliably by a team of dedicated reliability-focused engineers.

    DevOps, an operational philosophy promoting development and operations collaboration, can bring the critical insights to make application management practices through SRE more valuable.

    Related Research:

    CASE STUDY
    Government Agency

    Goal

    A government agency needed to implement a disciplined, sustainable application delivery, planning, and management process so their product delivery team could deliver features and changes faster with higher quality. The goal was to ensure change requests, fixes, and new features would relieve requester frustrations, reduce regression issues, and allow work to be done on agreeable and achievable priorities organization-wide. The new model needed to increase practice efficiency and visibility in order to better manage technical debt and focus on value-added solutions.

    Solution

    This organization recognized a number of key challenges that were inhibiting its team's ability to meet its goals:

    • The product backlog had become too long and unmanageable.
    • Delivery resources were not properly allocated to meet the skills and capabilities needed to successfully meet commitments.
    • Quality wasn't defined or enforced, which generated mounting technical debt.
    • There was a lack of clear metrics and defined roles and responsibilities.
    • The business had unrealistic and unachievable expectations.

    Source: Info-Tech Workshop

    Key practices implemented

    • Schedule quarterly business satisfaction surveys.
    • Structure and facilitate regular change advisory board meetings.
    • Define and enforce product quality standards.
    • Standardize a streamlined process with defined roles.
    • Configure management tools to better handle requests.

    Multisource Systems

    PRIORITY 4

    • Manage an Ecosystem Composed of In-House and Outsourced Systems

    Various market and company factors are motivating a review on resource and system sourcing strategies. The right sourcing model provides key skills, resources, and capabilities to meet innovation, time to market, financial, and quality goals of the business. However, organizations struggle with how best to support sourcing partners and to allocate the right number of resources to maximize success.

    Introduction

    A multisource system is an ecosystem of integrated internally and externally developed applications, data, and infrastructure. These technologies can be custom developed, heavily configured vendor solutions, or they may be commercial off-the-shelf (COTS) solutions. These systems can also be developed, supported, and managed by internal staff, in partnership with outsourced contractors, or be completely outsourced. Multisource systems should be configured and orchestrated in a way that maximizes the delivery of specific value drivers for the targeted audience.

    Successfully selecting a sourcing approach is not a simple RFP exercise to choose the lowest cost

    Defining and executing a sourcing approach can be a significant investment and risk because of the close interactions third-party services and partners will have with internal staff, enterprise applications and business capabilities. A careful selection and design is necessary.

    The selection of a sourcing partner is not simple. It involves the detailed inspection and examination of different candidates and matching their fit to the broader vision of the multisource system. In cases where control is critical, technology stack and resource sourcing consolidation to a few vendors and partners is preferred. In other cases, where worker productivity and system flexibility are highly prioritized, a plug-and-play best-of-breed approach is preferred.

    Typical factors involved in sourcing decisions.

    Sourcing needs to be driven by your department and system strategies

    How does the department want to be perceived?

    The image that your applications department and teams want to reflect is frequently dependent on the applications they deliver and support, the resources they are composed of, and the capabilities they provide.

    Therefore, choosing the right sourcing approach should be driven by understanding who the teams are and want to be (e.g. internal builder, an integrator, a plug-in player), what they can or want to do (e.g. custom-develop or implement), and what they can deliver or support (e.g. cloud or on-premises) must be established.

    What value is the system delivering?

    Well-integrated systems are the lifeblood of your organization. They provide the capabilities needed to deliver value to customers, employees, and stakeholders. However, underlying system components may not be sourced under a unified strategy, which can lead to duplicate vendor services and high operational costs.

    The right sourcing approach ensures your partners address key capabilities in your system's delivery and support, and that they are positioned to maximize the value of critical and high-impact components.

    Signals

    Business demand may outpace what vendors can support or offer

    Outsourcing and shifting to a buy-over-build applications strategy are common quick fixes to dealing with capacity and skills gaps. However, these quick fixes often become long-term implementations that are not accounted for in the sourcing selection process. Current application and resource sourcing strategies must be reviewed to ensure that vendor arrangements meet the current and upcoming demands and challenges of the business, customers, and enterprise technologies, such as:

    • Pressure from stakeholders to lower operating costs while maintaining or increasing quality and throughput.
    • Technology lock-in that addresses short-term needs but inhibits long-term growth and maturity.
    • Team capacity and talent acquisition not meeting the needs of the business.
    A circle graph is shown with 42% of the circle coloured in dark brown, with the number 42% in the centre.

    of respondents stated they outsourced software development fully or partly in the last 12 months (2021).

    Source: Coding Sans, 2021.

    A circle graph is shown with 65% of the circle coloured in dark brown, with the number 65% in the centre.

    of respondents stated they were at least somewhat satisfied with the result of outsourcing software development.

    Source: Coding Sans, 2021.

    Drivers

    Business-managed applications

    Employees are implementing and building applications without consulting, notifying, or heeding the advice of IT. IT is often ill-equipped and under-resourced to fight against shadow IT. Instead, organizations are shifting the mindset of "fight shadow IT" to "embrace business-managed applications," using good practices in managing multisource systems. A multisource approach strikes the right balance between user empowerment and centralized control with the solutions and architecture that can best enable it.

    Unique problems to solve

    Point solutions offer features to address unique use cases in uncommon technology environments. However, point solutions are often deployed in siloes with limited integration or overlap with other solutions. The right sourcing strategy accommodates the fragmented nature of point solutions into a broader enterprise system strategy, whether that be:

    • Multisource best of breed – integrate various technologies that provide subsets of the features needed for supporting business functions.
    • Multisource custom – integrate systems built in-house with technologies developed by external organizations.
    • Vendor add-ons and integrations – enhance an existing vendor's offering by using their system add-ons as upgrades, new add-ons, or integrations.

    Vendor services

    Some vendor services in a multisource environment may be redundant, conflicting, or incompatible. Given that multisource systems are regularly changing, it is difficult to identify what services are affected, what would be needed to fill the gap of the removed solution, or which redundant services should be removed.

    A multisource approach motivates the continuous rationalization of your vendor services and partners to determine the right mixture of in-house and outsourced resources, capabilities, and technologies.

    Benefits & Risks

    Benefits

    • Business-Focused Solution
    • Flexibility
    • Cost Optimization

    Multisource systems can be designed to support an employee's ability to select the tools they want and need.

    The environment is architected in a loosely coupled approach to allow applications to be easily added, removed, and modified with minimized impact to other integrated applications.

    Rather than investing in large solutions upfront, applications are adopted when they are needed and are removed when little value is gained. Disciplined application portfolio management is necessary to see the full value of this benefit.

    Risks

    • Manageable Sprawl
    • Policy Adherence
    • Integration & Compatibility

    The increased number and diversity of applications in multisource system environments can overwhelm system managers who do not have an effective application portfolio management practice.

    Fragmented application implementations risk inconsistent adherence to security and other quality policies, especially in situations where IT is not involved.

    Application integration can quickly become tangled, untraceable, and unmanageable because of varying team and vendor preferences for specific integration technologies and techniques.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent

    Enable business-managed applications.

    Create the integrations to enable the easy connection of desired tools to enterprise systems with the appropriate guardrails.

    Maximizing the Return on Technology

    Enhance the functionality of existing applications.

    Complement current application capability gaps with data, features, and services from third-party applications.

    Confidently Shifting to Digital

    Use best-of-breed tools to meet specific digital needs.

    Select the best tools to meet the unique and special functional needs of the digital vision.

    Addressing Competing Priorities

    Agree on a common philosophy on system composition.

    Establish an owner of the multisource system to guide how the system should mature as the organization grows.

    Fostering a Collaborative Culture

    Discuss how applications can work together better in an ecosystem.

    Build committees to discuss how applications can better support each other and drive more value.

    Creating High-Throughput Teams

    Alleviate delivery bottlenecks and issues.

    Leverage third-party sources to fill skills and capacity gaps until a long-term solution can be implemented.

    Recommendations

    Define the goals of your applications department and product vision

    Understanding the applications team's purpose and image is critical in determining how the system they are managing and the skills and capacities they need should be sourced.

    Changing and conflicting definitions of value and goals make it challenging to convey an agreeable strategy of the multisource system. An achievable vision and practical tactics ensure all parties in the multisource system are moving in the same direction.

    Related Research:

    Develop a sourcing partner strategy

    Almost half of all sourcing initiatives do not realize projected savings, and the biggest reason is the choice of partner (Zhang et al., 2018). Making the wrong choice means inferior products, higher costs and the loss of both clients and reputation.

    Choosing the right sourcing partner involves understanding current skills and capacities, finding the right matching partner based on a desired profile, and managing a good working relationship that sees short-term gains and supports long-term goals.

    Related Research:

    Recommendations

    Strengthen enterprise integration practices

    Integration strategies that are focused solely on technology are likely to complicate rather than simplify because little consideration is given on how other systems and processes will be impacted. Enterprise integration needs to bring together business process, applications, and data – in that order.

    Kick-start the process of identifying opportunities for improvement by mapping how applications and data are coordinated to support business activities.

    Related Research:

    Manage your solution architecture and application portfolio

    Haphazardly implementing and integrating applications can generate significant security, performance, and data risks. A well-thought-through solution architecture is essential in laying the architecture quality principles and roadmap on how the multisource system can grow and evolve in a sustainable and maintainable way.

    Good application portfolio management complements the solution architecture as it indicates when low-value and unused applications should be removed to reduce system complexity.

    Related Research:

    Recommendations

    Embrace business-managed applications

    Multisource systems bring a unique opportunity to support the business and end users' desire to implement and develop their own applications. However, traditional models of managing applications may not accommodate the specific IT governance and management practices required to operate business-managed applications:

    • A collaborative and trusting business-IT relationship is key.
    • The role of IT must be reimagined.
    • Business must be accountable for its decisions.

    Related Research:

    CASE STUDY
    Cognizant

    Situation

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Cognizant seeks to carefully consider client culture to create a one-team environment.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs. the more traditional order-taker development partner.
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Today's clients don't typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Clients do want to know where the work is being delivered from, how it's being done.

    Source: interview with Jay MacIsaac, Cognizant.

    Approach

    • Best relationship comes where teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Want to build a one-team culture with shared goals and deliver business value.
    • Seek a partner that will add to their thinking not echo it.

    Results

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Digital Organization as a Platform

    PRIORITY 5

    • Create a Common Digital Interface to Access All Products and Services

    A digital platform enables organizations to leverage a flexible, reliable, and scalable foundation to create a valuable DX, ease delivery and management efforts, maximize existing investments, and motivate the broader shift to digital. This approach provides a standard to architect, integrate, configure, and modernize the applications that compose the platform.

    Introduction

    What is digital organization as a platform (DOaaP)?

    Digital organization as a platform (DOaaP) is a collection of integrated digital services, products, applications, and infrastructure that is used as a vehicle to meet and exceed an organization's digital strategies. It often serves as an accessible "place for exchanges of information, goods, or services to occur between producers and consumers as well as the community that interacts
    with said platform" (Watts, 2020).

    DOaaP involves a strategy that paves the way for organizations to be digital. It helps organizations use their assets (e.g. data, processes, products, services) in the most effective ways and become more open to cooperative delivery, usage, and management. This opens opportunities for innovation and cross-department collaborations.

    How is DOaaP described?

    1. Open and Collaborative
      • Open organization: open data, open APIs, transparency, and user participation.
      • Collaboration, co-creation, crowdsourcing, and innovation
    2. Accessible and Connected
      • Digital inclusion
      • Channel ubiquity
      • Integrity and interoperability
      • Digital marketplace
    3. Digital and Programmable
      • Digital identity
      • Policies and processes as code
      • Digital products and services
      • Enabling digital platforms

    Digital organizations follow a common set of principles and practices

    Customer-centricity

    Digital organizations are driven by customer focus, meeting and exceeding customer expectations. It must design its services with a "digital first" principle, providing access through every expected channel and including seamless integration and interoperability with various departments, partners, and third-party services. It also means creating trust in its ability to provide secure services and to keep privacy and ethics as core pillars.

    Leadership, management, and strategies

    Digital leadership brings customer focus to the enterprise and its structures and organizes efficient networks and ecosystems. Accomplishing this means getting rid of silos and a siloed mentality and aligning on a digital vision to design policies and services that are efficient, cost-effective, and provide maximum benefit to the user. Asset sharing, co-creation, and being open and transparent become cornerstones of a digital organization.

    Infrastructure

    Providing digital services across demographics and geographies requires infrastructure, and that in turn requires long-term vision, smart investments, and partnerships with various source partners to create the necessary foundational infrastructure upon which to build digital services.

    Digitization and automation

    Automation and digitization of processes and services, as well as creating digital-first products, lead to increased efficiency and reach of the organization across demographics and geographies. Moreover, by taking a digital-first approach, digital organizations future-proof their services and demonstrate their commitment to stakeholders.

    Enabling platforms

    DOaaP embraces open standards, designing and developing organizational platforms and ecosystems with a cloud-first mindset and sound API strategies. Developer experience must also take center stage, providing the necessary tools and embracing Agile and DevOps practices and culture become prerequisites. Cybersecurity and privacy are central to the digital platform; hence they must be part of the design and development principles and practices.

    Signals

    The business expects support for digital products and services

    Digital transformation continues to be a high-priority initiative for many organizations, and they see DOaaP as an effective way to enable and exploit digital capabilities. However, DOaaP unleashes new strategies, opportunities, and challenges that are elusive or unfamiliar to business leaders. Barriers in current business operating models may limit DOaaP success, such as:

    • Department and functional silos
    • Dispersed, fragmented and poor-quality data
    • Ill-equipped and under-skilled resources to support DOaaP adoption
    • System fragmentation and redundancies
    • Inconsistent integration tactics employed across systems
    • Disjointed user experience leading to low engagement and adoption

    DOaaP is not just about technology, and it is not the sole responsibility of either IT or business. It is the collective responsibility of the organization.

    A circle graph is shown with 47% of the circle coloured in dark blue, with the number 47% in the centre.

    of organizations plan to unlock new value through digital. 50% of organizations are planning major transformation over the next three years.

    Source: Nash Squared, 2022.

    A circle graph is shown with 70% of the circle coloured in dark blue, with the number 70% in the centre.

    of organizations are undertaking digital expansion projects focused on scaling their business with technology. This result is up from 57% in 2021.

    Source: F5 Inc, 2022.

    Drivers

    Unified brand and experience

    Users should have the same experience and perception of a brand no matter what product or service they use. However, fragmented implementation of digital technologies and inconsistent application of design standards makes it difficult to meet this expectation. DOaaP embraces a single design and DX standard for all digital products and services, which creates a consistent perception of your organization's brand and reputation irrespective of what products and services are being used and how they are accessed.

    Accessibility

    Rapid advancement of end-user devices and changes to end-user behaviors and expectations often outpace an organization's ability to meet these requirements. This can make certain organization products and services difficult to find, access and leverage. DOaaP creates an intuitive and searchable interface to all products and services and enables the strategic combination of technologies to collectively deliver more value.

    Justification for modernization

    Many opportunities are left off the table when legacy systems are abstracted away rather than modernized. However, legacy systems may not justify the investment in modernization because their individual value is outweighed by the cost. A DOaaP initiative motivates decision makers to look at the entire system (i.e. modern and legacy) to determine which components need to be brought up to a minimum digital state. The conversation has now changed. Legacy systems should be modernized to increase the collective benefit of the entire DOaaP.

    Benefits & Risks

    Benefits

    • Look & Feel
    • User Adoption
    • Shift to Digital

    A single, modern, customizable interface enables a common look and feel no matter what and how the platform is being accessed.

    Organizations can motivate and encourage the adoption and use of all products and services through the platform and increase the adoption of underused technologies.

    DOaaP motivates and supports the modernization of data, processes, and systems to meet the goals and objectives outlined in the broader digital transformation strategy.

    Risks

    • Data Quality
    • System Stability
    • Ability to Modernize
    • Business Model Change

    Each system may have a different definition of commonly used entities (e.g. customer), which can cause data quality issues when information is shared among these systems.

    DOaaP can stress the performance of underlying systems due to the limitations of some systems to handle increased traffic.

    Some systems cannot be modernized due to cost constraints, business continuity risks, vendor lock-in, legacy and lore, or other blocking factors.

    Limited appetite to make the necessary changes to business operations in order to maximize the value of DOaaP technologies.

    Address your pressure points to fully realize the benefits of this priority

    Success can be dependent on your ability to address your pressure points.

    Attracting and Retaining Talent Promote and showcase achievements and successes. Share the valuable and innovative work of your teams across the organization and with the public.
    Maximizing the Return on Technology Increase visibility of underused applications. Promote the adoption and use of all products and services through the platform and use the lessons learned to justify removal, updates or modernizations.
    Confidently Shifting to Digital Bring all applications up to a common digital standard. Define the baseline digital state all applications, data, and processes must be in to maximize the value of the platform.
    Addressing Competing Priorities Map to a holistic platform vision, goals and objectives. Work with relevant stakeholders, teams and end users to agree on a common directive considering all impacted perspectives.
    Fostering a Collaborative Culture Ensure the platform is configured to meet the individual needs of the users. Tailor the interface and capabilities of the platform to address users' functional and personal concerns.
    Creating High-Throughput Teams Abstract the enterprise system to expedite delivery. Use the platform to standardize application system access to simplify platform changes and quicken development and testing.

    Recommendations

    Define your platform vision

    Organizations realize that a digital model is the way to provide more effective services to their customers and end users in a cost-effective, innovative, and engaging fashion. DOaaP is a way to help support this transition.

    However, various platform stakeholders will have different interpretations of and preferences for what this platform is intended to solve, what benefits it is supposed to deliver, and what capabilities it will deliver. A grounded vision is imperative to steer the roadmap and initiatives.

    Related Research:

    Assess and modernize your applications

    Certain applications may not sufficiently support the compatibility, flexibility, and efficiency requirements of DOaaP. While workaround technologies and tactics can be employed to overcome these application challenges, the full value of the DOaaP may not be realized.

    Reviewing the current state of the application portfolio will indicate the functional and value limitations of what DOaaP can provide and an indication of the scope of investment needed to bring applications up to a minimum state.

    Related Research:

    Recommendations

    Understand and evaluate end-user needs

    Technology has reached a point where it's no longer difficult for teams to build functional and valuable digital platforms. Rather, the difficulty lies in creating an interface and platform that people want to use and use frequently.

    While it is important to increase the access and promotion of all products and services, orchestrating and configuring them in a way to deliver a satisfying experience is even more important. Applications teams must first learn about and empathize with the needs of end users.

    Related Research:

    Architect your platform

    Formalizing and constructing DOaaP just for the sake of doing so often results in an initiative that is lengthy and costly and ends up being considered a failure.

    The build and optimization of the platform must be predicated on a thorough understanding of the DOaaP's goals, objectives, and priorities and the business capabilities and process they are meant to support and enable. The appropriate architecture and delivery practices can then be defined and employed.

    Related Research:

    CASE STUDY
    e-Estonia

    Situation

    The digital strategy of Estonia resulted in e-Estonia, with the vision of "creating a society with more transparency, trust, and efficiency." Estonia has addressed the challenge by creating structures, organizations, and a culture of innovation, and then using the speed and efficiency of digital infrastructure, apps, and services. This strategy can reduce or eliminate bureaucracy through transparency and automation.

    Estonia embarked on its journey to making digital a priority in 1994-1996, focusing on a committed investment in infrastructure and digital literacy. With that infrastructure in place, they started providing digital services like an e-banking service (1996), e-tax and mobile parking (2002), and then went full steam ahead with a digital information interoperability platform in 2001, digital identity in 2002, e-health in 2008, and e-prescription in 2010. The government is now strategizing for AI.

    Results

    This image contains the results of the e-Estonia case study results

    Source: e-Estonia

    Practices employed

    The e-Estonia digital government model serves as a reference for governments across the world; this is acknowledged by the various awards it has received, like #2 in "internet freedom," awarded by Freedom House in 2019; #1 on the "digital health index," awarded by the Bertelsmann Foundation in 2019; and #1 on "start-up friendliness," awarded by Index Venture in 2018.

    References

    "15th State of Agile Report." Digital.ai, 2021. Web.
    "2022 HR Trends Report." McLean & Company, 2022.
    "2022: State of Application Strategy Report." F5 Inc, 2022.
    "Are Executives Wearing Rose-Colored Glasses Around Digital Transformation?" Cyara, 2021. Web.
    "Cost of a Data Breach Report 2022." IBM, 2022. Web.
    Dalal, Vishal, et al. "Tech Debt: Reclaiming Tech Equity." McKinsey Digital, Oct. 2020. Web.
    "Differentiating Between Intelligent Automation and Hyperautomation." IBM, 15 October 2021. Web.
    "Digital Leadership Report 2021." Harvey Nash Group, 2021.
    "Digital Leadership Report 2022: The State of Digital." Nash Squared, 2022. Web.
    Gupta, Sunil. "Driving Digital Strategy: A Guide to Reimagining Your Business." Harvard Business Review Press, 2018. Web.
    Haff, Gordon. "State of Application Modernization Report 2022." Konveyor, 2022. Web.
    "IEEE Standard for Software Maintenance: IEEE Std 1219-1998." IEEE Standard for Software Maintenance, 1998. Accessed Dec. 2015.
    "Intelligent Automation." Cognizant, n.d. Web.
    "Kofax 2022: Intelligent Automation Benchmark Study". Kofax, 2021. Web.
    McCann, Leah. "Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?" rAVe, 2 July 2020, Web.
    "Proactive Staffing and Patient Prioritization to Decompress ED and Reduce Length of Stay." University Hospitals, 2018. Web.
    "Secrets of Successful Modernization." looksoftware, 2013. Web.
    "State of Software Development." Coding Sans, 2021. Web.
    "The State of Low-Code/No-Code." Creatio, 2021. Web.
    "We Have Built a Digital Society and We Can Show You How." e-Estonia. n.d. Web.
    Zanna. "The 5 Types of Experience Series (1): Brand Experience Is Your Compass." Accelerate in Experience, 9 February 2020. Web.
    Zhang, Y. et al. "Effects of Risks on the Performance of Business Process Outsourcing Projects: The Moderating Roles of Knowledge Management Capabilities." International Journal of Project Management, 2018, vol. 36 no. 4, 627-639.

    Research Contributors and Experts

    This is a picture of Chris Harrington

    Chris Harrington
    Chief Technology Officer
    Carolinas Telco Federal Credit Union

    Chris Harrington is Chief Technology Officer (CTO) of Carolinas Telco Federal Credit Union. Harrington is a proven leader with over 20 years of experience developing and leading information technology and cybersecurity strategies and teams in the financial industry space.

    This is a picture of Benjamin Palacio

    Benjamin Palacio
    Senior Information Technology Analyst County of Placer

    Benjamin Palacio has been working in the application development space since 2007 with a strong focus on system integrations. He has seamlessly integrated applications data across multiple states into a single reporting solution for management teams to evaluate, and he has codeveloped applications to manage billions in federal funding. He is also a CSAC-credentialed IT Executive (CA, USA).

    This is a picture of Scott Rutherford

    Scott Rutherford
    Executive Vice President, Technology
    LGM Financial Services Inc.

    Scott heads the Technology division of LGM Financial Services Inc., a leading provider of warranty and financing products to automotive OEMs and dealerships in Canada. His responsibilities include strategy and execution of data and analytics, applications, and technology operations.

    This is a picture of Robert Willatts

    Robert Willatts
    IT Manager, Enterprise Business Solutions and Project Services
    Town of Newmarket

    Robert is passionate about technology, innovation, and Smart City Initiatives. He makes customer satisfaction as the top priority in every one of his responsibilities and accountabilities as an IT manager, such as developing business applications, implementing and maintaining enterprise applications, and implementing technical solutions. Robert encourages communication, collaboration, and engagement as he leads and guides IT in the Town of Newmarket.

    This is a picture of Randeep Grewal

    Randeep Grewal
    Vice President, Enterprise Applications
    Red Hat

    Randeep has over 25 years of experience in enterprise applications, advanced analytics, enterprise data management, and consulting services, having worked at numerous blue-chip companies. In his most recent role, he is the Vice President of Enterprise Applications at Red Hat. Reporting to the CIO, he is responsible for Red Hat's core business applications with a focus on enterprise transformation, application architecture, engineering, and operational excellence. He previously led the evolution of Red Hat into a data-led company by maturing the enterprise data and analytics function to include data lake, streaming data, data governance, and operationalization of analytics for decision support.

    Prior to Red Hat, Randeep was the director of global services strategy at Lenovo, where he led the strategy using market data to grow Lenovo's services business by over $400 million in three years. Prior to Lenovo, Randeep was the director of advanced analytics at Alliance One and helped build an enterprise data and analytics function. His earlier work includes seven years at SAS, helping SAS become a leader in business analytics, and at KPMG consulting, where he managed services engagements at Fortune 100 companies.

    Build Better Workflows

    • Buy Link or Shortcode: {j2store}496|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    Do you experience any of the following challenges:

    • You lack process documentation.
    • Your documentation lacks flowchart examples.
    • Your workflows have points of friction and need improvement.

    Our Advice

    Critical Insight

    • Don’t just document – target your future state as you document your workflows.
    • Find opportunities for automation, pinpoint key handoff points, and turn cold handoffs into warm handoffs

    Impact and Result

    • Understand the basics of documenting a workflow in flowchart format.
    • Run activities to revise and stress-test your workflows to improve their accuracy and effectiveness.
    • Ensure your workflows are part of a continuous improvement cycle – keep them up to date as a living document.

    Build Better Workflows Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Better Workflows – A step by step document that walks you through the process of convening a working group to design and update a process flowchart.

    Ask the right questions and pressure test the workflow so the documentation is as helpful as possible to all who consult it.

    • Build Better Workflows Storyboard

    2. Workflow Activity: An onboarding example for a completed flowchart review.

    Use this workflow as an example of the output of an onboarding workflow-improvement activity.

    • Workflow Activity: Onboarding Example (Visio)
    • Workflow Activity: Onboarding Example (PDF)
    [infographic]

    Further reading

    Build Better Workflows

    Go beyond draft one to refine and pressure test your process.

    Analyst Perspective

    Remove friction as you document workflows

    Emily Sugerman

    Emily Sugerman
    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    You can’t mature processes without also documenting them. Process documentation is most effective when workflows are both written out and also visualized in the form of flow charts.

    Your workflows may appear in standard operating procedures, in business continuity and disaster recovery plans, or anywhere else a process’ steps need to be made explicit. Often, just getting something down on paper is a win. However, the best workflows usually do not emerge fully-formed out of a first draft. Your workflow documentation must achieve two things:

    • Be an accurate representation of how you currently operate or how you will operate in the near future as a target state.
    • Be the output of a series of refinements and improvements as the workflow is reviewed and iterated.

    This research will use the example of improving an onboarding workflow. Ask the right questions and pressure test the workflow so the documentation is as helpful as possible to all who consult it.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Your documentation lacks workflows entirely, or ...
    • Your workflows are documented in flowchart form but are not accurate, and/or ...
    • Your workflows are documented in flowchart form but contain points of friction and need process improvement.
    • Getting the relevant stakeholders together to contribute to workflow design and validate them.
    • Selecting the right detail level to include in the workflow – not too much and not too little.
    • Knowing the right questions to ask to review and improve your workflow flowcharts.

    Use this material to help

    • Understand the basics of documenting a workflow in flowchart format.
    • Run activities to revise and stress-test your workflows to improve their accuracy and effectiveness.
    • Ensure your workflows are part of a continuous improvement cycle – keep them up-to-date as a living document.

    Info-Tech Insight

    Don’t just document – target your future state as you document your workflows. Find opportunities for automation, pinpoint key handoff points, and turn cold handoffs into warm handoffs.

    Follow these steps to build, analyze, and improve the workflow

    The image contains a screenshot of a diagram that demonstrates the steps needed to build better workflows.

    Insight Summary

    Keep future state in mind.
    Don’t just document – target your future state as you document your workflows. Find opportunities for automation, pinpoint key handoff points, and turn cold handoffs into warm handoffs.

    Promote the benefits of documenting workflows as flowcharts.
    Foreground to the IT team how this will improve customer experience. End-users will benefit from more efficient workflows.

    Remember the principle of constructive criticism.
    Don’t be afraid to critique the workflow but remember this can be a team-building experience. Focus on how these changes will be mutually beneficial, not assigning blame for workflow friction.

    Don’t waste time building shelfware.
    Establish a review cadence to ensure the flowchart is a living document that people actually use.

    Benefits of building better workflows

    Risks of inadequate workflows

    Benefits of documented workflows

    • Lack of clear communication: If you don’t have workflows, you are losing out on an effective way to document and communicate processes.
    • Outdated documentation: If you do have workflows documented in standard operating procedures, they probably need to be updated unless you already consistently update documentation.
    • Facilitate knowledge transfer.
    • Standardize processes for service delivery consistency.
    • Optimize processes by discovering and improving points of friction within the workflow.
    • Improve transparency of processes to set expectations for other stakeholders.
    • Reduce risk.

    Why are visualized workflows useful?

    Use these talking points to build commitment toward documenting/updating processes.

    Risk reduction
    “Our outdated documentation is a risk, as people will assume the documented process is accurate.”

    Transparency
    “The activity of mapping our processes will bring transparency to everyone involved.”

    Accountability
    “Flow charts will help us clarify task ownership at a glance.”

    Accessibility
    “Some team members prefer diagrams over written steps, so we should provide both.”

    Knowledge centralization
    “Our flow charts will include links to other supporting documentation (checklists, vendor documentation, other flowcharts).”

    Role clarification
    “Separating steps into swim lanes can clarify different tiers, process stages, and ownership, while breaking down silos.”

    Communication
    To leadership/upper management: “This process flow chart quickly depicts the big picture.”

    Knowledge transfer
    “Flow charts will help bring new staff up to speed more quickly.”

    Consistency
    “Documenting a process standardizes it and enables everyone to do it in the same way.”

    Review what process mapping is

    A pictorial representation of a process that is used to achieve transparency.

    This research will use one specific example of an onboarding process workflow. Before drilling down into onboarding workflows specifically, review Info-Tech’s Process Mapping Guide for general guidance on what to do before you begin:

    • Know the purpose of process mapping.
    • Articulate the benefits of process mapping.
    • Recognize the risks of not process mapping.
    • Understand the different levels of processes.
    • Adopt BPMN 2.0 as a standard.
    • Consider tools for process mapping.
    • Select a process to map.
    • Learn methods to gather information.

    The image contains screenshots of the Process Mapping Guide.

    Download the Process Mapping Guide

    Select the workflow your team will focus upon

    Good candidates include:

    • Processes you don’t have documented and need to build from scratch.
    • An existing process that results in an output your users are currently dissatisfied with (if you run an annual IT satisfaction survey, use this data to find this information).
    • An existing process that is overly manual, lacks automation, and causes work slowdown for your staff.

    Info-Tech workflow examples

    Active Directory Processes

    Application Development Process

    Application Maintenance Process

    Backup Process

    Benefits Legitimacy Workflow

    Business Continuity Plan Business Process

    Business Continuity Plan Recovery Process

    Commitment Purchasing Workflow

    Coordinated Vulnerability Disclosure Process

    Crisis Management Process

    Data Protection Recovery Workflow

    Disaster Recovery Process

    Disaster Recovery Plan/Business Continuity Plan Review Workflow

    End-User Device Management Workflow Library

    Expense Process

    Event Management Process

    Incident Management and Service Desk Workflows

    MACD Workflow Mapping

    Problem Management Process

    Project Management Process

    Ransomware Response Process

    Sales Process for New Clients

    Security Policy Exception Process

    Self-Service Resolution Process

    Service Definition Process

    Service Desk Ticket Intake by Channel

    Software Asset Management Processes

    Target State Maintenance Workflow

    Example: Onboarding workflow

    Onboarding is a perennial challenge due to the large number of separate teams and departments who are implicated in the process.

    There can be resistance to alignment. As a result, everyone needs to be pulled in to see the big picture and the impact of an overly manual and disconnected process.

    Additionally, the quality of the overall onboarding process (of which IT is but one part) has a significant impact on the employee experience of new hires, and the long-term experience of those employees. This workflow is therefore often a good one to target for improvement.

    “Organizations with a standardized onboarding process experience 62% greater new hire productivity, along with 50% greater new hire retention.”1

    “Companies that focus on onboarding retain 50% more new employees than companies that don’t.”2

    1. Carucci, “To Retain New Hires, Spend More Time Onboarding Them,” 2018
    2. Uzialko, “What Does Poor Onboarding, 2023

    Tabletop exercise: Generate first draft

    In the tabletop exercise, your team will walk through your onboarding process step by step and document what happens at each stage. Prep for this meeting with the following steps:

    1. Identify roles: facilitator, notetaker, and participants. Determine who should be involved in the working group in addition to IT (HR, Hiring Team, Facilities, etc.).
    2. Decide what method of documentation you will use in the meeting. If meeting in person, cue cards are useful because they can be easily rearranged or inserted. If meeting remotely, the notetaker or facilitator will need to share their screen and capture each step with software (such as Visio, PowerPoint, or a whiteboarding software).
    3. Before you even begin mapping out the process, conduct a quick brainstorming session. What are your current challenges with it? What is working? Document on a whiteboard (electronic or hard copy).
    4. Document each step of the process as it currently happens. You will improve it later. Include task ownership.

    Roles

    Facilitator
    Tasks:

    • Guide discussion – restate contributors’ ideas, ask probing questions.
    • Keep group on track – cut off or redirect conversation when off track.

    Notetaker
    Tasks:

    • Ensure the steps are documented via the agreed-upon tools (e.g. cue cards). If the process is being documented in software, the notetaker may be solely responsible for documentation.
    • The notetaker may be the same person as the facilitator.

    Document your workflow challenges: Onboarding

    Brainstorm and document. Group similar challenges together to pull out themes.

    Lack of communication/expectation setting with users:

    Messy process, poor coordination among task owners:

    User experience affected:

    • Users submit onboarding requests with too little lead time.
    • HR/hiring manager does not include all necessary information when submitting new hire request.
    • Approvals are slowing down our ability to fulfill in a timely manner.
    • Lots of manual, repeated tasks.
    • Too much back and forth between technicians.
    • Procurement delays (supply chain challenges) leading to new user starting with no device/workaround.
    • Inconsistent resolution times for these types of requests.
    • Complaints about onboarding were one of the most frequently recurring issues in our most recent annual IT satisfaction survey.
    • Some of these complaints fall more to the responsibility of HR and direct managers, but some of the complaints relate to onboarding tasks not being completed by start date, which is our responsibility.

    Establish flowcharting standards

    If you don’t have existing flowchart standards, use the basic notation conventions used in the examples here.

    Basic notation convention shapes: Circle, oval, square, rectangle, diamond, thought bubble.

    Start, End, and Connector. Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified modeling language (UML) also uses the circle for start and end points.

    Start, End. Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.

    Process Step. Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the sub-process symbol and flowchart the sub-process separately.

    Sub-Process. A series of steps. For example, a critical incident standard operating procedure (SOP) might reference a recovery process as one of the possible actions. Marking it as a sub-process, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).

    Decision. Represents decision points, typically with yes/no branches, but you could have other branches depending on the question (e.g. a “Priority” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).

    Document/Report Output. For example, the output from a backup process might include an error log.

    Map the current process

    Prompt the working group with the following questions.

    • What happens when the ticket comes in? Who submits it? Where is it coming from? What are the trigger events? Are there any input channels we should eliminate?
    • What is the terminal event? Where does the workflow end?
    • Do we have a triage step?
    • Is the ticket prioritized? Does this need to be a step?
    • Do we create child tickets? Separate tasks for different teams? Do we create a primary/main ticket and sub-tickets? How should we represent this in the flowchart?
    • How should we represent escalations? How should we represent task ownership by different teams?
    • What are our decision points: points when the path can potentially branch (e.g. into yes/no branches)?

    Map the process: First pass

    The image contains a screenshot example of the first pass.

    Tabletop exercise: Revise workflow

    Time to review and revise the workflow. What gaps exist? How can you improve the process? What documentation gaps have been overlooked?

    Consider the following refinements for the onboarding workflow:

    • Identify missing steps
    • Clearly identify task ownership
    • Establish SLAs and timepoints
    • Capture/implement user feedback
    • Identify approval roadblocks
    • Identify communication points
    • Identify opportunities for automation
    • Create personas
    • Create onboarding checklist

    Roles

    Facilitator
    Tasks:

    • Guide discussion – restate contributors’ ideas, ask probing questions.
    • Keep group on track – cut off or redirect conversation when off track.

    Notetaker
    Tasks:

    • Ensure the steps are documented via the agreed-upon tools (e.g. cue cards). If the process is being documented in software, the notetaker may be solely responsible for documentation.
    • The notetaker may be the same person as the facilitator, but this takes some practice.

    Map the process: Critique draft

    The image contains a screenshot example of critique draft.

    Solicit feedback from the group.

    "

    • Our workflow is slowed down by hidden approvals that we haven’t mapped.
    • We have no efficient way to prevent submission of incomplete requests.
    • Our workflow doesn’t clearly show how different tasks are assigned to different teams.
    • We still don’t know how long this all takes.
    • We’re missing some tasks – what about including facilities?
    • We’re missing next steps for some of the decision points.
    "

    Review: Identify missing steps

    Consider the following refinements.

    Be complete.

    The workflow should surface tacit knowledge, so make it explicit (Haddadpoor et al.):

    • Where are the inputs coming from? Do you need to account for various input channels? Have you forgotten any?
    • Are there any input channels that you want to eliminate?
    • Have you overlooked any hardware, software, or services entitlements that should be called out?
    • Have all decision paths been worked through? Do you need to add any missing decision points?
    • Add information flows and annotations as needed.

    Review: Task ownership

    Identify task ownership.

    The flow chart will be more useful if it clearly identifies who does what in the process.

    • Consider organizing the sub-processes within the overall onboarding process into swim lanes, one for each team or group involved in the process.
    • Swim lanes help clarify who does what in the overall process (e.g. all the tasks completed by HR appear in the HR swim lane, all the tasks completed by service desk appear in the service desk swim lane).
    • They can also help draw attention to escalation points or handoff points between different teams. Assess the steps around the boundary of each swim lane. Does the working group experience/know of friction at these handoff points? What might solve it?
    • In what order should the tasks occur? What dependencies do they have?

    The image contains a screenshot of a model that demonstrates task ownership swim lanes.

    “Each task has an owner, and the task list is visible to the employee and other stakeholders, so there's visibility about whether each person has done their actions.”

    Matthew Stibbe, qtd. in Zapier, 2022

    Review: The time the workflow takes

    For onboarding, this means setting SLOs/SLAs and internal timepoints.

    Add internal timepoints for the major steps/tasks in the workflow. Begin to track these service level objectives and adjust as necessary.

    • Review old onboarding tickets and track how long each main step/task takes (or should take). Every additional approval risks adding days.
    • Consider where there are opportunities to increase automation or use templates to save time.
    • Zero in on which task within the onboarding workflow is slowing down the process.
    • Create an overall service level objective that communicates how many days the onboarding workflow is expected to take. Decide where escalations go when the SLA is breached.

    When you have validated the service level objectives are accurate and you can meet them an acceptable amount of time, communicate the overall SLA to your users. This will ensure they submit future onboarding requests to your team with enough lead time to fulfill the request. Try to place the SLA directly in the service catalog.

    “Tracking the time within the workflow can be a powerful way to show the working group why there is user dissatisfaction.”

    Sandi Conrad, Principal Advisory Director, Info-Tech Research Group

    Review: Capture user feedback

    For onboarding, this means implementing a transactional survey.

    The onboarding workflow will be subject to periodic reviews and continual improvement. Suggestions for improvement should come not only from the internal IT team, but also the users themselves.

    • Transactional surveys, launched at the close of a ticket, allow the ticket submitter to provide feedback on their customer service experience.
    • Onboarding tickets are somewhat more complex than the average incident or service request, since the ticket is often opened by one user (e.g. in HR) on behalf of another (the new employee).
    • Decide whose experience you want feedback on – the submitter of the request or the new user. Investigate your ITSM tool’s capabilities: is it possible to direct the survey to someone who is not the ticket submitter?
    Take Action on Service Desk Customer Feedback

    Use Info-Tech’s Take Action on Service Desk Customer Feedback for more guidance on creating these surveys.

    Review: Identify approval roadblocks

    For onboarding, approvals can be the main roadblock to fulfilling requests

    • How are the requests coming in? Do we have a predefined service catalog?
    • What kinds of approvals do we receive (manager, financial, legal, security, regulatory)? Ask the team to think about where there are instances of back and forth and clean that up.
    • Identify where approvals interrupt the technical flow.
      • Confirm that these approvals are indeed necessary (e.g. are certain approval requests ever declined? If not, follow up on whether they are necessary or whether some can be made into preapprovals).
      • Avoid putting agents in charge of waiting on or following up about approvals.
      • Investigate whether interruptive approvals can be moved.

    Review: Identify communication points

    A positive onboarding experience is an important part of a new employee’s success.

    Though IT is only one part of an employee’s onboarding experience, it’s an important part. Delays for hardware procurement and a lack of communication can lead to employee disengagement. Ask the team:

    • Are we communicating with our users when delays occur? When do delays occur most often?
    • How can we mitigate delays? Though we can’t resolve larger supply chain problems, can we increase stock in the meantime?
    • Can we start tracking delays to incorporate into the SLA
    • Do we offer loaner devices in the meantime?

    Place communication bullet points in the flow chart to indicate where the team will reach out to users to update or notify them of delays.

    Review: Identify opportunities for automation

    Where can we automate for onboarding?

    Identify when the process is dragged out due to waiting times (e.g. times when the technician can’t address the ticket right away).

    • Analyze the workflow to identify which tasks tend to stagnate because technician is busy elsewhere. Are these candidates for automation?
    • Is our ITSM tool capable of setting up automatically routed child tickets triggered by the main onboarding ticket? Does it generate a series of tasks? Is it a manual process? Which teams do these tasks/tickets go to?
    • Can we automate notifications if devices are delayed?
    • Can we use mobile device management for automated software installation?
    • If we have a robust service catalog, can we provide it to the users to download what they need? Or is this too many extra steps for our users?
    • Can we create personas to speed up onboarding?

    Avoid reinforcing manual processes, which make it even harder for departmental silos to work together.

    Review: Automation example – create personas

    Create role-based templates.

    Does HR know which applications our users need? Are they deferring to the manager, who then asks IT to simply duplicate an existing user?

    Personas are asset profiles that apply to multiple users (e.g. in a department) and that can be easily duplicated for new hires. You might create three persona groups in a department, with variations within each subgroup or title. To do this, you need accurate information upfront.

    Then, if you’re doing zero touch deployment, you can automate software to automatically load.

    Many HRIS systems have the ability to create a persona, and also to add users to the AD, email, and distribution groups without IT getting involved. This can alleviate work from the sysadmin. Does our HRIS do this?

    • Review old onboarding tickets. Do they include manual steps like setting up mailboxes, creating user accounts, adding to groups?
    • Investigate your ITSM tool’s onboarding template. Does it allow you to create a form through which to create dynamic required fields?
    • Identify the key information service desk needs from the department supervisor, or equivalent role, to begin the onboarding request – employee type, access level, hardware and software entitlements, etc.

    Revised workflow

    How does the group feel about the revised workflow?

    • Are any outputs still missing?
    • Can we add any more annotations to provide more context to someone reading this for the first time?
    • Do the task names follow a “verb-noun” format?
    • Are the handoffs clear?
    • Are some of the steps overly detailed compared to others?
    • Does it help resolve the challenges we listed?
    • Does it achieve the benefits we want to achieve?

    Download the Workflow Activity: Onboarding Example

    Remember the principle of constructive criticism.

    Don’t be afraid to critique the workflow but remember this can also be a team-building experience. Focus on how these changes will be mutually beneficial, not assigning blame for workflow friction.

    Post-review: Revised workflow

    The image contains a screenshot example of a revised workflow.

    Final check

    • Do we need to run this by Legal?
    • Have we included too many sub-processes? Not enough?
    • Is the flowchart easy to read and follow?

    Decide how often this workflow will be revised.

    • Is this workflow part of a larger piece of documentation that has a set review cadence? Where is it stored?
    • If not, what is a realistic time frame for regular review?
    • Who will own this process in an ongoing way and be in charge of convening a future review working group?

    Validation with stakeholders

    • What documentation does the flowchart belong to? When will you review it again?
    • Who do you need to validate the flowchart with?

    Share the flowchart and set up a review meeting.

    • Walk through the workflow with stakeholders who did not participate in building it.
    • Do they find it easy to follow?
    • Can they identify missing steps?

    Don’t waste time building shelfware.

    Establish a review cadence to ensure the flowchart is a living document that people actually use.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Bibliography

    Bushkill, Claire. “The top 5 ways to automate your onboarding checklist.” Rippling Blog. 18 Mar 2022. Accessed 29 Nov 2022. Ha https://www.rippling.com/blog/the-top-5-ways-to-automate-your-onboarding-checklist
    Carucci, Ron. “To Retain New Hires, Spend More Time Onboarding Them.” Harvard Business Review, 3 Dec 2018
    Haddadpoor, Asefeh, et al. “Process Documentation: A Model for Knowledge Management in Organizations.” Materia Socio-Medica, vol. 27, no. 5, Oct. 2015, pp. 347–50. PubMed Central, https://doi.org/10.5455/msm.2015.27.347-350.
    King, Melissa. “New hire checklist: An employee onboarding checklist template for 2022.” Zapier. 14 Jul 2022. Accessed 29 Nov 2022. https://zapier.com/blog/onboarding-checklist/
    Uzialko, Adam. “What Does Poor Onboarding Really Do to Your Team?” Business News Daily. 23 Jan 2023.
    https://www.manageengine.com/products/service-desk...

    Contributors

    Sandi Conrad, Principal Advisory Director, Infrastructure and Operations, Info-Tech Research Group

    Christine Coz, Executive Counselor, Info-Tech Research Group

    Allison Kinnaird, Practice Lead, Infrastructure and Operations, Info-Tech Research Group

    Natalie Sansone, Research Director, Infrastructure and Operations, Info-Tech Research Group

    Set Meaningful Employee Performance Measures

    • Buy Link or Shortcode: {j2store}597|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Despite the importance of performance measures, most organizations struggle with choosing appropriate metrics and standards of performance for their employees.
    • Performance measures are often misaligned with the larger strategy, gamed by employees, or too narrow to provide an accurate picture of employee achievements.
    • Additionally, many organizations track too many metrics, resulting in a bureaucratic nightmare with little payoff.

    Our Advice

    Critical Insight

    • Focus on what matters by aligning your departmental goals with the enterprise's mission and business goals. Break down departmental goals into specific goals for each employee group.
    • Employee engagement, which results in better performance, is directly correlated with employees’ understanding what is expected of them on the job and with their performance reviews reflecting their actual contributions.
    • Shed unnecessary metrics in favor of a lean, holistic approach to performance measurement. Include quantitative, qualitative, and behavioral dimensions in each goal and set appropriate measures for each dimension to meet simple targets. This encourages well-rounded behaviors and discourages rogue behavior.
    • Get rid of the stick-and-carrot approach to management. Use performance measurement to inspire and engage employees, not punish them.

    Impact and Result

    • Learn about and leverage the McLean & Company framework and process to effective employee performance measurement setting.
    • Plan effective communications and successfully manage departmental employee performance measurement by accurately recording goals, measures, and requirements.
    • Find your way through the maze of employee performance management with confidence.

    Set Meaningful Employee Performance Measures Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set Meaningful Employee Performance Measures Storyboard – This deck provides a comprehensive framework for setting, communicating, and reviewing employee performance measures that will drive business results

    This research will help you choose an appropriate measurement framework, set effective measures. and communicate and review your performance measures. Use Info-Tech's process to set meaningful measures that will inspire employees and drive performance.

    • Set Meaningful Employee Performance Measures Storyboard

    2. Employee Performance Measures Goals Cascade – A tool to assist you in turning your organizational goals into meaningful individual employee performance measures.

    This tool will help you set departmental goals based on organizational mission and business goals and choose appropriate measures and weightings for each goal. Use this template to plan a comprehensive employee measurement system.

    • Employee Performance Measures Goals Cascade

    3. Employee Performance Measures Template – A template for planning and tracking your departmental goals, employee performance measures, and reporting requirements.

    This tool will help you set departmental goals based on your organizational mission and business goals, choose appropriate measures and weightings for each goal, and visualize you progress toward set goals. Use this template to plan and implement a comprehensive employee measurement system from setting goals to communicating results.

    • Employee Performance Measures Template

    4. Feedback and Coaching Guide for Managers – A tool to guide you on how to coach your team members.

    Feedback and coaching will improve performance, increase employee engagement, and build stronger employee manager relationships. Giving feedback is an essential part of a manger's job and if done timely can help employees to correct their behavior before it becomes a bigger problem.

    • Feedback and Coaching Guide for Managers

    Infographic

    Workshop: Set Meaningful Employee Performance Measures

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Source and Set Goals

    The Purpose

    Ensure that individual goals are informed by business ones.

    Key Benefits Achieved

    Individuals understand how their goals contribute to organizational ones.

    Activities

    1.1 Understand how your department contributes to larger organizational goals.

    1.2 Determine the timelines you need to measure employees against.

    1.3 Set Business aligned department, team, and individual goals.

    Outputs

    Business-aligned department and team goals

    Business-aligned individual goals

    2 Design Measures

    The Purpose

    Create holistic performance measures.

    Key Benefits Achieved

    Holistic performance measures are created.

    Activities

    2.1 Choose your employee measurement framework: generic or individual.

    2.2 Define appropriate employee measures for preestablished goals.

    2.3 Determine employee measurement weightings to drive essential behaviors.

    Outputs

    Determined measurement framework

    Define employee measures.

    Determined weightings

    3 Communicate to Implement and Review

    The Purpose

    Learn how to communicate measures to stakeholders and review measures.

    Key Benefits Achieved

    Learn how to communicate to stakeholders and coach employees through blockers.

    Activities

    3.1 Learn how to communicate selected performance measures to stakeholders.

    3.2 How to coach employees though blockers.

    3.3 Reviewing and updating measures.

    Outputs

    Effective communication with stakeholders

    Coaching and feedback

    When to update

    4 Manager Training

    The Purpose

    Train managers in relevant areas.

    Key Benefits Achieved

    Training delivered to managers.

    Activities

    4.1 Deliver Build a Better Manager training to managers.

    4.2

    Outputs

    Manager training delivered

    Further reading

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    EXECUTIVE BRIEF

    Set employees up for success by implementing performance measures that inspire great performance, not irrelevant reporting.

    Executive Summary

    Your Challenge

    In today’s competitive environment, managers must assess and inspire employee performance in order to assess the achievement of business goals.

    Despite the importance of performance measures, many leaders struggle with choosing appropriate metrics.

    Performance measures are often misaligned with the larger strategy, gamed by employees, or are too narrow to provide an accurate picture of employee achievements.

    Common Obstacles

    Managers who invest time in creating more effective performance measures will be rewarded with increased employee engagement and better employee performance.

    Too little time setting holistic employee measures often results in unintended behaviors and gaming of the system.

    Conversely, too much time setting employee measures will result in overreporting and underperforming employees.

    Info-Tech’s Approach

    Info-Tech helps managers translate organizational goals to employee measures. Communicating these to employees and other stakeholders will help managers keep better track of workforce productivity, maintain alignment with the organization’s business strategy, and improve overall results.

    Info-Tech Insight

    Performance measures are not about punishing bad performance, but inspiring higher performance to achieve business goals.

    Meaningful performance measures drive employee engagement...

    Clearly defined performance measures linked to specific goals bolster engagement by showing employees the importance of their contributions.

    Significant components of employee engagement are tied to employee performance measures.

    A diagram of employee engagement survey and their implications.

    Which, in turn, drives business success.

    Improved employee engagement is proven to improve employee performance. Setting meaningful measures can impact your bottom line.

    Impact of Engagement on Performance

    A diagram that shows Percent of Positive Responses Among Engaged vs. Disengaged
    Source: McLean & Company Employee Engagement Survey Jan 2020-Jan 2023; N=5,185 IT Employees; were either Engaged or Disengaged (Almost Engaged and Indifferent were not included)

    Engaged employees don’t just work harder, they deliver higher quality service and products.

    Engaged employees are significantly more likely to agree that they regularly accomplish more than what’s expected of them, choose to work extra hours to improve results, and take pride in the work they do.

    Without this sense of pride and ownership over the quality-of-service IT provides, IT departments are at serious risk of not being able to deliver quality service, on-time and on-budget.

    Create meaningful performance measures to drive employee engagement by helping employees understand how they contribute to the organization.

    Unfortunately, many employee measures are meaningless and fail to drive high-quality performance.

    Too many ineffective performance measures create more work for the manager rather than inspire employee performance. Determine if your measures are worth tracking – or if they are lacking.

    Meaningful performance measures are:

    Ineffective performance measures are:

    Clearly linked to organizational mission, values, and objectives.

    Based on a holistic understanding of employee performance.

    Relevant to organizational decision-making.

    Accepted by employees and managers.

    Easily understood by employees and managers.

    Valid: relevant to the role and goals and within an employee’s control.

    Reliable: consistently applied to assess different employees doing the same job.

    Difficult to track, update, and communicate.

    Easily gamed by managers or employees.

    Narrowly focused on targets rather than the quality of work.

    The cause of unintended outcomes or incentive for the wrong behaviors.

    Overly complex or elaborate.

    Easily manipulated due to reliance on simple calculations.

    Negotiable without taking into account business needs, leading to lower performance standards.

    Adopt a holistic approach to create meaningful performance measurement

    A diagram that shows a holistic approach to create meaningful performance measurement, including inputs, organizational costs, department goals, team goals, individual goals, and output.

    Info-Tech’s methodology to set the stage for more effective employee measures

    1. Source and Set Goals

    Phase Steps
    1.1 Create business-aligned department and team goals
    1.2 Create business-aligned individual goals

    Phase Outcomes
    Understand how your department contributes to larger organizational goals.
    Determine the timelines you need to measure employees against.
    Set business-aligned department, team, and individual goals.

    2. Design Measures

    Phase Steps
    1.1 Choose measurement framework
    1.2 Define employee measures
    1.3 Determine weightings

    Phase Outcomes
    Choose your employee measurement framework: generic or individual.
    Define appropriate employee measures for preestablished goals.
    Determine employee measurement weightings to drive essential behaviors.
    Ensure employee measures are communicated to the right stakeholders.

    3. Communicate to Implement and Review

    Phase Steps
    1.1 Communicate to stakeholders
    1.2 Coaching and feedback
    1.3 When to update

    Phase Outcomes
    Communicate selected performance measure to stakeholders.
    Learn how to coach employees though blockers.
    Understand how to review and when to update measures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to four months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Drive Business Value With Off-the-Shelf AI

    • Buy Link or Shortcode: {j2store}205|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • Understanding the most important aspects that the organization needs to consider while planning the implementation of the AI-powered product.

    Our Advice

    Critical Insight

    • Organizations are faced with multiple challenges trying to adopt AI solutions. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    • To guarantee the success of your off-the-shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Impact and Result

    To guarantee success of the off-the-shelf AI implementation and deliver value, in addition to formulating a clear definition of the business case and understanding of data, organizations should also:

    • Know what questions to ask vendors while evaluating AI-powered products.
    • Measure the impact of the project on business and IT processes.

    Drive Business Value With Off-the-Shelf AI Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Business Value With Off-the-Shelf AI Deck – A step-by-step approach that will help guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers business value

    Use this practical and actionable framework that will guide you through the planning of your Off-the-Shelf AI product implementation.

    • Drive Business Value With Off-the-Shelf AI Storyboard

    2. Off-the-Shelf AI Analysis – A tool that will guide the analysis and planning of the implementation

    Use this analysis tool to ensure the success of the implementation.

    • Off-the-Shelf AI Analysis

    Infographic

    Further reading

    Drive Business Value With Off-the-Shelf AI

    A practical guide to ensure return on your Off-the-Shelf AI investment

    Executive Summary

    Your Challenge
    • Understanding the impact of the machine learning/AI component that is built into most of the enterprise products and tools and its role in the implementation of the solution.
    • What are the most important aspects that organizations needs to consider while planning the implementation of the AI-powered product?
    Common Obstacles
    • Organizations are faced with multiple challenges trying to adopt an AI solution. Challenges include data issues, ethics and compliance considerations, business process challenges, and misaligned leadership goals.
    • When choosing the right product to meet business needs, organizations need to know what questions to ask vendors to ensure they fully understand the implications of buying an AI/ML product.
    Info-Tech’s Approach

    Info-Tech’s approach includes a framework that will guide organizations through the process of the Off-the-Shelf AI product selection.

    To guarantee success of the Off-the-Shelf AI implementation and deliver value, organization should start with clear definition of the business case and an understanding of data.

    Other steps include:

    • Knowing what questions to ask vendors to evaluate AI-powered products.
    • Measuring the impact of the project on your business and IT processes.
    • Assessing impact on the organization and ensure team readiness.

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Getting value out of AI and machine learning investments

    92.1%

    of companies say they are achieving returns on their data and AI investments

    91.7%

    said they were increasing investments in data and AI

    26.0%

    of companies have AI systems in widespread production
    However, CIO Magazine identified nine main hurdles to AI adoption based on the survey results:
    • Data issues
    • Business process challenges
    • Implementation challenges and skill shortages
    • Costs of tools and development
    • Misaligned leadership goals
    • Measuring and proving business value
    • Legal and regulatory risks
    • Cybersecurity
    • Ethics
    • (Source: CIO, 2019)
    “Data and AI initiatives are becoming well established, investments are paying off, and companies are getting more economic value from AI.” (Source: NewVantage, 2022.)

    67% of companies are currently using machine learning, and 97% are using or planning to use it in the next year.” (Source: Deloitte, 2020)

    AI vs. ML

    Machine learning systems learn from experience and without explicit instructions. They learn patterns from data then analyze and make predictions based on past behavior and the patterns learned.

    Artificial intelligence is a combination of technologies and can include machine learning. AI systems perform tasks mimicking human intelligence such as learning from experience and problem solving. Most importantly, AI is making its own decisions without human intervention.

    The AI system can make assumptions, test these assumptions, and learn from the results.

    (Level of decision making required increases from left to right)
    Statistical Reasoning
    Infer relationships between variables

    Statistical models are designed to find relationships between variables and the significance of those relationships.

    Machine Learning:
    Making accurate predictions

    Machine learning is a subset of AI that discovers patterns from data without being explicitly programmed to do so.

    Artificial Intelligence
    Dynamic adaptation to novelty

    AI systems choose the optimal combination of methods to solve a problem. They make assumptions, reassess the model, and reevaluate the data.

    “Machine learning is the study of computer algorithms that improve automatically through experience.” (Tom Mitchell, 1997)

    “At its simplest form, artificial intelligence is a field, which combines computer science and robust datasets, to enable problem-solving.” (IBM, “What is artificial intelligence?”)

    Types of Off-the-Shelf AI products and solutions

    ML/AI-Powered Products Off-the-Shelf Pre-built and Pre-trained AI/ML Models
    • AI/ML capabilities built into the product and might require training as part of the implementation.
    • Off-the-Shelf ML/AI Models, pre-built, pre-trained, and pre-optimized for a particular task. For example, language models or image recognition models that can be used to speed up and simplify ML/AI systems development.
    Examples of OTS tools/products: Examples of OTS models:

    The data inputs for these models are defined, the developer has to conform to the provided schema, and the data outputs are usually fixed due to the particular task the OTS model is built to solve.

    Insight summary

    Overarching insight:

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Business Goals

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    Data

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development.
    • Run the model in production.

    People/Skills

    Define the skills required for the implementation and assemble the team that will support the project from requirements to deployment and support, through its entire lifecycle. Don’t forget about production support and maintenance.

    Choosing an AI-Powered Tool

    No need to reinvent the wheel and build a product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    Choosing an AI/ML Model

    Using Off-the-Shelf-AI models enables an agile approach to system development. Faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Guaranteeing Off-the-Shelf AI Implementation Success

    Info-Tech Insight

    To guarantee the success of your Off-the-Shelf AI implementation and ensure it delivers value, you must start with a clear definition of the business case and an understanding of your data.

    Why do you need AI in your toolset?
    Business Goals

    Clearly defined problem statement and business requirements for the tool or a model will help you select the right solution that will deliver business value even if it does not have all the latest bells and whistles.

    Small chevron pointing right.
    Do you know the data required for implementation?
    Data

    Expected business outcome defines data requirements for implementation. Do you have the right data required to train and run the model?

    Large chevron pointing right.
    Is your organization ready for AI?
    People/Team/ Skills

    New skills and expertise are required through all phases of the implementation: design, build, deployment, support, and maintenance, as well as post-production support, scaling, and adoption.

    Data Architecture/ Infrastructure

    New tool or model will impact your cloud and integration strategy. It will have to integrate with the existing infrastructure, in the cloud or on prem.

    Large chevron pointing right.
    What questions do you need to ask when choosing the solution?
    Product/ Tool or Model Selection

    Do you know what model powers the AI tool? What data was used to train the tool and what data is required to run it? Ask the right questions.

    Small chevron pointing right.
    Are you measuring impact on your processes?
    Business and IT Processes

    Business processes need to be defined or updated to incorporate the output of the tool back into the business processes to deliver value.

    IT governance and support processes need to accommodate the new AI-powered tool.

    Small chevron pointing right.
    Realize and measure business value of your AI investment
    Value

    Do you have a clear understanding of the value that AI will bring to your organization?Optimization?Increased revenue?Operational efficiency?

    Introduction of Off-the-Shelf AI Requires a Strategic Approach

    Business Goals and Value Data People/Team/ Skills Infrastructure Business and IT Processes
    AI/ML–powered tools
    • Define a business problem that can be solved with either an AI-powered tool or an AI/ML pre-built model that will become part of the solution.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for the tool or model.
    • Define the scope for a prototype or POC.
    • Define data requirements.
    • Define data required for implementation.
    • Determine if the required data can be acquired or captured/generated.
    • Document internal and external sources of data.
    • Validate data quality (define requirements and criteria for data quality).
    • Define where and how the data is stored and will be stored. Does it have to be moved or consolidated?
    • Define all stakeholders involved in the implementation and support.
    • Define skills and expertise required through all phases of the implementation: design, build, deployment, support, and maintenance.
    • Define skills and expertise required to grow AI practice and achieve the next level of adoption, scaling, and development of the tool or model POC.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool is integrated with existing systems and into existing infrastructure.
    • Determine the cost to deploy and run the tool/model.
    • Define processes that need to be updated to accommodate new functionality.
    • Define how the outcome of the tool or a model (e.g. predictions) are incorporated back into the business processes.
    • Define new business and IT processes that need to be defined around the tool (e.g. chatbot maintenance; analysis of the data generated by the tool).
    Off-the-shelf AI/ML pre-built models
    • Define the business metrics and KPIs to measure success of the implementation against.
    • Determine if there are requirements for a specific data format required for the tool or a model.
    • Determine if there is a need to classify/label the data (supervised learning).
    • Define privacy and security requirements.
    • Define requirements for employee training. This can be vendor training for a tool or platform training in the case of a pre-built model or service.
    • Define if ML/AI expertise is required.
    • Is the organization ready for ML/AI? Conduct an AI literacy survey and understand team’s concerns, fears, and misconceptions and address them.
    • Define requirements for:
      • Data migration.
      • Security.
      • AI/ML pipeline deployment and maintenance.
    • Define requirements for operation and maintenance of the tool or model.
    • Confirm infrastructure readiness.
    • How AI and its output will be used across the organization.

    Define Business Goals and Objectives

    Why do you need AI in your toolset? What value will AI deliver? Have a clear understanding of business benefits and the value AI delivers through the tool.

    • Define a business problem that can be solved with either an AI-powered tool or AI/ML pre-built model.
    • Define expectations and assumptions around the value that AI can bring.
    • Document business requirements for a tool or model.
    • Start with the POC or a prototype to test assumptions, architecture, and components of the solution.
    • Define business metrics and KPIs to measure success of the implementation.

    Info-Tech Insight

    Question the value that AI adds to the tool you are evaluating. Don’t go after the tool simply because it has an AI label attached to it. AI/ML capabilities might add little value but increase implementation complexity. Define the problem you are solving and document business requirements for the tool or a model.

    Venn diagram of 'Applied Artificial Intelligence (AAI)' with a larger circle at the top, 'Machine Learning (ML)', and three smaller ovals intersecting, 'Computer Vision', 'Natural Language Processing (NLP)', and 'Robotic Process Automation (RPA)'.

    AAI solutions and technologies are helping organizations make faster decisions and predict future outcomes such as:

    • Business process automation
    • Intelligent integration
    • Intelligent insights
    • Operational efficiency improvement
    • Increase revenue
    • Improvement of existing products and services
    • Product and process innovation

    1. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to define business drivers and document business requirements

    2-3 hours
    Screenshot of the Off-the-Shelf AI Analysis Tool's Business Drivers tab, a table with columns 'AI/ML Tool or Model', 'Use Case', 'Business problem / goal for AI/ML use case', 'Description', 'Business Owner (Primary Stakeholder)', 'Priority', 'Stakeholder Groups Impacted', 'Requirements Defined? Yes/No', 'Related Data Domains', and 'KPIs'. Use the Business Drivers tab to document:
    • Business objectives of the initiative that might drive the AI/ML use case.
    • The business owner or primary stakeholder who will help to define business value and requirements.
    • All stakeholders who will be involved or impacted.
    • KPIs that will be used to assess the success of the POC.
    • Data required for the implementation.
    • Use the Business Requirements tab to document high-level requirements for a tool or model.
    • These requirements will be used while defining criteria for a tool selection and to validate if the tool or model meets your business goals.
    • You can use either traditional BRD format or a user story to document requirements.
    Screenshot of the Off-the-Shelf AI Analysis Tool's Business Requirements tab, a table with columns 'Requirement ID', 'Requirement Description / user story', 'Requirement Category', 'Stakeholder / User Role', 'Requirement Priority', and 'Complexity (point estimates)'.

    Download the Off-the-Shelf AI Analysis Tool

    1. Define business drivers and document business requirements

    Input

    • Strategic plan of the organization
    • Data strategy that defines target data capabilities required to support enterprise strategic goals
    • Roadmap of business and data initiatives to support target state of data capabilities

    Output

    • Prioritized list of business use cases where an AI-powered tool or AI/ML can deliver business value
    • List of high-level requirements for the selected use case

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf-AI Analysis Tool, “Business Drivers” and “Business Requirements” tabs

    Participants

    • CIO
    • Senior business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Understand data required for implementation

    Do you have the right data to implement and run the AI-powered tool or AI/ML model?

    Info-Tech Insight

    Know your data. Determine data requirements to:

    • Train the model during the implementation and development, and
    • Run the model in production
    AvailabilityArrow pointing rightQualityArrow pointing rightPreparationArrow pointing rightBias, Privacy, SecurityArrow pointing rightData Architecture
    • Define what data is required for implementation, e.g. customer data, financial data, product sentiment.
    • If the data is not available, can it be acquired, gathered, or generated?
    • Define the volume of data required for implementation and production.
    • If the model has to be trained, do you have the data required for training (e.g. dictionary of terms)? Can it be created, gathered, or acquired?
    • Document internal and external sources of data.
    • Evaluate data quality for all data sources based on the requirements and criteria defined in the previous step.
    • For datasets with data quality issues, determine if the data issues can be resolved (e.g. missing values are inferred). If not, can this issue be resolved by using other data sources?
    • Engage a Data Governance organization to address any data quality concerns.
    • Determine if there are requirements for a specific data format required for the tool or model.
    • Determine if there is a need to classify/label or tag the data. What are the metadata requirements?
    • Define whether or not the implementation team needs to aggregate or transform the data before it can be used.
    • Define privacy requirements, as these might affect the availability of the data for ML/AI.
    • Define data bias concerns and considerations. Do you have datasheets for datasets that will be used in this project? What datasets cannot be used to prevent bias?
    • What are the security requirements and how will they affect data storage, product selection, and infrastructure requirements for the tool and overall solution?
    • Define where and how the data is currently stored and will be stored.
    • Does it have to be migrated or consolidated? Does it have to be moved to the cloud or between systems?
    • Is a data lake or data warehouse a requirement for this implementation as defined by the solution architecture?

    2. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document data requirements

    2-3 hours

    Use the Data tab to document the following for each data source or dataset:
    • Data Domain – e.g. Customer data
    • Data Concept – e.g. Customer
    • Data Internally Accessible – Identify datasets that are required for the implementation even if the data might not be available internally. Work on determining if the data ca be acquired externally or collected internally.
    • Source System – define the primary source system for the data, e.g. Salesforce
    • Target System (if applicable) – Define if the data needs to be migrated/transferred. For example, you might use a datalake or data warehouse for the AI/ML solution or migrate data to the cloud.
    • Classification/Taxonomy/Ontology
    • Data Steward
    • Data Owner
    • Data Quality – Data quality indicator
    • Refresh Rate – Frequency of data refresh. Indicate if the data can be accessed in real time or near-real time

    Screenshot of the Off-the-Shelf AI Analysis Tool's Data tab, a spreadsheet table with the columns listed to the left and below.
    • Retention – Retention policy requirements
    • Compliance Requirements – Define if data has to comply with any of the regulatory requirements, e.g. GDPR
    • Privacy, Bias, and Ethics Considerations – Privacy Act, PIPEDA, etc. Identify if the dataset contains sensitive information that should be excluded from the model, such as gender, age, race etc. Indicate fairness metrics, if applicable.

    Download the Off-the-Shelf AI Analysis Tool

    2. Document data requirements

    Input

    • Documented business use cases from Step 1.
    • High-level business requirements from Step 1.
    • Data catalog, data dictionaries, business glossary
    • Data flows and data architecture

    Output

    • High-level data requirements
    • List of data sources and datasets that can be used for the implementation
    • Datasets that need to be collected or acquired externally

    Materials

    • Whiteboard/Flip Charts
    • Off-the-Shelf AI Analysis Tool, “Data” tab

    Participants

    • CIO
    • Business and IT stakeholders
    • Data owner(s)
    • Data steward(s)
    • Enterprise Architect
    • Data Architect
    • Data scientist/Data analyst

    Is Your Organization Ready for AI?

    Assess organizational readiness and define stakeholders impacted by the implementation. Build the team with the right skillset to drive the solution.

    • Implementation of the AI/ML-powered Off-the-Shelf Tool or an AI/ML model will require a team with a combination of skills through all phases of the project, from design of the solution to build, production, deployment, and support.
    • Document the skillsets required and determine the skills gap. Before you start hiring, depending on the role, you might find talent within the organization to join the implementation team with little to no training.
    • AI/ML resources that may be needed on your team driving AI implementation (you might consider bringing part-time resources to fill the gaps or use vendor developers) are:
      • Data Scientist
      • Machine Learning Engineer
      • Data Engineer
      • Data Architect
      • AI/ML Ops engineer
    • Define training requirements. Consider vendor training for a tool or platform.
    • Plan for future scaling and the growing of the solution and AI practice. Assess the need to apply AI in other business areas. Work with the team to analyze use cases and prioritize AI initiatives. As the practice grows, grow your team expertise.
    • Identify the stakeholders who will be affected by the AI implementation.
    • Work with them to understand and address any concerns, fears, or misconceptions around the role of AI and the consequences of bringing AI into the organization.
    • Develop a communication and change management plan to educate everyone within the organization on the application and benefits of using AI and machine learning.

    Info-Tech Insight:

    Define the skills required for the implementation and assemble the team that will support the project through its entire lifecycle. Don’t forget about production, support, and maintenance.

    3. Build your implementation team

    1-2 hours

    Input: Solution conceptual design, Current resource availability

    Output: Roles required for the implementation of the solution, Resources gap analysis, Training and hiring plan

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “People and Team” tab

    Participants: Project lead, HR, Enterprise Architect

    1. Review your solution conceptual design and define implementation team roles.
    2. Document requirements for each role.
    3. Review current org chart and job descriptions and identify skillset gaps. Draft an action plan to fill in the roles.
    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's People and Team tab to document team roles for the entire implementation, including design, build/implement, deployment, support and maintenance, and future development.

    Screenshot of the Off-the-Shelf AI Analysis Tool's People and Team tab, a table with columns 'Design', 'Implement', 'Deployment', 'Support and Maintenance', and 'Future Development'.

    Download the Off-the-Shelf AI Analysis Tool

    Cloud, SaaS or On Prem – what are my options and what is the impact?

    Depending on the architecture of the solution, define the impact on the current infrastructure, including system integration, AI/ML pipeline deployment, maintenance, and data storage

    • Data Architecture: use the current data architecture to design the architecture for an AI-powered solution. Assess changes to the data architecture with the introduction of a new tool to make sure it is scalable enough to support the change.
    • Define infrastructure requirements for either Cloud, Software-as-a-Service, or on-prem deployment of a tool or model.
    • Define how the tool will be integrated with existing systems and into existing infrastructure.
    • Define requirements for:
      • Data migration and data storage
      • Security
      • AI/ML pipeline deployment, production monitoring, and maintenance
    • Define requirements for operation and maintenance of the tool or model.
    • Work with your infrastructure architect and vendor to determine the cost of deploying and running the tool/model.
    • Make a decision on the preferred architecture of the system and confirm infrastructure readiness.

    Download the Create an Architecture for AI blueprint

    4. Use Info-Tech’s Off-the-Shelf AI Analysis Tool to document infrastructure decisions

    2-3 hours

    Input: Solution conceptual design

    Output: Infrastructure requirements, Infrastructure readiness assessment

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Infrastructure” tab

    Participants: Infrastructure Architect, Solution Architect, Enterprise Architect, Data Architect, ML/AI Ops Engineer

    1. Work with Infrastructure, Data, Solution, and Enterprise Architects to define your conceptual solution architecture.
    2. Define integration and storage requirements.
    3. Document security requirements for the solution in general and the data specifically.
    4. Define MLOps requirements and tools required for ML/AI pipeline deployment and production monitoring.
    5. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Infrastructure tab to document requirements and decisions around Data and Infrastructure Architecture.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Infrastructure tab, a table with columns 'Cloud, SaaS or On-Prem', 'Data Migration Requirements', 'Data Storage Requirements', 'Security Requirements', 'Integrations Required', and 'AI/ML Pipeline Deployment and Maintenance Requirements'.

    Download the Off-the-Shelf AI Analysis Tool

    What questions do you need to ask vendors when choosing the solution?

    Take advantage of Info-Tech’s Rapid Application Selection Framework (RASF) to guide tool selection, but ask vendors the right questions to understand implications of having AI/ML built into the tool or a model

    Data Model Implementation and Integration Deployment Security and Compliance
    • What data (attributes) were used to train the model?
    • Do you have datasheets for the data used?
    • How was data bias mitigated?
    • What are the data labeling/classification requirements for training the model?
    • What data is required for production? E.g. volume; type of data, etc.
    • Were there any open-source libraries used in the model? If yes, how were vulnerabilities and security concerns addressed?
    • What algorithms are implemented in the tool/model?
    • Can model parameters be configured?
    • What is model accuracy?
    • Level of customization required for the implementation to meet our requirements.
    • Does the model require training? If yes, can you provide details? Can you estimate the effort required?
    • Integration capabilities and requirements.
    • Data migration requirements for tool operation and development.
    • Administrator console – is this functionality available?
    • Implementation timeframe.
    • Is the model or tool deployable on premises or in the cloud? Do you support hybrid cloud and multi-cloud deployment?
    • What cloud platforms are your product/model integrated with (AWS, Azure, GCP)?
    • What are the infrastructure requirements?
    • Is the model containerized/ scalable?
    • What product support and product updates are available?
    • Regulatory compliance (GDPR, PIPEDA, HIPAA, PCI DSS, CCPA, SOX, etc.)?
    • How are data security risks addressed?

    Use Info-Tech’s Off-the-Shelf AI Analysis Tool, “Vendor Questionnaire” tab to track vendor responses to these questions.

    Are you measuring impact on your processes?

    Make sure that you understand the impact of the new technology on the existing business and IT processes.

    And make sure your business processes are ready to take advantage of the benefits and new capabilities enabled by AI/ML.

    Process automation, optimization, and improvement enabled by the technology and AI/ML-powered tools allow organizations to reduce manual work, streamline existing business processes, improve customer satisfaction, and get critical insights to assist decision making.

    To take full advantage of the benefits and new capabilities enabled by the technology, make sure that business and IT processes reflect these changes:

    • Processes that need to be updated.
    • How the outcome of the tool or a model (e.g. predictions) is incorporated into the existing business processes and the processes that will monitor the accuracy of the outcome and monitor performance of the tool or model.
    • New business and IT processes that need to be defined for the tool (e.g. chatbot maintenance, analysis of the data generated by the tool, etc.).

    5. Document the Impact on Business and IT Processes

    2-3 hours

    Input: Solution design, Existing business and IT processes

    Output: Documented updates to the existing processes, Documented new business and IT processes

    Materials: Whiteboard/Flip charts, Off-the-Shelf AI Analysis Tool, “Business and IT Processes” tab

    Participants: Project lead, Business stakeholders, Business analyst

    1. Review current business processes affected by the implementation of the AI/ML- powered tool or model. Define the changes that need to be made. The changes might include simplification of the process due to automation of some of the steps. Some processes will need to be redesigned and some processes might become obsolete.
    2. Document high-level steps for any new processes that need to be defined around the AI/ML-powered tool. An example of such a process would be defining new IT and business processes to support a new chatbot.
    3. Use Info-Tech’s Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, to document process changes.

    Screenshot of the Off-the-Shelf AI Analysis Tool's Business and IT Processes tab, a table with columns 'Existing business process affected', 'New business process', 'Stakeholders involved', 'Changes to be made', and 'New Process High-Level Steps'.

    Download the Off-the-Shelf AI Analysis Tool

    AI-powered Tools – Considerations

    PROS:
    • Enhanced functionality, allows the power of AI without specialized skills (e.g., Mathematica – recognizing patterns in data).
    • Might be a cheaper option compared to building a solution in-house (chatbot, for ex.).

    Info-Tech Insight:

    No need to reinvent the wheel and build the product you can buy, but be prepared to work around tool limitations, and make sure you understand the data and the model the tool is built on.

    CONS:
    • Dependency on the service provider.
    • The tool might not meet all the business requirements without customization.
    • Bias can be built into the tool:
      • Work with the vendor to understand what data was used to train the model.
      • From the perspective of ethics and bias, learn what model is implemented in the tool and what data attributes the model uses.

    Pre-built/pre-trained models – what to keep in mind when choosing

    PROS:
    • Lower cost and less time to development compared to creating and training models from scratch (e.g. using image recognition models or pre-trained language models like BERT).
    • If the pre-trained and optimized model perfectly fits your needs, the model accuracy might be high and sufficient for your scenario.
    • Off-the-Shelf AI models are useful for creating prototypes or POCs, for testing a hypothesis, and for validating ideas and requirements.
    • Usage of Off-the-Shelf models shortens the development cycle and reduces investment risks.
    • Language models are particularly useful if you don’t have data to train your own model (a “small data” scenario).
    • Infrastructure and model training cost reduction.
    CONS:
    • Might be a challenge to deploy and maintain the system in production.
    • Lack of flexibility: you might not be able to configure input or output parameters to your requirements. For example, a pre-built sentiment analysis model might return four values (“positive,” “negative,” “neutral,” and “mixed”), but your solution will require only two or three values.
    • Might be a challenge to comply with security and privacy requirements.
    • Compliance with privacy and fairness requirements and considerations: what data was used to pretrain the model?
    • If open-source libraries were used to create the model, how will vulnerabilities, risks, and security concerns be addressed?

    Info-Tech Insight:

    Using Off-the-Shelf AI models enables an agile approach to system development – faster POC and validation of ideas and approaches, but the model might not be customizable for your requirements.

    Metrics

    Metrics and KPIs for this project will depend on the business goals and objectives that you will identify in Step 1 of the tool selection process.

    Metrics might include:

    • Reduction of time spent on a specific business process. If the tool is used to automate certain steps of a business process, this metric will measure how much time was saved, in minutes/hours, compared to the process time before the introduction of the tool.
    • Accuracy of prediction. This metric would measure the accuracy of estimations or predictions compared to the same estimations done before the implementation of the tool. It can be measured by generating the same prediction or estimation using the AI-powered tool or using any methods used before the introduction of the tool and comparing the results.
    • Accuracy of the search results. If the AI-powered tool is a search engine, compare a) how much time it would take a user to find an article or a piece of content they were searching for using new tool vs. previous techniques, b) how many steps it took the user to locate the required article in the search results, and c) the location of the correct piece of content in the search result list (at the top of the search result list or on the tenth page).
    • Time spent on manual tasks and activities. This metric will measure how much time, in minutes/hours, is spent by the employees or users on manual tasks if the tool automates some of these tasks.
    • Reduction of business process steps (if the steps are being automated). To derive this metric, create a map of the business process before the introduction of the AI-powered tool and after, and determine if the tool helped to simplify the process by reducing the number of process steps.

    Bibliography

    Adryan, Boris. “Is it all machine learning?” Badryan, Oct. 20, 2015. Accessed Feb. 2022.

    “AI-Powered Data Management Platform.” Informatica, N.d. Accessed Feb 2022.

    Amazon Rekognition. “Automate your image and video analysis with machine learning.” AWS. N.d. Accessed Feb 2022.

    “Artificial Intelligence (AI).” IBM Cloud Education, 3 June 2020. Accessed Feb 2022.

    “Artificial intelligence (AI) vs machine learning (ML).” Microsoft Azure Documentation. Accessed Feb. 2022.

    “Avante Garde in the Realm of AI” SearchUnify Cognitive Platform. Accessed Feb 2022.

    “Azure Cognitive Services.” Microsoft. N.d. Accessed Feb 2022.

    “Becoming an AI-fueled organization. State of AI in the enterprise, 4th edition,” Deloitte, 2020. Accessed Feb. 2022.

    “Coveo Predictive Search.” Coveo, N.d. Accessed Feb 2022.

    ”Data and AI Leadership. Executive Survey 2022. Executive Summary of Findings.” NewVantage Partners. Accessed Feb 2022.

    “Einstein Discovery in Tableau.” Tableau, N.d. Accessed Feb 2022.

    Korolov, Maria. “9 biggest hurdles to AI adoption.” CIO, Feb 26, 2019. Accessed Feb 2022.

    Meel, Vidushi. “What Is Deep Learning? An Easy to Understand Guide.” visio.ai. Accessed Feb. 2022.

    Mitchell, Tom. “Machine Learning,” McGraw Hill, 1997.

    Stewart, Matthew. “The Actual Difference Between Statistics and Machine Learning.” Towards Data Science, Mar 24, 2019. Accessed Feb 2022.

    “Sentiment analysis with Cognitive Services.” Microsoft Azure Documentation. Accessed February 2022.

    “Three Principles for Designing ML-Powered Products.” Spotify Blog. Oct 2019, Accessed Feb 2022.

    “Video Intelligence API.” Google Cloud Platform. N.d. Accessed Feb 2022

    Stabilize Release and Deployment Management

    • Buy Link or Shortcode: {j2store}453|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $38,699 Average $ Saved
    • member rating average days saved: 37 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Lack of control over the release process, poor collaboration between teams, and manual deployments lead to poor quality releases at a cost to the business.

    Our Advice

    Critical Insight

    • Manage risk. Release management should stabilize the IT environment. A poorly designed release can take down the whole business. Rushing releases out the door leads to increased risk for the business.
    • Quality processes are key. Standardized process will enable your release and deployment management teams to have a framework to deploy new releases with minimal chance of costly downtime further down the production chain.
    • Business must own the process. Release managers need oversight of the business to remain good stewards of the release management process.

    Impact and Result

    • Be prepared with a release management policy. With vulnerabilities discovered and published at an alarming pace, organizations have to build a plan to address and fix them quickly. A detailed release and patch policy should map out all the logistics of the deployment in advance, so that when necessary, teams can handle rollouts like a well-oiled machine.
    • Automate your software deployment and patch management strategy. Replace tedious and time-consuming manual processes with the use of automated release and patch management tools. Some organizations have a variety of release tools for various tasks and processes to ensure all or most of the required processes are covered across a diverse development environment.
    • Test deployments and monitor your releases. Larger organizations may have the luxury of a test environment prior to deployment, but that may be cost prohibitive for smaller organizations. If resources are a constraint, roll out the patch gradually and closely monitor performance to be able to quickly revert in the event of an issue.

    Stabilize Release and Deployment Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should control and stabilize your release and deployment management practice while improving the quality of releases and deployments, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Analyze current state

    Begin improving release management by assessing the current state and gaining a solid understanding of how core operational processes are actually functioning within the organization.

    • Stabilize Release and Deployment Management – Phase 1: Analyze Current State
    • Release Management Maturity Assessment
    • Release Management Project Roadmap Tool
    • Release Management Workflow Library (Visio)
    • Release Management Workflow Library (PDF)
    • Release Management Standard Operating Procedure
    • Patch Management Policy
    • Release Management Policy
    • Release Management Deployment Tracker
    • Release Management Build Procedure Template

    2. Plan releases and deployments

    Plan releases to gather all the pieces in one place and define what, why, when, and how a release will happen.

    • Stabilize Release and Deployment Management – Phase 2: Release and Deployment Planning

    3. Build, test, deploy

    Take a holistic and comprehensive approach to effectively designing and building releases. Get everything right the first time.

    • Stabilize Release and Deployment Management – Phase 3: Build, Test, Deploy

    4. Measure, manage, improve

    Determine desired goals for release management to ensure both IT and the business see the benefits of implementation.

    • Stabilize Release and Deployment Management – Phase 4: Measure, Manage, Improve
    [infographic]

    Workshop: Stabilize Release and Deployment Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze Current State

    The Purpose

    Release management improvement begins with assessment of the current state.

    Key Benefits Achieved

    A solid understanding of how core operational processes are actually functioning within the organization.

    Activities

    1.1 Evaluate process maturity.

    1.2 Assess release management challenges.

    1.3 Define roles and responsibilities.

    1.4 Review and rightsize existing policy suite.

    Outputs

    Maturity Assessment

    Release Management Policy

    Release Management Standard Operating Procedure

    Patch Management Policy

    2 Release Management Planning

    The Purpose

    In simple terms, release planning puts all the pertinent pieces in one place.

    Key Benefits Achieved

    It defines the what, why, when, and how a release will happen.

    Activities

    2.1 Design target state release planning process.

    2.2 Define, bundle, and categorize releases.

    2.3 Standardize deployment plans and models.

    Outputs

    Release Planning Workflow

    Categorization and prioritization schemes

    Deployment models aligned to release types

    3 Build, Test, and Deploy

    The Purpose

    Take a holistic and comprehensive approach to effectively designing and building releases.

    Key Benefits Achieved

    Standardize build and test procedures to begin to drive consistency.

    Activities

    3.1 Standardize build procedures for deployments.

    3.2 Standardize test plans aligned to release types.

    Outputs

    Build procedure for hardware and software releases

    Test models aligned to deployment models

    4 Measure, Manage, and Improve

    The Purpose

    Determine and define the desired goals for release management as a whole.

    Key Benefits Achieved

    Agree to key metrics and success criteria to start tracking progress and establish a post-deployment review process to promote continual improvement.

    Activities

    4.1 Determine key metrics to track progress.

    4.2 Establish a post-deployment review process.

    4.3 Understand and define continual improvement drivers.

    Outputs

    List of metrics and goals

    Post-deployment validation checklist

    Project roadmap

    Build a Strategic IT Workforce Plan

    • Buy Link or Shortcode: {j2store}390|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $180,171 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Talent has become a competitive differentiator. To 46% of business leaders, workforce planning is a top priority – yet only 13% do it effectively.
    • CIOs aren’t sure what they need to give the organization a competitive edge or how current staffing line-ups fall short.

    Our Advice

    Critical Insight

    • A well defined strategic workforce plan (SWP) isn’t just a nice-to-have, it’s a must-have.
    • Integrate as much data as possible into your workforce plan to best prepare you for the future. Without knowledge of your future initiatives, you are filling hypothetical holes.
    • To be successful, you need to understand your strategic initiatives, workforce landscape, and external and internal trends.

    Impact and Result

    The workforce planning process does not need to be onerous, especially with help from Info-Tech’s solid planning tools. With the right people involved and enough time invested, developing an SWP will be easier than first thought and time well spent. Leverage Info-Tech’s client-tested 5-step process to build a strategic workforce plan:

    1. Build a project charter
    2. Assess workforce competency needs
    3. Identify impact of internal and external trends
    4. Identify the impact of strategic initiatives on roles
    5. Build and monitor the workforce plan

    Build a Strategic IT Workforce Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strategic workforce plan for IT, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Initiate the project

    Assess the value of a strategic workforce plan and the IT department’s fit for developing one, and then structure the workforce planning project.

    • Build a Strategic Workforce Plan – Phase 1: Initiate the Project
    • IT Strategic Workforce Planning Project Charter Template
    • IT Strategic Workforce Planning Project Plan Template

    2. Analyze workforce needs

    Gather and analyze workforce needs based on an understanding of the relevant internal and external trends, and then produce a prioritized plan of action.

    • Build a Strategic Workforce Plan – Phase 2: Analyze Workforce Needs
    • Workforce Planning Workbook

    3. Build the workforce plan

    Evaluate workforce priorities, plan specific projects to address them, and formalize and integrate strategic workforce planning into regular planning processes.

    • Build a Strategic Workforce Plan – Phase 3: Build and Monitor the SWP
    [infographic]

    Workshop: Build a Strategic IT Workforce Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Project Goals, Metrics, and Current State

    The Purpose

    Develop a shared understanding of the challenges your organization is facing with regards to talent and workforce planning.

    Key Benefits Achieved

    An informed understanding of whether or not you need to develop a strategic workforce plan for IT.

    Activities

    1.1 Identify goals, metrics, and opportunities

    1.2 Segment current roles

    1.3 Identify organizational culture

    1.4 Assign job competencies

    1.5 Assess current talent

    Outputs

    Identified goals, metrics, and opportunities

    Documented organizational culture

    Aligned competencies to roles

    Identified current talent competency levels

    2 Assess Workforce and Analyze Trends

    The Purpose

    Perform an in-depth analysis of how internal and external trends are impacting the workforce.

    Key Benefits Achieved

    An enhanced understanding of the current talent occupying the workforce.

    Activities

    2.1 Assess environmental trends

    2.2 Identify impact on workforce requirements

    2.3 Identify how trends are impacting critical roles

    2.4 Explore viable options

    Outputs

    Complete internal trends analysis

    Complete external trends analysis

    Identified internal and external trends on specific IT roles

    3 Perform Gap Analysis

    The Purpose

    Identify the changing competencies and workforce needs of the future IT organization, including shortages and surpluses.

    Key Benefits Achieved

    Determined impact of strategic initiatives on workforce needs.

    Identification of roles required in the future organization, including surpluses and shortages.

    Identified projects to fill workforce gaps.

    Activities

    3.1 Identify strategic initiatives

    3.2 Identify impact of strategic initiatives on roles

    3.3 Determine workforce estimates

    3.4 Determine projects to address gaps

    Outputs

    Identified workforce estimates for the future

    List of potential projects to address workforce gaps

    4 Prioritize and Plan

    The Purpose

    Prepare an action plan to address the critical gaps identified.

    Key Benefits Achieved

    A prioritized plan of action that will fill gaps and secure better workforce outcomes for the organization.

    Activities

    4.1 Determine and prioritize action items

    4.2 Determine a schedule for review of initiatives

    4.3 Integrate workforce planning into regular planning processes

    Outputs

    Prioritized list of projects

    Completed workforce plan

    Identified opportunities for integration

    Mitigate Machine Bias

    • Buy Link or Shortcode: {j2store}343|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $9,549 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • AI is the new electricity. It is fundamentally and radically changing the fabric of our world, from the way we conduct business, to how we work and live, make decisions, and engage with each other, to how we organize our society, and ultimately, to who we are. Organizations are starting to adopt AI to increase efficiency, better engage customers, and make faster, more accurate decisions.
    • Like with any new technology, there is a flip side, a dark side, to AI – machine biases. If unchecked, machine biases replicate, amplify, and systematize societal biases. Biased AI systems may treat some of your customers (or employees) differently, based on their race, gender, identity, age, etc. This is discrimination, and it is against the law. It is also bad for business, including missed opportunities, lost consumer confidence, reputational risk, regulatory sanctions, and lawsuits.

    Our Advice

    Critical Insight

    • Machine biases are not intentional. They reflect the cognitive biases, preconceptions, and judgement of the creators of AI systems and the societal structures encoded in the data sets used for machine learning.
    • Machine biases cannot be prevented or fully eliminated. Early identification and diversity in and by design are key. Like with privacy and security breaches, early identification and intervention – ideally at the ideation phase – is the best strategy. Forewarned is forearmed. Prevention starts with a culture of diversity, inclusivity, openness, and collaboration.
    • Machine bias is enterprise risk. Machine bias is not a technical issue. It is a social, political, and business problem. Integrate it into your enterprise risk management (ERM).

    Impact and Result

    • Just because machine biases are induced by human behavior, which is also captured in data silos, they are not inevitable. By asking the right questions upfront during application design, you can prevent many of them.
    • Biases can be introduced into an AI system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used, to which assumptions are made, etc. Ask your data science team a lot of questions; leave no stone unturned.
    • Don’t wait until “Datasheets for Datasets” and “Model Cards for Model Reporting” (or similar frameworks) become standards. Start creating these documents now to identify and analyze biases in your apps. If using open-source data sets or libraries, you may need to create them yourself for now. If working with partners or using AI/ ML services, demand that they provide such information as part of the engagement. You, not your partners, are ultimately responsible for the AI-powered product or service you deliver to your customers or employees.
    • Build a culture of diversity, transparency, inclusivity, and collaboration – the best mechanism to prevent and address machine biases.
    • Treat machine bias as enterprise risk. Use your ERM to guide all decisions around machine biases and their mitigation.

    Mitigate Machine Bias Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the dark side of AI: algorithmic (machine) biases, how they emerge, why they are dangerous, and how to mitigate them. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand AI biases

    Learn about machine biases, how and where they arise in AI systems, and how they relate to human cognitive and societal biases.

    • Mitigate Machine Bias – Phase 1: Understand AI Biases

    2. Identify data biases

    Learn about data biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 2: Identify Data Biases
    • Datasheets for Data Sets Template
    • Datasheets for Datasets

    3. Identify model biases

    Learn about model biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 3: Identify Model Biases
    • Model Cards for Model Reporting Template
    • Model Cards For Model Reporting

    4. Mitigate machine biases and risk

    Learn about approaches for proactive and effective bias prevention and mitigation.

    • Mitigate Machine Bias – Phase 4: Mitigate Machine Biases and Risk
    [infographic]

    Workshop: Mitigate Machine Bias

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare

    The Purpose

    Understand your organization’s maturity with respect to data and analytics in order to maximize workshop value.

    Key Benefits Achieved

    Workshop content aligned to your organization’s level of maturity and business objectives.

    Activities

    1.1 Execute Data Culture Diagnostic.

    1.2 Review current analytics strategy.

    1.3 Review organization's business and IT strategy.

    1.4 Review other supporting documentation.

    1.5 Confirm participant list for workshop.

    Outputs

    Data Culture Diagnostic report.

    2 Understand Machine Biases

    The Purpose

    Develop a good understanding of machine biases and how they emerge from human cognitive and societal biases. Learn about the machine learning process and how it relates to machine bias.

    Select an ML/AI project and complete a bias risk assessment.

    Key Benefits Achieved

    A solid understanding of algorithmic biases and the need to mitigate them.

    Increased insight into how new technologies such as ML and AI impact organizational risk.

    Customized bias risk assessment template.

    Completed bias risk assessment for selected project.

    Activities

    2.1 Review primer on AI and machine learning (ML).

    2.2 Review primer on human and machine biases.

    2.3 Understand business context and objective for AI in your organization.

    2.4 Discuss selected AI/ML/data science project or use case.

    2.5 Review and modify bias risk assessment.

    2.6 Complete bias risk assessment for selected project.

    Outputs

    Bias risk assessment template customized for your organization.

    Completed bias risk assessment for selected project.

    3 Identify Data Biases

    The Purpose

    Learn about data biases: what they are and where they originate.

    Learn how to address or mitigate data biases.

    Identify data biases in selected project.

    Key Benefits Achieved

    A solid understanding of data biases and how to mitigate them.

    Customized Datasheets for Data Sets Template.

    Completed datasheet for data sets for selected project.

    Activities

    3.1 Review machine learning process.

    3.2 Review examples of data biases and why and how they happen.

    3.3 Identify possible data biases in selected project.

    3.4 Discuss “Datasheets for Datasets” framework.

    3.5 Modify Datasheets for Data Sets Template for your organization.

    3.6 Complete datasheet for data sets for selected project.

    Outputs

    Datasheets for Data Sets Template customized for your organization.

    Completed datasheet for data sets for selected project.

    4 Identify Model Biases

    The Purpose

    Learn about model biases: what they are and where they originate.

    Learn how to address or mitigate model biases.

    Identify model biases in selected project.

    Key Benefits Achieved

    A solid understanding of model biases and how to mitigate them.

    Customized Model Cards for Model Reporting Template.

    Completed model card for selected project.

    Activities

    4.1 Review machine learning process.

    4.2 Review examples of model biases and why and how they happen.

    4.3 Identify potential model biases in selected project.

    4.4 Discuss Model Cards For Model Reporting framework.

    4.5 Modify Model Cards for Model Reporting Template for your organization.

    4.6 Complete model card for selected project.

    Outputs

    Model Cards for Model Reporting Template customized for your organization.

    Completed model card for selected project.

    5 Create Mitigation Plan

    The Purpose

    Review mitigation approach and best practices to control machine bias.

    Create mitigation plan to address machine biases in selected project. Align with enterprise risk management (ERM).

    Key Benefits Achieved

    A solid understanding of the cultural dimension of algorithmic bias prevention and mitigation and best practices.

    Drafted plan to mitigate machine biases in selected project.

    Activities

    5.1 Review and discuss lessons learned.

    5.2 Create mitigation plan to address machine biases in selected project.

    5.3 Review mitigation approach and best practices to control machine bias.

    5.4 Identify gaps and discuss remediation.

    Outputs

    Summary of challenges and recommendations to systematically identify and mitigate machine biases.

    Plan to mitigate machine biases in selected project.

    Build Your Security Operations Program From the Ground Up

    • Buy Link or Shortcode: {j2store}263|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $56,299 Average $ Saved
    • member rating average days saved: 43 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Analysts cannot monitor and track events coming from multiple tools because they have no visibility into the threat environment.
    • Incident management takes away time from problem management because processes are ad hoc and the continuous monitoring, collection, and analysis of massive volumes of security event data is responsive rather than tactical.
    • Organizations are struggling to defend against and prevent threats while juggling business, compliance, and consumer obligations.

    Our Advice

    Critical Insight

    • Security operations is no longer a center but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    • Raw data without correlation is a waste of time, money, and effort. A SIEM on its own will not provide this contextualization and needs configuration. Prevention, detection, analysis, and response processes must contextualize threat data and supplement one another – true value will only be realized once all four functions operate as a unified process.
    • If you are not communicating, then you are not secure. Collaboration eliminates siloed decisions by connecting people, processes, and technologies. You leave less room for error, consume fewer resources, and improve operational efficiency with a transparent security operations process.

    Impact and Result

    • A centralized security operations process actively transforms security events and threat information into actionable intelligence, driving security prevention, detection, analysis, and response processes that address the increasing sophistication of cyberthreats while guiding continuous improvement.
    • This blueprint will walk through the steps of developing a flexible and systematic security operations program relevant to your organization.

    Build Your Security Operations Program From the Ground Up Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a security operations program, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish your foundation

    Determine how to establish the foundation of your security operations.

    • Build Your Security Operations Program From the Ground Up – Phase 1: Establish Your Foundation
    • Information Security Pressure Analysis Tool

    2. Assess your current state

    Assess the maturity of your prevention, detection, analysis, and response processes.

    • Build Your Security Operations Program From the Ground Up – Phase 2: Assess Your Current State
    • Security Operations Roadmap Tool

    3. Design your target state

    Design a target state and improve your governance and policy solutions.

    • Build Your Security Operations Program From the Ground Up – Phase 3: Design Your Target State
    • Security Operations Policy

    4. Develop an implementation roadmap

    Make your case to the board and develop a roadmap for your prioritized security initiatives.

    • Build Your Security Operations Program From the Ground Up – Phase 4: Develop an Implementation Roadmap
    • In-House vs. Outsourcing Decision-Making Tool
    • Security Operations MSSP RFP Template
    • Security Operations Project Charter Template
    • Security Operations RACI Tool
    • Security Operations Metrics Summary Document
    [infographic]

    Workshop: Build Your Security Operations Program From the Ground Up

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Your Foundation

    The Purpose

    Identify security obligations and the security operations program’s pressure posture.

    Assess current people, process, and technology capabilities.

    Determine foundational controls and complete system and asset inventory.

    Key Benefits Achieved

    Identified the foundational elements needed for planning before a security operations program can be built

    Activities

    1.1 Define your security obligations and assess your security pressure posture.

    1.2 Determine current knowledge and skill gaps.

    1.3 Shine a spotlight on services worth monitoring.

    1.4 Assess and document your information system environment.

    Outputs

    Customized security pressure posture

    Current knowledge and skills gaps

    Log register of essential services

    Asset management inventory

    2 Assess Current Security Operations Processes

    The Purpose

    Identify the maturity level of existing security operations program processes.

    Key Benefits Achieved

    Current maturity assessment of security operations processes

    Activities

    2.1 Assess the current maturity level of the existing security operations program processes.

    Outputs

    Current maturity assessment

    3 Design a Target State

    The Purpose

    Design your optimized target state.

    Improve your security operations processes with governance and policy solutions.

    Identify and prioritize gap initiatives.

    Key Benefits Achieved

    A comprehensive list of initiatives to reach ideal target state

    Optimized security operations with repeatable and standardized policies

    Activities

    3.1 Complete standardized policy templates.

    3.2 Map out your ideal target state.

    3.3 Identify gap initiatives.

    Outputs

    Security operations policies

    Gap analysis between current and target states

    List of prioritized initiatives

    4 Develop an Implementation Roadmap

    The Purpose

    Formalize project strategy with a project charter.

    Determine your sourcing strategy for in-house or outsourced security operations processes.

    Assign responsibilities and complete an implementation roadmap.

    Key Benefits Achieved

    An overarching and documented strategy and vision for your security operations

    A thorough rationale for in-house or outsourced security operations processes

    Assigned and documented responsibilities for key projects

    Activities

    4.1 Complete a security operations project charter.

    4.2 Determine in-house vs. outsourcing rationale.

    4.3 Identify dependencies of your initiatives and prioritize initiatives in phases of implementation.

    4.4 Complete a security operations roadmap.

    Outputs

    Security operations project charter

    In-house vs. outsourcing rationale

    Initiatives organized according to phases of development

    Planned and achievable security operations roadmap

    Map Technical Skills for a Changing Infrastructure & Operations Organization

    • Buy Link or Shortcode: {j2store}333|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Infrastructure & Operations is changing rapidly. It’s a constant challenge to find the right skills to support the next new technology while at the same time maintaining the skills in house that allow you to support your existing platforms.
    • A lack of clarity around required skills makes finding the right skills difficult, and it’s not clear whether you should train, hire, contract, or outsource to address gaps.
    • You need to keep up with changes and new strategy while continuing to support your existing environment.

    Our Advice

    Critical Insight

    • Take a strategic approach to acquiring skills – looking only as far as the needs of the next project will lead to a constant skills shortage with no plan for it to be addressed.
    • Begin by identifying your future state. Identify needed skills in the organization to support planned projects and initiatives, and to mitigate skills-related risks.

    Impact and Result

    • Leverage your infrastructure roadmap and cloud strategy to identify needed skills in your future state environment.
    • Decide how you’ll acquire needed skills based on the characteristics of need for each skill.
    • Communicate the change and create a plan of action for the skills transformation.

    Map Technical Skills for a Changing Infrastructure & Operations Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should map technical skills for a changing Infrastructure & Operations organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skills needs for the future state environment

    Identify what skills are needed based on where the organization is going.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 1: Identify Skills Needs for Your Future State Environment
    • Future State Playbook
    • IT/Cloud Solutions Architect
    • IT/Cloud Engineer
    • IT/Cloud Administrator
    • IT/Cloud Demand Billing & Accounting Analyst

    2. Acquire needed skills

    Ground skills acquisition decisions in the characteristics of need.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 2: Acquire Needed Skills
    • Technical Skills Map

    3. Maximize the value of the skills map

    Get stakeholder buy-in; leverage the skills map in other processes.

    • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 3: Maximize the Value of Your Skills Map
    • Technical Skills Map Communication Deck Template
    [infographic]

    Workshop: Map Technical Skills for a Changing Infrastructure & Operations Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Initiatives and Skills-Related Risks

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    1.1 Review the list of initiatives and projects with the group.

    1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.

    1.3 Identify skills-related risks and pain points.

    Outputs

    Future State Playbook

    2 Identify Needed Skills and Roles

    The Purpose

    Identify process and skills changes required by the future state of your environment.

    Key Benefits Achieved

    Set foundation for alignment between strategy-defined technology initiatives and needed skills.

    Activities

    2.1 Identify skills required to support the new environment.

    2.2 Map required skills to roles.

    Outputs

    IT/Cloud Architect Role Description

    IT/Cloud Engineer Role Description

    IT/Cloud Administrator Role Description

    3 Create a Plan to Acquire Needed Skills

    The Purpose

    Create a skills acquisition strategy based on the characteristics of need.

    Key Benefits Achieved

    Optimal skills acquisition strategy defined.

    Activities

    3.1 Modify impact scoring scale for key skills decision factors.

    3.2 Apply impact scoring scales to needed skills

    3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.

    Outputs

    Technical Skills Map

    4 Develop a Communication Plan

    The Purpose

    Create an effective communication plan for different stakeholders across the organization.

    Identify opportunities to leverage the skills map elsewhere.

    Key Benefits Achieved

    Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.

    Activities

    4.1 Review skills decisions and decide how you will acquire skills in each role.

    4.2 Update roles descriptions.

    4.3 Create a change message.

    4.4 Identify opportunities to leverage the skills map in other processes.

    Outputs

    Technical Skills Map Communication Deck

    Communicate Any IT Initiative

    • Buy Link or Shortcode: {j2store}428|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    IT communications are often considered ineffective and unengaging. This is demonstrated by the:

    • Lack of expectation that IT should communicate well. Why develop a skill that no one expects IT to deliver on?
    • Failure to recognize the importance of communication to engage employees and communicate ideas.
    • Perception that communication is a broadcast not a continuous dialogue.
    • Inability to create, monitor, and manage feedback mechanisms.
    • Overreliance on data as the main method of communication instead of as evidence to support a broader narrative.

    Our Advice

    Critical Insight

    • Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue with the story you share.
    • Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience.
    • Recognize that communications are essential even in highly technical IT environments.
    • Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed.

    Impact and Result

    • Develop an actionable plan to deliver consistent, timely messaging for all audiences.
    • Compose and deliver meaningful messages.
    • Consistently deliver the right information and the right time to the right stakeholders.

    Communicate Any IT Initiative Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Communicate Any IT Initiative Deck – A step-by-step document that walks you through how to plan, compose, and deliver communications to any stakeholder up, down, or across the organization.

    This blueprint not only provides the tools and techniques for planning, composing, and delivering effective communications, but also walks you through practical exercises. Practice and perfect your communication, composition, and delivery skills for any IT initiative.

    • Communicate Any IT Initiative – Phases 1-3

    2. Communicate Any IT Initiative Facilitation Deck – A step-by-step communications workshop deck suitable for any workshop with a communication component.

    Communication concepts and exercises that teach you how to plan, compose, and deliver effective communications. The deck includes practical tools, techniques, and skills practice.

    • Communicate Any IT Initiative Facilitation Deck

    3. Communications Planner – An communications plan template that includes a section to define a change, a communications plan, communications calendars, and a pitch composition exercise.

    This communications planner is a tool that accompanies the Effective IT Communications blueprint and the Communicate Any IT Initiative Facilitation Deck so that you can plan your communications, view your deliverables, and compose your pitch all in one document.

    • Communications Planner Tool

    4. Stakeholder Analysis Tool – A tool to help ensure that all stakeholders are identified and none are missed.

    A tool for identifying stakeholders and conducting an analysis to understand their degree of influence or impact.

    • Stakeholder Management Analysis Tool
    [infographic]

    Further reading

    Communicate Any IT Initiative

    Plan, compose, and deliver communications that engage your audience.

    Executive Summary

    Your Challenge Common Obstacles Info-Tech’s Approach
    Communicating about your initiative is when the work really begins. Many organizations struggle with:
    • Knowing what target audiences need to be communicated with.
    • Communicating the same message consistently and clearly across target audiences.
    • Communicating to target audiences at the right times.
    • Selecting a channel that will be most effective for the message and practicing to deliver that message.
    Some of the challenges IT faces when it comes to communicating its initiatives includes:
    • Not being given the opportunity or time to practice composing or delivering communications.
    • Coordinating the communications of this initiative with other initiative communications.
    • Forgetting to communicate with key stakeholders.
    Choosing not to communicate because we do not know how it’s leading to initiative failures and lack of adoption by impacted parties.
    For every IT initiative you have going forward, focus on following these three steps:
    1. Create a plan of action around who, what, how, and when communications will take place.
    2. Compose an easy-to-understand pitch for each stakeholder audience.
    3. Practice delivering the message in an authentic and clear manner.
    By following these steps, you will ensure that your audience always understands and feels ready to engage with you.

    Info-Tech Insight
    Every IT employee can be a great communicator; it just takes a few consistent steps, the right tools, and a dedication to practicing communicating your message.

    Info-Tech’s approach

    Effective communications is not a broadcast but a dialogue between communicator and audience in a continuous feedback loop.

    Continuous Feedback Loop

    The Info-Tech difference:

    1. The skills needed to communicate effectively as a front-line employee or CIO are the same. It’s important to begin the development of these skills from the beginning of one's career.
    2. Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.
    3. Don't make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue about the story you share.

    Poor communication can lead to dissatisfied stakeholders

    27.8% of organizations are not satisfied with IT communications.

    25.8% of business stakeholders are not satisfied with IT communications.

    Source: Info-Tech Diagnostic Programs; n=34,345 business stakeholders within 604 organizations

    The bottom line? Stakeholders for any initiative need to be communicated with often and well. When stakeholders become dissatisfied with IT’s communication, it can lead to an overall decrease in satisfaction with IT.

    Good IT initiative communications can be leverage

    • IT risk mitigation and technology initiative funding are dependent on critical stakeholders comprehending the risk impact and initiative benefit in easy-to-understand terms.
    • IT employees need clear and direct information to feel empowered and accountable to do their jobs well.
    • End users who have a good experience engaging in communications with IT employees have an overall increase in satisfaction with IT.
    • Continuously demonstrating IT’s value to the organization comes when those initiatives are clearly aligned to overall objectives – don’t assume this alignment is being made.
    • Communication prevents assumptions and further miscommunication from happening among IT employees who are usually impacted and fear change the most.

    “Nothing gets done properly if it's not communicated well.”
    -- Nastaran Bisheban, CTO KFC Canada

    Approach to communications

    Introduction
    Review effective communications.

    Plan
    Plan your communications using a strategic tool.

    Compose
    Create your own message.

    Deliver
    Practice delivering your own message.

    Info-Tech’s methodology for effective IT communications

    1. Plan Strategic Communications 2. Compose a Compelling Message 3. Deliver Messages Effectively
    Step Activities
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    1. Craft a Pitch
    2. Revise the Pitch
    1. Deliver Your Pitch
    2. Refine and Deliver Again
    Step Outcomes Establish an easy-to-read view of the key communications that need to take place related to your initiative or change. Practice writing a pitch that conveys the message in a compelling and easy-to-understand way. Practice delivering the pitch. Ensure there is authenticity in the delivery while still maintaining the audience’s attention.

    This blueprint can support communication about any IT initiative

    • Strategy or roadmap
    • Major transformational change
    • System integration
    • Process changes
    • Service changes
    • New solution rollouts
    • Organizational restructuring

    We recommend considering this blueprint a natural add-on to any completed Info-Tech blueprint, whether it is completed in the DIY fashion or through a Guided Implementation or workshop.

    Key deliverable:

    Communication Planner
    A single place to plan and compose all communications related to your IT initiative.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Facilitation Guide
    A step-by-step guide to help your IT organization develop a communication plan and practice composing and delivering key messages.

    Stakeholder Analysis
    An ability to assess all stakeholders based on impact, influence, and involvement.

    Workshop Overview

    MorningAfternoon
    ActivitiesPlan Strategic Communications for Your Initiative
    1. Define the Change
    2. Determine Target Audience
    3. Communication Outcomes
    4. Clarify the Key Message(s)
    5. Identify the Owner and Messenger(s)
    6. Select the Right Channels
    7. Establish a Frequency and Time Frame
    8. Obtain Feedback and Improve
    9. Finalize the Calendar
    Compose and Deliver a Compelling Message
    1. Craft a Pitch
    2. Revise the Pitch
    3. Deliver Your Pitch
    4. Refine and Deliver Again
    Deliverables
    1. Communication planner with weekly, monthly, and yearly calendar views to ensure consistent and ongoing engagement with every target audience member
    1. Crafted pitches that can be used for communicating the initiative to different stakeholders
    2. Skills and ability to deliver messages more effectively

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Key KPIs for communication with any stakeholder

    Measuring communication is hard; use these to determine effectiveness:

    Goal Key Performance Indicator (KPI) Related Resource
    Obtain board buy-in for IT strategic initiatives. X% of IT initiatives that were approved to be funded.
    Number of times that technical initiatives were asked to be explained further.
    Using our Board Presentation Review
    Ensure stakeholders feel engaged during initiatives. X% of business leadership satisfied with the statement “IT communicates with your group effectively.” Using the CIO Business Vision Diagnostic
    End users know what IT initiatives are going to impact the products or services they use. X% of end users that are satisfied with communications around changing services or applications. Using the End-User Satisfaction Survey
    Project stakeholders receive sufficient communication throughout the initiative. X% overall satisfaction with the quality of the project communications. Using the PPM Customer Satisfaction Diagnostic
    Employees are empowered to perform on IT initiatives. X% satisfaction employees have with statement “I have all the resources and information I need to do a great job.” Using the Employee Engagement Diagnostic Program

    Phase 1

    Plan Strategic Communications

    Activities
    1.1 Define the Change
    1.2 Determine Target Audience
    1.3 Communication Outcomes
    1.4 Clarify the Key Message(s)
    1.5 Identify the Owner and Messenger(s)
    1.6 Select the Right Channels
    1.7 Establish a Frequency and Time Frame
    1.8 Obtain Feedback and Improve
    1.9 Finalize the Calendar

    Communicate Any IT Initiative Effectively
    Phase1 > Phase 2 > Phase 3

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Create an easy-to-follow communications plan to ensure that the right message is sent to the right audience using the right medium and frequency.

    What is an IT change?

    Before communicating, understand the degree of change.

    Incremental Change:
    • Changes made to improve current processes or systems (e.g. optimizing current technology).
    Transitional Change:
    • Changes that involve dismantling old systems and/or processes in favor of new ones (e.g. new product or services added).
    Transformational Change:
    • Significant change in organizational strategy or culture resulting in substantial shift in direction.
    Examples:
    • New or changed policy
    • Switching from on-premises to cloud-first infrastructure
    • Implementing ransomware risk controls
    • Implementing a learning & development plan
    Examples:
    • Moving to an insourced or outsourced service desk
    • Developing a BI & analytics function
    • Integrating risk into organization risk
    • Developing a strategy (technology, architecture, security, data, service, infrastructure, application)
    Examples:
    • Organizational redesign
    • Acquisition or merger of another organization
    • Implementing a digital strategy
    • A new CEO or board taking over the organization's direction

    Consider the various impacts of the change

    Invest time at the start of the project to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time in the end. Evaluate the impact from a people, process, and technology perspective.

    Leverage a design thinking principle: Empathize with the stakeholder – what will change?

    People

    • Team structure
    • Reporting structure
    • Career paths
    • Job skills
    • Responsibilities
    • Company vision/mission
    • Number of FTE
    • Culture
    • Training required

    Process

    • Budget
    • Work location
    • Daily workflow
    • Working conditions
    • Work hours
    • Reward structure
    • Required number of completed tasks
    • Training required

    Technology

    • Required tools
    • Required policies
    • Required systems
    • Training required

    1.1 Define the change

    30 minutes

    1. While different stakeholders will be impacted by the change differently, it’s important to be able to describe what the change is at a higher level.
    2. Have everyone take eight minutes to jot down what the change is and why it is happening in one to two sentences. Tab 2 of the Communication Planner Tool can also be used to house the different ideas.
    3. Present the change statements to one another.
    4. By leveraging one of the examples or consolidating many examples, as a group document:
      • What is the change?
      • Why is it happening?
    5. The goal is to ensure that all individuals involved in establishing or implementing the change have the same understanding.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Ensure effective communication by focusing on four key elements

    Audience
    Stakeholders (either groups or individuals) who will receive the communication.

    Message
    Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.

    Messenger
    Person who delivers the communication to the audience. The communicator and owner are two different things.

    Channel
    Method or channel used to communicate to the audience.

    Identify the target audience

    The target audience always includes groups and individuals who are directly impacted by the change and may also include those who are change adjacent.

    Define the target audience: Identify which stakeholders will be the target audience of communications related to the initiative. Stakeholders can be single individuals (CFO) or groups (Applications Team).

    Stakeholders to consider:

    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?

    1.2a Determine target audience

    20 minutes

    1. Consider all the potential individuals or groups of individuals who will be impacted or can influence the outcome of the initiative.
    2. On tab 3 of the Communication Planner Tool, list each of the stakeholders who will be part of the target audience. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that make up the target audience are all the people who require being communicated with before, during, or after the initiative.
    3. As you list each target audience, consider how they perceive IT. This perception could impact how you choose to communicate with the stakeholder(s).
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    1.2b Conduct a stakeholder analysis (optional)

    1 hour

    1. For each stakeholder identified as a part of the target audience, conduct an analysis to understand their degree of influence or impact.
    2. Based on the stakeholder, the influence or impact of the change, initiative, etc. can inform the type and way of communicating.
    3. This is a great activity for those who are unsure how to frame communications for each stakeholder identified as a target audience.
    InputOutput
    • The change
    • Why the change is needed
    • A list of individuals or group of individuals that will be communicated with
    • The degree of influence or impact each target audience stakeholder has.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Stakeholder Management Analysis Tool

    Determine the desired outcome of communicating with each audience

    For each target audience, there will be an overall goal on why they need to be communicated with. This outcome or purpose is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change or initiative will have. Depending on the target audience, consider each of the communication outcomes listed below.

    Communicating Across the Organization Communicating Up to Board or Executives Communicating Within IT
    • Obtain buy-in
    • Obtain approval
    • Obtain funding
    • Demonstrate alignment to organization objectives
    • Reduce concerns about risk
    • Demonstrate alignment to organization objectives
    • Demonstrate alignment to individual departments or functions
    • Obtain other departments’ buy-in
    • Inform about a crisis
    • Inform about the IT change
    • Obtain adoption related to the change
    • Obtain buy-in
    • Inform about the IT change
    • Create a training plan
    • Inform about department changes
    • Inform about organization changes
    • Inform about a crisis
    • Obtain adoption related to the change
    • Distribute key messages to change agents

    1.3 Communication outcomes

    30 minutes

    1. For each stakeholder, there may be one or more reasons why you need to communicate with them. On tab 3 of the Communication Planner Tool or on a whiteboard, begin to identify the objective or outcome your team is seeking by engaging in each target audience.
    2. As you move through the communication outcomes, it could result in more than one outcome for each target audience.
    3. Ensure there is one line for each target audience desired communication outcome. Many stakeholders might need to be communicated with for several reasons. If using the Communication Planner Tool, add the target audience name in column C for as many different communication outcomes there are in column D related to that stakeholder.
    InputOutput
    • The change
    • A list of individuals or group of individuals that will be communicated with
    • Outcome or objective of communicating with each stakeholder
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Establish and define key messages based on organizational objectives

    What are key messages?
    • Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
    • Distill key messages down from organizational objectives and use them to reinforce the organization’s strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.
    How to establish key messages: Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization’s key messages:
    • Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
    • Look at the organization’s values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

    Key messages should be clear, concise, and consistent (Porter, 2014). The intent is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

    Info-Tech Insight
    Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me? (WIIFM), and specific expectations.

    1.4 Clarify the key messages

    25 minutes

    1. Divide the number of communication lines up equally amongst the participants.
    2. Based on the outcome expected from engaging that target audience in communications, define one to five key messages that should be expressed.
    3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, and plan of action or next steps. The goal here is to ensure the target audience is included in the communication process.
    4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
    5. Document the key messages on tab 3 of the Communication Planner Tool.
    InputOutput
    • The change
    • Target audience
    • Communication outcomes
    • Key messages to support a consistent approach
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Understand to how to identify appropriate messengers

    Messages must be communicated by a variety of individuals across the organization. Select the messenger depending on the message characteristics (e.g. audience, message, medium). The same messenger can be used for a variety of messages across different mediums.

    Personal impact messages should be delivered by an employee's direct supervisor.

    Organizational impact messages and rationale should be delivered by senior leaders in the affected areas.

    Chart Preferred Messenger for Change Messages

    Recent research by Prosci found employees prefer to hear personal messages from their direct manager and organizational messages from the executive leadership team.

    Fifty percent of respondents indicated the CEO as the preferred messenger for organizational change messages.

    Select the appropriate messenger

    For each audience, message, and medium, review whether the message is personal or organizational to determine which messengers are best.

    The number and seniority of messengers involved depends on the size of the change:

    • Incremental change
      • Personal messages from direct supervisors
      • Organizational messages from a leader in the audience’s function or the direct supervisor
    • Transitional change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from a leader in the audience’s function or the C suite
    • Transformational change
      • Personal messages from direct supervisors or function leaders
      • Organizational messages from the CEO or C-suite
      • Cascading messages are critical in this type of change because all levels of the organization will be involved

    Communication owner vs. messenger

    Communication Owner

    Single person
    Accountable for the communication message and activities
    Oversees that the communication does not contradict other communications
    Validates the key messages to be made

    Communication Messenger(s)

    Single person or many people
    Responsible for delivering the intended message
    Engages the target audience in the communication
    Ensures the key messages are made in a consistent and clear manner

    1.5 Identify the owner and messenger(s)

    30 minutes

    1. For every communication, there needs to be a single owner. This is the person who approves the communication and will be accountable for the communication
    2. The messenger(s) can be several individuals or a single individual depending on the target audience and desired outcome being sought through the communications.
    3. Identify the person or role who will be accountable for the communication and document this in the Communication Planner Tool.
    4. Identify the person(s) or role(s) who will be responsible for delivering the communication and engaging the target audience and document this in the Communication Planner Tool.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Review appropriate channel for different types of messages

    Communication channels are in-person, paper-based, or tech-enabled. Provide communicators with guidance on which mediums to use in different situations.

    First question: Should the communication be delivered in-person or not?
    Types of channels In-Person Paper-Based or Tech-Enabled
    Questions to consider
    • How is your message likely to be received? Is the message primarily negative?
    • Will the message prompt a lot of dialogue or questions? Will it require significant context or clarification?
    Note: Messages that are important, complex, or negative must be delivered in person. This allows the sender to provide context, clarify questions, and collect feedback.
    • Use paper-based and tech-enabled communications to provide reminders or updates.
    • When deciding which of the two to use, think about your audience: do they have regular access to a computer?
    Two-way interaction Supplement in-person communications with paper-based or tech-enabled communications to provide follow-up and consistency (Government of Nova Scotia). Tech-enabled communications allow the sender to deliver messages when they do not co-locate with the receiver. That said, make sure paper-based communications are provided to those without regular access to a computer.

    Consider accessibility when communicating change – not all employees will have access to the same mediums. To ensure inclusivity, strategically plan which mediums to use to reach the entire audience.

    Select communication channels

    Medium Description Key Messages When to Use
    One-on-One Meetings Individual meetings between managers and their direct reports to ensure they understand the change, can express any concerns, and obtain feedback or recommendations.
    • How the change will impact the employee, what they can expect throughout the change, how they can get support, what the timelines are, etc.
    • Requests for feedback.
    • Responses to feedback.
    • Most applicable for personal messages throughout all stages of change.
    • When real-time feedback is needed.
    • To understand the change’s impact on each employee, understand their emotional reactions and provide support.
    • After a change has been announced and continuing at a regular cadence until after the change has been implemented. Frequency of meetings will vary by employee over the course of the change.
    Team Meeting A meeting of a work unit or department. Can be virtual, in person, or a combination. Led by the work unit or department head/manager.
    • How the change will impact the team – how work gets done, who they work with, etc.
    • Available timelines regarding the change.
    • Support available throughout the change.
    • Most applicable for personal messages throughout all change stages.
    • When real-time communication is needed to keep everyone on the same page and provide an opportunity to ask questions (essential for buy-in).
    • To announce a small change or after a larger change announcement. Continue frequently until the end of adoption, with time reserved for ad hoc meetings.
    Email Electronic communication sent to the audience’s company emails, or in the absence of that, to their personal emails.
    • Overarching details and timelines.
    • Short, easy-to-digest pieces of information that either provide a summary of what to expect or describe actions employees need to take.
    • Applicable for both personal and organizational messages, depending on the messenger. Send personal messages in separate emails from organizational messages.
    • To communicate key details quickly and to a distributed workforce.
    • To reinforce or reiterate information that has been shared in person. Can be used broadly or target specific employees/groups.

    Select communication channels

    Medium Description Key Messages When to Use
    Town Hall Virtual or in-person meeting where senior leadership shares information with a wide audience about the change and answers questions.
    • Messaging that is applicable to a large audience.
    • The strategic decisions of senior leadership.
    • Highlight positive initiative outcomes.
    • Recognize employee efforts.
    • Report on engagement.
    • Most applicable for organizational messages to launch a change or between milestones in a long-term or complex change.
    • To enable senior leaders to explain strategic decisions to employees.
    • To allow employees to ask questions and provide feedback.
    • When support of senior leadership is critical to change success.
    Roadshow A series of meetings where senior leadership or the change champion travels to different geographic locations to hold town halls adapted to each location’s audience.
    • Why the change is happening, when the change is happening, who will be impacted, expectations, and key points of contact.
    • Most applicable for organizational messages to launch a change and between milestones during a long-term, large, or complex change.
    • For a change impacting several locations.
    • When face time with senior leadership is critical to developing understanding and adoption of the change. Satellite locations can often feel forgotten. A roadshow provides access to senior leadership and lends the credibility of the leader to the change.
    • To enable live two-way communication between employees and leadership.

    Select communication channels

    Medium Description Key Messages When to Use
    Intranet An internal company website that a large number of employees can access at any time.
    • Information that has already been communicated to the audience before, so they can access it at any time.
    • FAQs and/or general details about the change (e.g. milestones).
    • Most applicable for organizational messages.
    • To post relevant documentation so the audience can access it whenever they need it.
    • To enable consistency in answers to common questions.
    Training Scheduled blocks of time for the team to learn new skills and behaviors needed to successfully adapt to the change.
    • Reinforce the need for change and the benefits the change will have.
    • Most applicable for organizational messages during the implementation stage.
    • To reduce anxiety over change initiatives, improve buy-in, and increase adoption by helping employees develop skills and behaviors needed to perform effectively.
    Video Message A prerecorded short video clip designed for either simultaneous broadcast or just-in-time viewing. Can be sent over email or mobile or uploaded to a company portal/intranet.
    • Positive messaging to convey enthusiasm for the change.
    • Details about why the organization is changing and what the benefits will be, updates on major milestone achievements, etc.
    • Most applicable for organizational messages, used on a limited basis at any point during the change.
    • Effective when the message needs to appear more personal by putting a face to the message and when it can be presented in a condensed time frame.
    • When a message needs to be delivered consistently across a variety of employees, locations, and time zones.
    • To provide updates and recognize key achievements.

    Select communication channels

    Medium Description Key Messages When to Use
    Shift Turnover Meeting A meeting between teams or departments when a shift changes over; sometimes called a shift report. Used to communicate any relevant information from the outgoing shift to the incoming shift members.
    • Details related to the activities performed during the shift.
    • Most applicable for personal impact messages during the implementation stage to reinforce information shared using other communication mediums.
    • Where change directly impacts role expectations or performance so teams hear the same message at the same time.
    Company Newsletter Electronic or hardcopy newsletter published by the company. Contains timely updates on company information.
    • Overarching change details.
    • Information that has already been communicated through other mediums.
    • Varies with the change stage and newsletter frequency.
    • Most applicable for organizational messages throughout the change.
    • When the change implementation is expected to be lengthy and audiences need to be kept updated.
    • To celebrate change successes and milestone achievements.
    Sign/Poster Digital or paper-based sign, graphic, or image. Includes posters, screensavers, etc.
    • Positive messaging to convey enthusiasm for the change.
    • Key dates and activities.
    • Key contacts.
    • Most applicable for organizational messages throughout the change.
    • As visual reminders in common, highly visible locations (e.g. a company bulletin board, elevator TV monitors).

    1.6 Select the right channels

    20 minutes

    1. Consider the different channels that were described and presented on the previous five slides. Each channel has element(s) to it that will allow it to be more beneficial based on the communication target audience, outcome, and messenger.
    2. Evenly assign the number of communication rows on tab 3 of the Communication Planner Tool and input the channel that should be used.
    3. Consider if the channel will:
      • Obtain the desired outcome of the communication.
      • Be completed by the messenger(s) defined.
      • Support the target audience in understanding the key messages.
    4. If any target audience communication requires several channels, add additional rows to the planner on TAB 3.
    InputOutput
    • Target audience
    • Communication outcome
    • Communication messenger(s)
    • The right channel selected to support the desired communication outcome.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Define the communication time frame based on the initiative

    Communication occurs during four of the five stages of an initiative:

    01 Identify and prioritize 02 Prepare for initiative 03 Create a communication plan 04 Implement change 05 Sustain the desired outcome
    Before During After
    • Communication begins with sponsors and the project team.
    • Set general expectations with project team and sponsors.
    • Outline the communication plan for the remaining stages.
    • Set specific expectations with each stakeholder group.
    • Implement the communication plan.
    • Use feedback loops to determine updates or changes to communications.
    • Communication continues as required after the change.
    • Feedback loops continue until change becomes business as usual.
    Where communication needs to happen

    Don’t forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

    Establish a frequency that aligns to the desired communication outcome

    Successful communications are frequent communications.

    • The cadence of a communication is highly dependent on the objective of the communication.
    • Each target requires a different frequency as well:
      • Board Presentations > four times a year is a good frequency
      • Executive Leadership > monthly frequency
      • Organizationally > annually and when necessary
      • Organization Crises > daily, if not hourly
      • IT Initiatives and Projects > weekly
      • IT Teams > weekly, if not daily

    Tech Team Frequency for Discussing Goals

    “When goals are talked about weekly, teams are nearly 3X more likely to feel confident hitting them.”
    – Hypercontext, 2022

    Info-Tech Insight
    Communications made once will always fail. Ensure there is a frequency appropriate for every communication — or do not expect the desired outcome.

    1.7 Establish a frequency and time frame

    30 minutes

    1. For each row in tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
      • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
      • Time frame: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
    2. When selecting the time frame, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so the message is not lost in the noise.
    3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organization. And even then it will sometimes require more than one conversation. Be mindful of this.
    InputOutput
    • The change
    • Target audience
    • Communication outcome
    • Communication channel
    • Frequency and time frame of the communication
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    First, ensure feedback mechanisms are in place

    Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

    Prior to the strategy rollout, make sure you have also established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

    • Evaluating intranet comments and interactions (likes, etc.) if this function is enabled.
    • Measuring comprehension and satisfaction through surveys and polls.
    • Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

    Feedback Mechanisms:

    • CIO Business Vision Survey
    • Engagement Surveys
    • Focus Groups
    • Suggestion Boxes
    • Team Meetings
    • Random Sampling
    • Informal Feedback
    • Direct Feedback
    • Audience Body Language
    • Repeating the Message Back

    Select metrics to measure progress on key results

    There are two types of metrics that can be used to measure the impact of an internal communications strategy and progress toward strategy goals. These metrics are used to measure both outputs and outcomes.

    Select metrics measuring both:
    Tactical Effectiveness (Outputs) Strategic Effectiveness (Outcomes)
    • Open rate
    • Click-through rate
    • Employee sentiment
    • Participation rates
    • Physical distractions
    • Shift in behavior
    • Manager capability to communicate
    • Organizational ability to meet goals
    • Engagement
    • Turnover

    Pyramid of metrics to measure process on key results

    1.8 Obtain feedback and improve

    20 minutes

    1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
    2. For each row, identify a feedback mechanism (slide 38) that could be used to enable the collection and confirm a successful outcome.
    3. Come back as a group and validate the feedback mechanisms selected.
    4. The important aspect here is not just to measure if the desired outcome was achieved. However, if the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
    5. Every communication can be better. Feedback, whether it is tactical or strategic, will help inform methods to improve future communication activities.
    InputOutput
    • Communication outcome
    • Target audience
    • Communication channel
    • A mechanism to measure communication feedback and adjust future communications when necessary.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Example of internal communications survey

    Use and modify the questions below when building an internal communications survey. Use a Likert scale to gauge responses.

    1. I am satisfied with the communications at our organization.
    2. I am kept fully informed of news and updates relevant to our organization.
    3. I receive information that is relevant to me on a regular basis.
    4. I have the information I need to do my job.
    5. I know where to go to find the information I am looking for.
    6. My manager communicates with me in-person on a regular basis.
    7. I feel I can believe the information I receive from the company.
    8. I feel heard by senior leaders and know that they have received my feedback.
    9. The content and information that I receive is interesting to me.

    Create an easy-to-read approach to communication

    Example of an easy-to-read approach to communication

    1.9 Finalize the calendar

    2 hours

    1. Once the information on tabs 2 and 3 of the Communication Planner Tool has been completed, start to organize the information in an easy-to-read view.
    2. Using the annual, monthly, and weekly calendar views on tabs 3 to 5, begin to formalize the dates of when communications will take place.
    3. Following the instructions on each tab, complete one or all of the views of the communication plan. Remember, the stakeholder that makes up the target audience needs to be considered and whether this communication will overlap with any other communications.
    InputOutput
    • Communication Plan on tab 2
    • Yearly, monthly, and weekly communication calendars
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 2

    Compose a Compelling Message

    Activities

    2.1 Craft a Pitch
    2.2 Revise the Pitch

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to create a clear, concise, and consistent message using best practices and a pitch framework.

    Communication Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Include all the following pieces in your message for an effective communication

    Pieces needed in your message for effective communication

    Info-Tech Insight
    Time is a non-renewable resource. The message crafted must be considered a value-add communication to your audience.

    Enable good communication with these components

    Be Consistent Be Clear
    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.
    Be Relevant Be Concise
    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood, but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.
    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.
    • If you provide more information than necessary, the clarity and consistency of the message can be lost.

    Draft the core messages to communicate

    Draft core messages communicating information consistent with the high-level communications plan. This includes the overall goal of communications, key messaging, specifics related to the change action, and customizations for each audience. It’s also important to:

    1. Hook your audience: Use a compelling introduction that ensures your target audience cares about the message. Use a statistic or another piece of information that presents the problem in a unique way.
    2. Demonstrate you can help: Let the audience know that based on the unique problem you can help. There is value to engaging and working with you further.
    3. Repeat messages several times and through several messengers and mediums throughout the change stages to ensure all audience members receive and understand the details.
    4. Write for the ear: Use concise and clear sentences, avoid technological language, and when you speak it aloud ensure it sounds like how you would normally speak.
    5. Keep messaging positive but realistic. Avoid continually telling stakeholders that “change is hard.” Instead, communicate messages around change success to positively prime the audience’s mindset (Harvard Business Review).
    6. Communicate what is meaningfully unchanged. Not everything will be impacted by the change. To help reduce fears, include information about meaningful aspects of employees’ work that will not be changing (e.g. employees are moving to report to a new manager on a new team, but the job responsibilities are staying the same).
    7. Finish with a call to action: Your concluding statement should not be a thank-you but a call to action that ignites how your audience will behave after the communication.

    Components of a good pitch

    Key Components of a Good Pitch
    Purpose of the pitch What are you asking for? What is the desired outcome of the conversation? What three things do you want the audience to take away?
    Speak to what matters to them Who is your audience and what are their biggest challenges today? What do they care? What is the “so what”? Humanize it. Start with an example of a real person.
    Sell the improvement How is your solution going to solve that problem? Is your solution a pain killer or vitamin?
    Show real value How will your solution create real value? How can that be measured? Give an example.
    Discuss potential fears Identify and alleviate fears the stakeholder may have in working with you. Think about what they think now and what you want them to think.
    Have a call to action Identify what your ask is. What are you looking for from the stakeholder? Listen and respond.
    Follow up with a thank-you Did you ensure that the participants’ time was respected and appreciated? Be genuine and sincere.

    Key questions to answer with change communication

    To effectively communicate change, answer questions before they’re asked, whenever possible. To do this, outline at each stage of the change process what’s happening next for the audience and answer other anticipated questions. Pair key questions with core messages in change communications.

    Examples of key questions by change stage include:

    What is changing?
    When is the change expected?
    Who will be championing the change?
    What are the change expectations?
    Will I have input into how the change is happening?
    What’s happening next?
    Why are we changing?
    Why is the change happening now?
    What are the risks of not changing?
    What will be new?
    What’s in it for me?
    What training will be available?
    Who will be impacted?
    How will I be impacted?
    How will my team be impacted?
    What’s happening next?
    Who should I contact with questions or concerns?
    How will I be updated?
    How can I access more information?
    Will the previous process be available throughout the new process implementation?
    What needs to be done and what needs to stop to succeed?
    Will I be measured on this change?
    What’s happening next?
    How can I access more information?
    Will this change be added to key performance indicators?
    How did the change implementation go?
    What’s happening next?
    Before change During change After change
    Prepare for change Create change action and communication plan Implement change Sustain the change

    2.1 Craft a pitch

    20 minutes

    1. Using the set of stakeholders identified in activity 1.2, every participant takes one stakeholder.
    2. Open tab 7 of the Communication Planner Tool or use a piece of paper and create a communication message specific to that stakeholder.
    3. Select a topic from your workshop or use something you are passionate about.
    4. Consider the pitch components as a way to create your pitch. Remember to use what you have learned from the planning and composing sections of this training (in bold).
    5. Compose a three-minute pitch that you will deliver to your audience member.
    InputOutput
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    MaterialsParticipants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Communication Composition Checklist

    • Did you open the communication with a statistic or other memorable piece of information?
    • Is the topic being communicated in a compelling way that engages the target audience?
    • Are there statistics or data to support the story?
    • Are the statistics and data clear so they cannot be conveyed in any other way than their intended method?
    • Are you writing in clear and concise sentences?
    • Are you avoiding any technical jargon?
    • Is the message only focused on what needs to be said? Have you removed all unnecessary components?
    • Is the content organized in priority order? Could you adapt if the presentation time is shortened?
    • Is the way the communication is written sound like how you would speak normally? Are you writing for the ear?
    • Do you have a clear call to action that the audience will be asked to complete at the end?
    • Does your communication encourage discussion with the target audience? Is the audience a part of the solution?

    2.2 Revise the pitch

    10 minutes

    1. Review the pitch that was created in activity 2.1.
    2. Consider what could be done to make the pitch better:
      • Concise: Identify opportunities to remove unnecessary information.
      • Clear: It uses only terms or language the target audience would understand.
      • Relevant: It matters to the target audience and the problems they face.
      • Consistent: The message could be repeated across audiences.
    3. Validate that when you say the pitch out loud, it sounds like something you would say normally when communicating with other people.
    4. Make updates to the pitch and get ready to present.
    Input Output
    • Individual ideas about what change is occurring and why.
    • A single statement that reflects the change occurring and the rationale for why the change is needed.
    Materials Participants
    • Communication Planner Tool
    • Sticky notes
    • Whiteboard
    • Varies based on those who would be relevant to your initiative.

    Download the Communication Planner Tool

    Phase 3

    Deliver Messages Effectively

    Activities
    3.1 Deliver Your Pitch
    3.2 Refine and Deliver Again

    This step involves the following participants:
    Varies based on those who would be relevant to your initiative.

    Outcomes of this step
    Ability to deliver the pitch in a manner that is clear and would be understood by the specific stakeholder the pitch is intended for.

    Communicate Any IT Initiative Effectively

    Phase 1 > Phase 2 > Phase 3

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Info-Tech Insight
    You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.

    Use clear slides that avoid distracting the audience

    Which slide will be better to present?

    Sample A:

    Sample A

    Sample B:

    Sample B

    3.1 Deliver your pitch

    20 minutes

    1. Take ten minutes to think about how to deliver your pitch. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
    2. Group into pairs. One person is the speaker and the other the audience.
    3. Set a timer on your phone or watch.
    4. Speaker:
      1. Take a few seconds to center yourself and prepare to deliver your pitch.
      2. Deliver your pitch to Person 2. Don’t forget to use your body language and your voice to deliver.
    5. Audience:
      1. Repeats ideas back to Person 1. Are the ideas correct? Are you convinced?
      2. Identifies who the audience is. Are they correct?
    6. Reverse roles and repeat.
    7. Discuss and provide feedback to one another.
    InputOutput
    • Written pitch
    • Best practices for delivering
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    • Feedback from person 2.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Communication Delivery Checklist

    • Are the slides clean so the audience can focus on your speaking and not on reading the context-heavy slide?
    • Have you practiced delivering the communication to team members or coaches?
    • Have you practiced delivering the communication to someone with little to no technology background?
    • Are you making yourself open to feedback and improvement opportunities?
    • If the communication is derailed from your plan, are you prepared to handle that change?
    • Can you deliver the communication without reading your notes word for word?
    • Have you adapted your voice throughout the communication to highlight specific components you want the audience to focus on?
    • Are you presenting in a way that is genuine to you and your personality?
    • Can you communicate the message within the time allotted?
    • Are you moving in an appropriate manner based on your communication (e.g. toward the screen, across the stage, hand gestures).

    3.2 Refine and deliver again

    1 hour

    1. Go back to what you wrote as your pitch and take ten minutes to eliminate more information to get the pitch down to two minutes based on the feedback from your original partner.
    2. Repeat the last exercise where you deliver your pitch; however, deliver it to the larger group this time.
    3. Focus on ways to adjust body language and voice to make the message more compelling.
    4. Identify if your audience is telling you anything with their body language (e.g. leaning in, leaning back). Use this to adjust as you are presenting.
    5. Have the group provide additional feedback on what was effective about the message and opportunities to further improve the message.
    InputOutput
    • Three-minute pitch
    • Feedback from first delivery
    • An ability to deliver the pitch in a clear and concise manner that could be understood by the intended stakeholder.
    MaterialsParticipants
    • Pitch framework
    • Communications Plan Tool
    • Piece of paper
    • Varies based on those who would be relevant to your initiative.

    Info-Tech Insight
    Whether the CIO or a service desk technician, delivering a presentation is a fear for every role in IT. Prepare your communication to help overcome the fears that are within your control.

    Research Contributors and Experts

    Anuja Agrawal, National Communications Director, PwC

    Anuja Agrawal
    National Communications Director
    PwC

    Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industry in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions combined with in-person engagement to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.

    Nastaran Bisheban, Chief Technology Officer, KFC Canada

    Nastaran Bisheban
    Chief Technology Officer
    KFC Canada

    A passionate technologist and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.

    Heidi Davidson, Co-founder & CEO, Galvanize Worldwide and Galvanize On Demand

    Heidi Davidson
    Co-founder & CEO
    Galvanize Worldwide and Galvanize On Demand

    Dr. Heidi Davidson is the Co-Founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the Co-Founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.

    Eli Gladstone, Co-founder, Speaker Labs

    Eli Gladstone
    Co-Founder
    Speaker Labs

    Eli is a Co-Founder of Speaker Labs. He has spent over 6 years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he's not coaching others on how to build and deliver the perfect presentation, you'll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good enough jumpshot to avoid being a liability on the basketball court.

    Francisco Mahfuz, Keynote Speaker & Storytelling Coach

    Francisco Mahfuz
    Keynote Speaker & Storytelling Coach

    Francisco Mahfuz has been telling stories in front of audiences for a decade, and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organisations, and has worked with organisations like Pepsi, HP, the United Nations, Santander and Cornell University. He's the author of Bare: A Guide to Brutally Honest Public Speaking, the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He's received a BA in English Literature from Birkbeck University in London.

    Sarah Shortreed, EVP & CTO, ATCO Ltd.

    Sarah Shortreed
    EVP & CTO
    ATCO Ltd.

    Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed's skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.

    Eric Silverberg, Co-Founder Speaker Labs

    Eric Silverberg
    Co-Founder
    Speaker Labs

    Eric is a Co-Founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he's not running workshops to help people grow in their careers, there's a good chance you'll find him with his wife and dog, drinking Diet Coke and rewatching iconic episodes of the reality TV show Survivor! He's such a die-hard fan, that you'll probably see him playing the game one day.

    Stephanie Stewart, Communications Officer & DR Coordinator, Info Security Services Simon Fraser University

    Stephanie Stewart
    Communications Officer & DR Coordinator
    Info Security Services Simon Fraser University

    Steve Strout, President, Miovision Technologies

    Steve Strout
    President
    Miovision Technologies

    Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle and/or SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving "on-time and on-budget.“ Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users’ Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters) and Morris Communications. Served on Boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.

    Info-Tech Research Group Contributors:
    Sanchia Benedict, Research Lead
    Koula Bouloukos, Production Manager
    Antony Chan, Executive Counsellor
    Janice Clatterbuck, Executive Counsellor
    Ahmed Jowar, Research Specialist
    Dave Kish, Practice Lead
    Nick Kozlo, Senior Research Analyst
    Heather Leier Murray, Senior Research Analyst
    Amanda Mathieson, Research Director
    Carlene McCubbin, Practice Lead
    Joe Meier, Executive Counsellor
    Andy Neill, AVP, Research
    Thomas Randall, Research Director

    Plus an additional two contributors who wish to remain anonymous.

    Related Info-Tech Research

    Boardroom Presentation Review

    • You will come away with a clear, concise, and compelling board presentation that IT leaders can feel confident presenting in front of their board of directors.
    • Add improvements to your current board presentation in terms of visual appeal and logical flow to ensure it resonates with your board of directors.
    • Leverage a best-of-breed presentation template.

    Build a Better Manager

    • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
    • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Crisis Communication Guides

    During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:

    • Draft a communication strategy.
    • Tailor messages to your audience.
    • Draft employee crisis communications.

    Use this guide to equip leadership to communicate in times of crisis.

    Bibliography

    Gallo, Carmine. "How Great Leaders Communicate." Harvard Business Review. 23 November 2022.

    Gallup. State of the American Workplace Report. Washington, D.C.: Gallup, 6 February 2020.

    Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab. 15 Dec. 2021.

    Hypercontext. “The State of High Performing Teams in Tech 2022.” Hypercontext. 2022.

    Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market. 13 June 2022.

    McCreary, Gale & WikiHow. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow.

    Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.

    Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc.

    Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.

    Price. David A. “Pixar Story Rules.”

    Prosci. “Best Practices in Change Management 2020 Edition.” Prosci, 2020.

    Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.

    Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.”

    Skills Framework for the Information Age, “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.

    St. James, Halina. Talk It Out. Podium, 2005.

    TeamState. “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.

    Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.

    Streamline Application Management

    • Buy Link or Shortcode: {j2store}403|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $64,272 Average $ Saved
    • member rating average days saved: 40 Average Days Saved
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical management capabilities to balance maintenance with new development and ensure high product value.
    • Application management is often viewed as a support function rather than an enabler of business growth. Focus and investments are only placed on management when it becomes a problem.
    • The lack of governance and practice accountability leaves application management in a chaotic state: politics take over, resources are not strategically allocated, and customers are frustrated.

    Our Advice

    Critical Insight

    • New features, fixes, and enhancements are all treated the same and managed in a single backlog. Teams need to focus on prioritizing their efforts on what is valuable to the organization, not to a single department.
    • Business integration is not optional. The business (i.e. product owners) must be represented in guiding delivery efforts and performing ongoing validation and verification of new features and changes.

    Impact and Result

    • Justify the necessity to optimize application management. Gain a grounded understanding of stakeholder objectives and validate their achievability against the current maturity of application management.
    • Strengthen backlog management practices. Obtain a holistic picture of the business and technical impacts, risks, value, complexity, and urgency of each backlog item in order to justify its priority and relevance. Apply the appropriate management approach to each software product according to its criticality and value to the business.
    • Establish and govern a repeatable process. Develop a management process with well-defined steps, quality controls, and roles and responsibilities, and instill good practices to improve the success of delivery.

    Streamline Application Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should sustain your application management practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your priorities

    State the success criteria of your application management practice through defined objectives and metrics. Assess your maturity.

    • Streamline Application Management – Phase 1: Define Your Priorities
    • Application Management Strategy Template
    • Application Management Maturity Assessment Tool

    2. Govern application management

    Structure your application management governance model with the right process and roles. Inject product ownership into your practice.

    • Streamline Application Management – Phase 2: Govern Application Management

    3. Build your optimization roadmap

    Build your application management optimization roadmap to achieve your target state.

    • Streamline Application Management – Phase 3: Build Your Optimization Roadmap
    [infographic]

    Workshop: Streamline Application Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Priorities

    The Purpose

    State the success criteria of your application management practice through defined objectives and metrics.

    Assess your maturity.

    Key Benefits Achieved

    Grounded stakeholder expectations

    Application management maturity and identification of optimization opportunities

    Activities

    1.1 Set your objectives.

    1.2 Assess your maturity.

    Outputs

    Application management objectives and metrics

    Application management maturity and optimization opportunities

    2 Govern Application Management

    The Purpose

    Structure your application management governance model with the right process and roles.

    Inject product ownership into your practice.

    Key Benefits Achieved

    Management approach aligned to product value and criticality

    Management techniques to govern the product backlog

    Target-state application management process and roles

    Activities

    2.1 Select your management approach.

    2.2 Manage your single product backlog.

    2.3 Optimize your management process.

    2.4 Define your management roles.

    Outputs

    Application management approach for each application

    Product backlog management practices

    Application management process

    Application management roles and responsibilities and communication flow

    3 Build Your Optimization Roadmap

    The Purpose

    Build your application management optimization roadmap to achieve your target state.

    Key Benefits Achieved

    Optimization opportunities

    Application management optimization roadmap

    Activities

    3.1 Build your optimization roadmap.

    Outputs

    Application management optimization roadmap

    Enterprise Storage Solution Considerations

    • Buy Link or Shortcode: {j2store}507|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Enterprise storage technology and options are challenging to understand.
    • There are so many options. How do you decide what the best solution is for your storage challenge??
    • Where do you start when trying to solve your enterprise storage challenge?

    Our Advice

    Critical Insight

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Impact and Result

    Look to existing use cases based on actual Info-Tech analyst calls to help in your decision-making process.

    Enterprise Storage Solution Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Storage Solution Considerations – Narrow your focus with the right product type and realize efficiencies.

    Explore the building blocks of enterprise storage so you can select the best solution, narrow your focus with the correct product type, explore the features that should be considered when evaluating enterprise storage offerings, and examine use cases based on actual Info-Tech analyst calls to find a storage solution for your situation.

    • Enterprise Storage Solution Considerations Storyboard

    2. Modernize Enterprise Storage Workbook – Understand your data requirements.

    The first step in solving your enterprise storage challenge is identifying your data sources, data volumes, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions. This tool can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.

    • Modernize Enterprise Storage Workbook
    [infographic]

    Further reading

    Enterprise Storage Solution Considerations

    Narrow your focus with the right product type and realize efficiencies.

    Analyst Perspective

    The vendor landscape is continually evolving, as are the solutions they offer. The options and features are increasing and appealing.

    The image contains a picture of P.J. Ryan.

    To say that the current enterprise storage landscape looks interesting would be an understatement. The solutions offered by vendors continue to grow and evolve. Flash and NVMe are increasing the speed of storage media and reducing latency. Software-defined storage is finding the most efficient use of media to store data where it is best served while managing a variety of vendor storage and older storage area networks and network-attached storage devices.

    Storage as a service is taking on a new meaning with creative solutions that let you keep the storage appliance on premises or in a colocated data center while administration, management, and support are performed by the vendor for a nominal monthly fee.

    We cannot discuss enterprise storage without mentioning the cloud. Bring a thermometer because you must understand the difference between hot, warm, and cold storage when discussing the cloud options. Very hot and very cold may also come into play.

    Storage hardware can assume a higher total cost of ownership with support options that replace the controllers on a regular basis. The options with this type of service are also varied, but the concept of not having to replace all disks and chassis nor go through a data migration is very appealing to many companies.

    The cloud is growing in popularity when it comes to enterprise storage, but on-premises solutions are still in demand, and whether you choose cloud or on premises, you can be guaranteed an array of features and options to add stability, security, and efficiency to your enterprise storage.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Info-Tech Insight

    The vendor landscape is continually evolving, as are the solutions they offer.

    Storage providers are getting acquired by bigger players, “outside the box” thinking is disrupting the storage support marketplace, “as a service” storage offerings are evolving, and what is a data lake and do I need one? The traditional storage vendors are not alone in the market, and the solutions they offer are no longer traditional either. Explore the landscape and understand your options before you make any enterprise storage solution purchases.

    Understand the building blocks of storage so you can select the best solution.

    There are multiple storage formats for data, along with multiple hardware form factors and disk types to hold those various data formats. Software plays a significant role in many of these storage solutions, and cloud offerings take advantage of all the various formats, form factors, and disks. The challenge is matching your data type with the correct storage format and solution.

    Look to existing use cases to help in your decision-making process.

    Explore previous experiences from others by reading use cases to determine what the best solution is for your challenge. You’re probably not the first to encounter the challenge you’re facing. Another organization may have previously reached out for assistance and found a viable solution that may be just what you also need.

    Enterprise storage has evolved, with more options than ever

    Data is growing, data security will always be a concern, and vendors are providing more and more options for enterprise storage.

    “By 2025, it’s estimated that 463 exabytes of data will be created each day globally – that’s the equivalent of 212,765,957 DVDs per day!” (Visual Capitalist)

    “Modern criminal groups target not only endpoints and servers, but also central storage systems and their backup infrastructure.” (Continuity Software)

    Cloud or on premises? Maybe a hybrid approach with both cloud and on premises is best for you. Do you want to remove the headaches of storage administration, management, and support with a fully managed storage-as-a-service solution? Would you like to upgrade your controllers every three or four years without a major service interruption? The options are increasing and appealing.

    High-Level Considerations

    1. Understand Your Data

    Understand how much data you have and where it is located. This will be crucial when evaluating enterprise storage solutions.

    2. Plan for Growth

    Your enterprise storage considerations should include your data needs now and in the future.

    3. Understand the Mechanics

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Storage formats, disk drives, and technology

    Common data storage formats, technology, and drive types are outlined below. Understanding how data is stored as well as the core building blocks for larger systems will help you decide which solution is best for your storage needs.

    Format

    What it is

    Disk Drives and Technology

    File Storage

    File storage is hierarchical storage that uses files, folders, subfolders, and directories. You enter a specific filename and path to access the file, such as P:\users\johndoe\strategy\cloud.doc. If you ever saved a file on a server, you used file storage. File storage is usually managed by some type of file manager, such as File Explorer in Windows. Network-attached storage (NAS) devices use file storage.

    Hard Disk Drives (HDD)

    HDD use a platter of spinning disks to magnetically store data. The disks are thick enough to make them rigid and are referred to as hard disks.

    HDD is older technology but is still in demand and offered by vendors.

    Object Storage

    Object storage is when data is broken into distinct units, called objects. These objects are stored in a flat, non-hierarchical structure in a single location or repository. Each object is identified by its associated ID and metadata. Objects are accessed by an application programming interface (API).

    Flash

    Flash storage uses flash memory chips to store data. The flash memory chips are written with electricity and contain no moving parts. Flash storage is very fast, which is how the technology got its name (“Flash vs. SSD Storage,” Enterprise Storage Forum, 2018).

    Block Storage

    Block storage is when data is divided up into fixed-size blocks and stored with a unique identifier. Blocks can be stored in different environments, such as Windows or Linux. Storage area networks (SANs) use block storage.

    Solid-State Drive (SSD)

    SSD is a storage mechanism that also does not use any moving parts. Most SSD drives use flash storage, but other options are available for SSD.

    Nonvolatile Memory Express (NVMe)

    NVMe is a communications standard developed specially for SSDs by a consortium of vendors including Intel, Samsung, SanDisk, Dell, and Seagate. It operates across the PCIe bus (hence the “Express” in the name), which allows the drives to act more like the fast memory that they are rather than the hard disks they imitate (PCWorld).

    Narrow your focus with the right product type

    On-premises enterprise storage solutions fit into a few distinct product types.

    Network-Attached Storage

    Storage Area Network

    Software-Defined Storage

    Hyperconverged Infrastructure

    NAS refers to a storage device that is connected directly to your network. Any user or device with access to your network can access the available storage provided by the NAS. NAS storage is easily scalable and can add data redundancy through RAID technology. NAS uses the file storage format.

    NAS storage may or may not be the first choice in terms of enterprise storage, but it does have a solid market appeal as an on-premises primary backup storage solution.

    A SAN is a dedicated network of pooled storage devices. The dedicated network, separate from the regular network, provides high speed and scalability without concern for the regular network traffic. SANs use block storage format and can be divided into logical units that can be shared between servers or segregated from other servers. SANs can be accessed by multiple servers and systems at the same time. SANs are scalable and offer high availability and redundancy through RAID technology.

    SANs can use a variety of disk types and sizes and are quite common among on-premises storage solutions.

    “Software-defined storage (SDS) is a storage architecture that separates storage software from its hardware. Unlike traditional network-attached storage (NAS) or storage area network (SAN) systems, SDS is generally designed to perform on any industry-standard or x86 system, removing the software’s dependence on proprietary hardware.” (RedHat)

    SDS uses software-based policies and rules to grow and protect storage attached to applications.

    SDS allows you to use server-based storage products to add management, protection, and better usage.

    Hyperconverged storage uses virtualization and software-defined storage to combine the storage, compute, and network resources along with a hypervisor into one appliance.

    Hyperconverged storage can scale out by adding more nodes or appliances, but scaling up, or adding more resources to each appliance, can have limitations. There is flexibility as hyperconverged storage can work with most network and compute manufacturers.

    Cloud storage

    • Cloud storage is online storage offered by a cloud provider. Cloud storage is available almost anywhere and is set up with high availability features such as data duplication, redundancy, backup, and power failure protection.
    • Cloud storage is very scalable and typically is offered as object storage, block storage, or file storage. Cloud storage vendors may have their own naming scheme for object, block, or file storage.
    • Cloud-hosted data is marketed according to the frequency of access and length of time in storage. There are typically three main levels of storage: hot, warm, or cold. Vendors may have their own naming convention for hot, warm, and cold storage. Some may also add more layers such as very hot or very cold.
      • Hot storage is for data that is frequently accessed and modified. It is available on demand and is the most costly of the storage levels.
      • Cold storage is for data that will sit for a long period of time and not need to be accessed. Cold storage is usually only available after several hours or days. Cold storage is very low cost and, in some cases, even free, but retrieval or restoration for the free services can be costly.
      • Warm storage sits in between hot and cold storage. It is for data that is infrequently needed. The cost of warm storage is also in between hot and cold storage costs, and access times are measured in terms of minutes or hours.
      • It is not uncommon for data to start in hot storage and, as it ages, move to warm and eventually cold storage.

    “Enterprise cloud storage offers nearly unlimited scalability. Enterprises can add storage quickly and easily as it is needed, eliminating the risk and cost of over-provisioning.”

    – Spectrum Enterprise

    “Hot data will operate on fresh data. Cold data will operate on less frequent data and [is] used mainly for reporting and planning. Warm data is a balance between the two.”

    – TechBlost

    Enterprise storage features

    The features listed below, while not intended to cover all features offered by all vendors, should be considered and could act as a baseline for discussions with storage providers when evaluating enterprise storage offerings.

    • Scalability
      • What are the options to expand, and how easy or difficult it is to expand capacity in the future?
    • Security
      • Does the solution offer data encryption options as well as ransomware protections?
    • Integration options
      • Can the solution support seamless connectivity with other solutions and applications, such as cloud-based storage or backup software?
    • Storage reduction
      • Does the solution offer space-reduction options such as deduplication or data compression?
    • Replication
      • Does the solution offer replication options such as device to device on premises, device to device when geographically separated, device to cloud, or a combination of these scenarios?
    • Performance
      • “Enterprise storage systems have two main ‘speed’ measurements: throughput and IOPS. Throughput is the data transfer rate to and from storage media, measured in bytes per second; IOPS measures the number of reads and writes – input/output (I/O) operations – per second.” (Computer Weekly)
    • Protocol support
      • Does the solution support object-based, block-based, and file-based storage protocols?
    • Storage Efficiency
      • How efficient is the solution? Can they prove it?
      • Storage efficiencies must be available and baselined.
    • Management platform
      • A management/reporting platform should be a component included in the system.
    • Multi-parity
      • Does the solution offer multi-level block “parity” for RAID 6 protection equivalency, which would allow for the simultaneous failure of two disks?
    • Proactive support
      • Features such as call home, dial in, or remote support must be available on the system.
    • Financial considerations
      • The cost is always a concern, but are there subscription-based or “as-a-service” options?
      • Internally, is it better for this expenditure to be a capital expenditure or an ongoing operating expense?

    What’s new in enterprise storage

    • Data warehouses are not a new concept, but the data storage evolution and growth of data means that data lakes and data lakehouses are growing in popularity.
      • “A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale. You can store your data as-is, without having to first structure the data” (Amazon Web Services).
      • Analytics with a data lake is possible, but manipulation of the data is hindered due to the nature of the data. A data lakehouse adds data management and analytics to a data lake, similar to the data warehouse functionality added to databases.
    • Options for on-premises hardware support is changing.
      • Pure Storage was the first to shake up the SAN support model with its Evergreen support option. Evergreen//Forever support allows for storage controller upgrades without having to migrate data or replace your disks or chassis (Pure Storage).
      • In response to the Pure Storage Evergreen offering, Dell, HPE, NetApp, and others have come out with similar programs that offer controller upgrades while maintaining the data, disks, and chassis.
    • “As a service” is available as a hybrid solution.
      • Storage as a service (STaaS) originally referred to hosted, fully cloud-based offerings without the need for any on-premises hardware.
      • The latest STaaS offerings provide on-premises or colocated hardware with pay-as-you-go subscription pricing for data consumption. Administration, management, and support are included. The vendor will supply support and manage everything on your behalf.
      • Most of the major storage vendors offer a variation of storage as a service.

    “Because data lakes mostly consist of raw unprocessed data, a data scientist with specialized expertise is typically needed to manipulate and translate the data.”

    – DevIQ

    “A Lakehouse is also a type of centralized data repository, integrated from heterogeneous sources. As can be expected from its name, It shares features with both datawarehouses and data lakes.”

    – Cesare

    “Storage as a service (STaaS) eliminates Capex, simplifies management and offers extensive flexibility.”

    – TechTarget

    Major vendors

    The current vendor landscape for enterprise storage solutions represents a range of industry veterans and the brands they’ve aggregated along the way, as well as some relative newcomers who have come to the forefront within the past ten years.

    Vendors like Dell EMC and HPE are longstanding veterans of storage appliances with established offerings and a back catalogue of acquisitions fueling their growth. Others such as Pure Storage offer creative solutions like all-flash arrays, which are becoming more and more appealing as flash storage becomes more commoditized.

    Cloud-based vendors have become popular options in recent years. Cloud storage provides many options and has attracted many other vendors to provide a cloud option in addition to their on-premises solutions. Some software and hardware vendors also partner with cloud vendors to offer a complete solution that includes storage.

    Info-Tech Insight

    Explore your current vendor’s solutions as a starting point, then use that understanding as a reference point to dive into other players in the market

    Key Players

    • Amazon
    • Cisco
    • Dell EMC
    • Google
    • Hewlett Packard Enterprise
    • Hitachi Vantara
    • IBM
    • Microsoft
    • NetApp
    • Nutanix
    • Pure Storage

    Enterprise Storage Use Cases

    Block, object, or file storage? NAS, SAN, SDS, or HCI? Cloud or on prem? Hot, warm, or cold?
    Which one do you choose?
    The following use cases based on actual Info-Tech analyst calls may help you decide.

    1. Offsite backup solution
    2. Infrastructure consolidation
    3. DR/BCP datacenter duplication
    4. Expansion of existing storage
    5. Complete backup solution
    6. Existing storage solution going out of support soon
    7. Video storage
    8. Classify and offload storage

    Offsite backup solution

    “Offsite” may make you think of geographical separation or even cloud-based storage, but what is the best option and why?

    Use Case: How a manufacturing company dealt with retired applications

    • A leading manufacturing company had to preserve older applications no longer in use.
    • The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies, and although the data they held had been migrated to a replacement solution, executives felt they should hold on to these applications for a period of time, just in case.
    • A modern archiving solution was considered, but a research advisor from Info-Tech Research joined a call with the manufacturing company and helped the client realize that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment.
    • The data could be exported from the legacy application into a nonsequential database, compressed, and stored in cloud-based cold storage for less than $5 per terabyte per month. The manufacturing company staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.
    • Cold storage is inexpensive until you start retrieving that data frequently. The manufacturing company knew they did not have a requirement to retrieve the application and data for a very long time, so cloud-based cold storage was ideal.

    “Data retrieval from cold storage is harder and slower than it is from hot storage. … Because of the longer retrieval time, online cold storage plans are often much cheaper. … The downside is that you’d incur additional costs when retrieving the data.”

    – Ben Stockton, Cloudwards

    Infrastructure consolidation

    Hyperconverged infrastructure combines storage, virtual infrastructure, and associated management into one piece of equipment.

    Use Case: How one company dealt with equipment and storage needs

    • One Info-Tech client had recently started in the role of IT director and realized he had inherited aging infrastructure along with a serious data challenge. The storage appliances were old and out of support. The appliances were performing inadequately, and the client was in need of more data due to ongoing growth, but he also realized that the virtual environment was running on very old servers that were no longer supported. The IT director reached out to Info-Tech to find solutions to the virtualization challenge, but the storage problem also came up throughout the course of the conversation with an analyst.
    • The analyst quickly realized that the IT director was an ideal candidate for a hyperconverged infrastructure (HCI) storage solution, which would also provide the necessary virtual environment.
    • The analyst explained the benefits of having a single appliance that would provide virtualization needs as well as storage needs. The built-in management features would ease the burden of administration, and the software-defined nature of the HCI would allow for the migration of data as well as future expansion options.
    • Hyperconverged infrastructure is offered by many vendors under a variety of names. Most are similar but some may have a better interface or other features. The expansion process is simple, and HCI is a good fit for many organizations looking to consolidate virtual infrastructure and storage.

    “HCI environments use a hypervisor, usually running on a server that uses direct-attached storage (DAS), to create a data center pool of systems and resources.”

    – Samuel Greengard, Datamation

    Datacenter duplication

    SAN providers offer a varied range of options for their products, and those options are constantly evolving.

    Use Case: Independent school district provides better data access using SAN technology

    • An independent school district was expanding by adding a second data center in a new school. This new data center would be approximately 20 miles away from the original data center used by the district. The intent was not to replace the original data center but to use both centers to store data and provide services concurrently. The district’s ideal scenario would be that users would not know or care which data center they were reaching, and there would be no difference in the service received from each data center. The school district reached out to Info-Tech when planning discussions reached the topic of data duplication and replication software.
    • An Info-Tech analyst joined a call with the school district and guided the conversation toward the existing environment to understand what options might be available. The analyst quickly discovered that all the district’s servers were virtual, and all associated data was stored on a single SAN.
    • The analyst informed the school district staff about SAN options, including SAN-to-SAN replication. If the school district had a sufficient link between the two data centers, SAN-to-SAN replication would work for them and provide the two identical copies of data at two locations.
    • The analyst continued to offer explanations of other features that some vendors offer with their SANs, such as the ability to turn on or off deduplication and compression, as well as disk options such as flash or NVMe.
    • The school district was moving to the request for proposal (RFP) stage but hoped to have SAN-to-SAN replication implemented before the next academic year started.

    “SAN-to-SAN replication is a low-cost, highly efficient way to manage mounting quantities of stored data.”

    – Secure Infrastructure & Services

    Expansion of existing storage

    That old storage area network may still have some useful life left in it.

    Use Case: Municipality solves data storage aging and growth challenge

    • A municipality in the United States reached out to Info-Tech for guidance on its storage challenge. The municipality had accumulated multiple SANs from different vendors over the years. These SANs were running out of storage, and more data storage was needed. The municipality’s data was growing at a rapid pace, thanks to municipal growth and expansion of services. The IT team was also concerned with modernizing their storage and not hindering their long-term growth by making the wrong purchase decision for their current storage needs.
    • An analyst from Info-Tech discussed several options with the municipality but in the end advised that software-defined storage may be the best solution.
    • Software-defined storage (SDS) would allow the municipality to gain better visibility into existing storage while making more efficient use of existing and new storage. SDS could take over the management of the existing storage from multiple vendors and add additional storage as required. SDS would also be able to integrate cloud-based storage if that was the direction taken by the municipality in the future.
    • The municipality moved forward with an SDS solution and added some additional storage capacity. They used some of their existing SANs but retired the more troublesome ones. The SDS system managed all the storage instances and data management. The administration of the storage environment was easier for the storage admins, and long-term savings were achieved through better storage management.

    “Often enterprises have added storage on an ad hoc basis as they needed it for various applications. That can result in a mishmash of heterogenous storage hardware from a wide variety of vendors. SDS offers the ability to unify management of these different storage devices, allowing IT to be more efficient.”

    – Cynthia Harvey, Enterprise Storage Forum (“What Is Software Defined Storage?”, 2018)

    Complete backup solution

    Many backup software solutions can provide backups to multiple locations, making two-location backups simple.

    Use Case: How an oil refinery modernized its backup solution

    • A large oil refinery needed a better solution for the storage of backups. The refinery was replacing its backup software solution but also wanted to improve the backup storage situation and move away from tape-based storage. All other infrastructure was reasonably modern and not in need of replacement at this time.
    • A research analyst from Info-Tech helped the client realize that the solution was a modified backup. The general guidance for backups is have a least one copy offsite, so the cloud was the obvious focal point. The analyst also explained that it would be beneficial to have a recent copy of the backup available on site for common restoration requests in addition to having the offsite copy for disaster recovery (DR) purposes.
    • The refinery staff conducted a data analysis to determine how much data was being backed up on a daily basis. The solution proposed by the analyst included network-attached storage (NAS) with adequate storage to hold 30 days' worth of on-premises data. The backup software would also simultaneously copy each backup to a cloud-based storage repository. The backup software was smart enough to only back up and transfer data that had changed since the previous backup, so transfer time and capacity was not a factor.
    • The NAS would allow for the restoration of any local, on-premises data while the cloud storage would provide a safe location offsite for backup data. It could also serve as the backup location for other cloud-based services that required a backup.

    “Data protection demands that enterprises have multiple methods of keeping data safe and replicating it in case of disaster or loss.”

    – Drew Robb, Enterprise Storage Forum, 2021

    Storage going out of support

    SAN solutions have come a long way with improvements in how data is stored and what is used to store the data.

    Use Case: How one organization replaced its old storage with a similar solution

    • A government organization was looking for a solution for its aging storage area network appliances. The SANs were old and would be no longer supported by the manufacturer within four months. The SANs had slower spinning disks and their individual capacity was at its limit through the addition of extra shelves and disks over the years.
    • The organization reached out to Info-Tech for guidance. An analyst arranged a call with them, and they discussed the storage situation in detail, including desired benefits from a storage solution and growth requirements. They also discussed cloud storage, but the government organization was not in a position to move its data to the cloud for a variety of reasons.
    • Although the individual SANs were at their storage capacity limit, the total amount of data was well within the limits of many modern on-premises storage solutions. SSD and flash or NVMe storage can store large amounts of data in small footprints and form factors.
    • The analyst reviewed several vendors with the client and discussed some advantages and disadvantages of each. They explored the features offered as well as scalability options.
    • SANs have been around for a long time but the features and capabilities that come with them has evolved. They are still a very viable solution for many organizations in a variety of scenarios.

    “A rapidly growing portion of SAN deployments leverages all-flash storage to gain its high performance, consistent low latency, and lower total cost when compared to spinning disk.”

    – NetApp

    Video storage

    Cloud storage would not be sufficient if you were using a dial up connection, just as on-premises storage solutions would not suffice if they were using floppy disks.

    Use Case: Body cams and public cameras in municipalities are driving storage growth

    • Municipal law enforcement agencies are wearing body cameras more frequently, for their own protection as well as for the protection of the public. Camera footage can be useful in legal situations as well. Municipalities are also installing more and more public cameras for the purposes of public safety. The recorded video footage from these cameras can result in large data files, which in turn drive data storage requirements.
    • Info-Tech analysts are joining calls about video data storage with increasing frequency. The concerns are repetitive, and the guidance is similar on most of these calls.
    • The “object” storage format is ideal for video and media data. Most cloud-based storage solutions use object storage, but it is also available with on-premises solutions such as NAS or SAN. The challenges clients are expressing are typically related to inadequate bandwidth for cloud-based storage or other storage formats instead of “object” storage. Cloud-based storage can also grow beyond the budgeted numbers, causing an increase in the monthly cloud cost. Older, slower on-premises hardware sometimes reveals itself as the latency culprit.
    • Object storage is well suited for the unstructured data that is video footage. It uses metadata to tag the video file for future retrieval and is easily expandable, which also makes it cost effective.
    • Video data stored in a cloud-based repository will work fine as long as the bandwidth is adequate. On-premises storage of video data is also quite adequate on the right storage format, with fast disks and a reasonably up-to-date network infrastructure.

    “The captured video is stored for days, weeks, months and sometimes years and consumes a lot of space. Data storage plays a new and important role in these systems. Object storage is ideal to store the video data.”

    – Object-Storage.Info

    Classify and offload primary storage

    Some software products have storage options available as a result of agreements with other storage vendors. Several backup and archive software products fall into this category.

    Use Case: Enterprise storage can help reduce data sprawl

    • A large engineering firm was trying to manage its data sprawl. The team sampled a small percentage of their data and quickly realized that when they applied their findings on the 1% of data to their entire data estate, the sheer volume of personal files, older files, and unclassified data was going to be a challenge.
    • They found a solution in archiving software. The archiving software would tag data based on several factors. The software would move older files away from primary storage to an alternate storage platform but still leave a stub of the moved file in place and maintain limited access to those files. This would reduce primary storage requirements and allow the firm to eliminate multiple file servers
    • The engineering firm reached out to Info-Tech and participated in an analyst call. During that call, they laid out their plans, and the analyst made them aware of cloud storage. The positive and negative aspects of cloud storage were discussed, and the firm fully understood that the colder the storage tier, the slower the recovery. The firm's stance was if the files had not been accessed in the past six months, waiting a day or two for retrieval would not be a concern, and the firm was content with cold storage in the cloud.
    • The firm had not purchased the archiving software at the time of the analyst call, and the analyst also explained to them that the archiving software may have an existing agreement with a cloud provider for storage options, which could be more cost effective than purchasing cloud storage separately.
    • Cold cloud-based storage was the preferred solution for this firm, but this use case also highlights the option that some software products carry regarding storage. Several backup and archive products have a cloud storage option that should be investigated, as they may be cost-effective options.

    “Cold storage is perfect for archiving your data. Online backup providers offer low-cost, off-site data backups at the expense of fast speeds and easy access, even though data retrieval often comes at an added cost. If you need to keep your data long-term, but don’t need to access it often, this is the kind of storage you need.”

    – Ben Stockton, Cloudwards

    Understand your data requirements

    Activity

    The first step in solving your enterprise storage challenge is identifying your data sources or drivers, data volume size, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions.

    • Info-Tech’s Modernize Enterprise Storage Workbook can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.
    • An example of the Storage Capacity Calculator tab from that workbook is displayed on the right. Using the Storage Capacity Requirements Calculator requires minimal steps.
    1. Enter the current date and planning timeline (horizon) in months
    2. Identify the top sources of data within the business – the current data drivers. Areas of focus could include business applications, file shares, backup, and archives.
    3. For each of these data drivers, include your best estimate of:
    • Current data volume
    • Growth rate
  • Identify the top future data drivers, such as new applications or initiatives that will result from current business plans and priorities, and record the following details:
    • Initial data volumes
    • Projected growth rates
    • Planned implementation date
  • The spreadsheet will automatically calculate the data volume at the planning horizon based on the growth rate.
  • Download the Modernize Enterprise Storage Workbook and take the first step toward understanding your data requirements.

    The image contains a screenshot of the Modernize Enterprise Storage Workbook.

    Download the Modernize Enterprise Storage Workbook

    Related Info-Tech Research

    Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Modernize Enterprise Storage Workbook

    This workbook will complement the discussions and activities found in the Modernize Enterprise Storage blueprint. Use this workbook in conjunction with the blueprint to develop a strategy for storage modernization.

    Bibliography

    Bakkianathan, Raghunathan. “What is the difference between Hot Warm and Cold data storage?” TechBlost, n.d.. Accessed 14 July 2022.
    Cesare. “Data warehouse vs Data lake vs Lakehouse… and DeltaLake?“ Medium, 14 June 2021. Accessed 26 July 2022.
    Davison, Shawn and Ryan Sappenfield. “Data Lake Vs Lakehouse Vs Data Mesh: The Evolution of Data Transformation.” DevIQ, May 2022. Accessed 23 July 2022.
    Desjardins, Jeff. “Infographic: How Much Data is Generated Each Day?” Visual Capitalist, 15 April 2019. Accessed 26 July 2022.
    Greengard, Samuel. “Top 10 Hyperconverged Infrastructure (HCI) Solutions.” Datamation, 22 December 2020. Accessed 23 July 2022.
    Harvey, Cynthia. “Flash vs. SSD Storage: Is there a Difference?” Enterprise Storage Forum, 10 July 2018. Accessed 23 July 2022.
    Harvey, Cynthia. “What Is Software Defined Storage? Features & Benefits.” Enterprise Storage Forum, 22 February 2018. Accessed 23 July 2022.
    Hecht, Gil. “4 Predictions for storage and backup security in 2022.” Continuity Software, 09 January 2022. Accessed 22 July 2022.
    Jacobi, Jonl. “NVMe SSDs: Everything you need to know about this insanely fast storage.” PCWorld, 10 March 2019. Accessed 22 July 2022
    Pritchard, Stephen. “Briefing: Cloud storage performance metrics.” Computer Weekly, 16 July 2021. Accessed 23 July 2022
    Robb, Drew. “Best Enterprise Backup Software & Solutions 2022.” Enterprise Storage Forum, 09 April 2021. Accessed 23 July 2022.
    Sheldon, Robert. “On-premises STaaS shifts storage buying to Opex model.” TechTarget, 10 August 2020. Accessed 22 July 2022.
    “Simplify Your Storage Ownership, Forever.” PureStorage. Accessed 20 July 2022.
    Stockton, Ben. “Hot Storage vs Cold Storage in 2022: Instant Access vs Long-Term Archives.” Cloudwards, 29 September 2021. Accessed 22 July 2022.
    “The Cost Savings of SAN-to-SAN Replication.” Secure Infrastructure and Services, 31 March 2016. Accessed 16 July 2022.
    “Video Surveillance.” Object-Storage.Info, 18 December 2019. Accessed 25 July 2022.
    “What is a Data Lake?” Amazon Web Services, n.d. Accessed 17 July 2022.
    “What is enterprise cloud storage?” Spectrum Enterprise, n.d. Accessed 28 July 2022.
    “What is SAN (Storage Area Network).” NetApp, n.d. Accessed 25 July 2022.
    “What is software-defined storage?” RedHat, 08 March 2018. Accessed 16 July 2022.

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Prepare for Cognitive Service Management

    • Buy Link or Shortcode: {j2store}335|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • The evolution of natural language processing and machine learning applications has led to specialized AI-assisted toolsets that promise to improve the efficiency and timeliness of IT operations.

    Our Advice

    Critical Insight

    • These are early days. These AI-assisted toolsets are generating a considerable amount of media attention, but most of them are relatively untested. Early adopters willing to absorb experimentation costs are in the process of deploying the first use cases. Initial lessons are showing that IT operations in most organizations are not yet mature enough to take advantage of AI-assisted toolsets.
    • Focus on the problem, not the tool. Explicit AI questions should be at the end of the list. Start by asking what business problem you want to solve.
    • Get your house in order. The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Impact and Result

    • Don’t fall prey to the AI-bandwagon effect. AI-assisted innovations will support shift-left service support strategies through natural language processing and machine learning applications. However, the return on your AI investment will depend on whether it helps you meet an actual business goal.
    • AI-assisted tools presuppose the existence of mature IT operations functions, including standardized processes, high-quality structured content focused on the incidents and requests that matter, and a well-functioning ITSM web portal.
    • The success of AI ITSM projects hinges on adoption. If your vision is to power end-user interactions with chatbots and deploy intelligent agents on tickets coming through the web portal, be sure to develop a self-service culture that empowers end users to help themselves and experiment with new tools and technologies. Without end-user adoption, the promised benefits of AI projects will not materialize.

    Prepare for Cognitive Service Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prepare for cognitive service management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review emerging AI technology

    Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.

    2. Sort potential IT operations AI use cases

    Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.

    • Disruptive Technology Shortlisting Tool
    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    3. Prepare for a cognitive service management project

    Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.

    • Customer Journey Map (PDF)
    • Customer Journey Map (Visio)
    • Infrastructure Roadmap Technology Assessment Tool
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    • Buy Link or Shortcode: {j2store}338|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • According to Info-Tech research, 74% of our clients feel that IT quality management is an important process, however, only 15% said they actually had effective quality management.
    • IT is required to deliver high quality projects and services, but if CIOs are ineffective at quality management, how can IT deliver?
    • Rather than disturb the status quo with holistic quality initiatives, heads of IT leave quality in the hands of process owners, functional areas, and other segmented facets of the department.
    • CIOs are facing greater pressures to be innovative, agile, and cost-effective, but cannot do so without stable operations, an accountable staff base, and business support; all of which are achieved by high IT quality.

    Our Advice

    Critical Insight

    • Quality management needs more attention that it’s typically getting. It’s not going to happen randomly; you must take action to see results.
    • Quality must be holistic. Centralized accountability will align inconsistencies in quality and refocus IT towards a common goal.
    • Accountability is the key to quality. Clearly defined roles and responsibilities will put your staff on the hook for quality outcomes.

    Impact and Result

    • Shift your mindset to the positive implications of high quality. Info-Tech’s quality management methodology will promote innovation, agility, lower costs, and improved operations.
    • We will help you develop a fully functional quality management program in four easy steps:
      • Position your program as a group to encourage buy-in and unite IT around a common quality vision. Enact a center of excellence to build, support, and monitor the program.
      • Build flexible program requirements that will be adapted for a fit-to-purpose solution.
      • Implement the program using change management techniques to alleviate challenges and improve adoption.
      • Operate the program with a focus on continual improvement to ensure that your IT department continues to deliver high quality projects and services as stakeholder needs change.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program Research & Tools

    Start here – read the Executive Brief

    Understand why Info-Tech’s unique approach to quality management can fix a variety of IT issues and understand the four ways we can support you in building a quality management program designed just for you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position the program

    Hold a positioning working session to focus the program around business needs, create solid targets, and create quality champions to get the job done.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 1: Position the Quality Program
    • Quality Management Program Charter
    • Quality Management Capability Assessment and Planning Tool
    • Quality Management Roadmap

    2. Build the program

    Build program requirements and design standard templates that will unite IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 2: Build a Quality Program
    • Quality Management Quality Plan Template
    • Quality Management Review Template
    • Quality Management Dashboard Template

    3. Implement the program

    Evaluate the readiness of the department for change and launch the program at the right time and in the right way to transform IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 3: Implement the Quality Program
    • Quality Management Communication Plan Template
    • Quality Management Readiness Assessment Template

    4. Operate the program

    Facilitate the success of key IT practice areas by operating the Center of Excellence to support the key IT practice areas’ quality initiatives.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 4: Operate the Quality Program
    • Quality Management User Satisfaction Survey
    • Quality Management Practice Area Assessment and Planning Tool
    • Quality Management Capability Improvement Plan
    [infographic]

    Workshop: Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Your Program

    The Purpose

    Create a quality center of excellence to lead and support quality initiatives.

    Position your quality program to meet the needs of your business.

    Develop clear targets and create a roadmap to achieve your vision. 

    Key Benefits Achieved

    Defined Center of Excellence roles & responsibilities.

    A firm vision for your program with clearly outlined targets.

    A plan for improvements to show dedication to the program and create accountability. 

    Activities

    1.1 Identify current quality maturity.

    1.2 Craft vision and mission.

    1.3 Define scope.

    1.4 Determine goals and objectives.

    1.5 Specify metrics and critical success factors.

    1.6 Develop quality principles.

    1.7 Create action plan.

    Outputs

    Completed Maturity Assessment

    Completed Project Charter

    Completed Quality Roadmap

    2 Build Your Program

    The Purpose

    Build the requirements for the quality program, including outputs for quality planning, quality assurance, quality control, and quality improvement.

    Key Benefits Achieved

    Defined standards for the quality program.

    General templates to be used to unify quality throughout IT. 

    Activities

    2.1 Define quality policy, procedures, and guidelines.

    2.2 Define your standard Quality Plan.

    2.3 Define your standard Quality Review Document.

    2.4 Develop your Standard Quality Management Dashboard.

    Outputs

    Quality Policy

    Standard Quality Plan Template

    Standard Quality Review Template

    Standard Quality Dashboard

    3 Implement Your Program

    The Purpose

    Launch the program and begin quality improvement.

    Key Benefits Achieved

    Perform a readiness assessment to ensure your organization is ready to launch its quality program.

    Create a communication plan to ensure constant and consistent communication throughout implementation. 

    Activities

    3.1 Assess organizational readiness.

    3.2 Create a communication plan.

    Outputs

    Completed Readiness Assessment

    Completed Communication Plan

    4 Operate Your Program

    The Purpose

    Have the Center of Excellence facilitate the roll-out of the quality program in your key practice areas.

    Initiate ongoing monitoring and reporting processes to enable continuous improvement.  

    Key Benefits Achieved

    Quality plans for each practice area aligned with the overall quality program.

    Periodic quality reviews to ensure plans are being acted upon.

    Methodology for implementing corrective measures to ensure quality expectations are met.

    Activities

    4.1 Perform a quality management satisfaction survey.

    4.2 Complete a practice area assessment.

    4.3 Facilitate the creation of practice area quality plans.

    4.4 Populate quality dashboards.

    4.5 Perform quality review(s).

    4.6 Address issues with corrective and preventative measures.

    4.7 Devise a plan for improvement.

    4.8 Report on quality outcomes.

    Outputs

    Completed Satisfaction Surveys

    Practice Area Assessments

    Quality Plans (for each practice area)

    Quality Reviews (for each practice area)

    Quality Improvement Plan

    Build, Optimize, and Present a Risk-Based Security Budget

    • Buy Link or Shortcode: {j2store}371|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Year after year, CISOs need to develop a comprehensive security budget that is able to mitigate against threats.
    • This budget will have to be defended against many other stakeholders to ensure there is proper funding.
    • Security budgets are unlike other departmental budgets. Increases or decreases in the budget can drastically affect the organizational risk level.
    • CISOs struggle with the ability to assess the effectiveness of their security controls and where to allocate money.

    Our Advice

    Critical Insight

    • CISOs can demonstrate the value of security when they correlate mitigations to business operations and attribute future budgetary needs to business evolution.
    • To identify the critical areas and issues that must be reflected in your security budget, develop a comprehensive corporate risk analysis and mitigation effectiveness model, which will illustrate where the moving targets are in your security posture.

    Impact and Result

    • Info-Tech’s methodology moves you away from the traditional budgeting approach to building a budget that is designed to be as dynamic as the business growth model.
    • Collect your organization's requirements and build different budget options to describe how increases and decreases can affect the risk level.
    • Discuss the different budgets with the business to determine what level of funding is needed for the desired level of security.
    • Gain approval of your budget early by preshopping and presenting the budget to individual stakeholders prior to the final budget approval process.

    Build, Optimize, and Present a Risk-Based Security Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build, optimize, and present a risk-based security budget, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review requirements for the budget

    Collect and review the required information for your security budget.

    • Build, Optimize, and Present a Risk-Based Security Budget – Phase 1: Review Requirements for the Budget

    2. Build the budget

    Take your requirements and build a risk-based security budget.

    • Build, Optimize, and Present a Risk-Based Security Budget – Phase 2: Build the Budget
    • Security Budgeting Tool

    3. Present the budget

    Gain approval from business stakeholders by presenting the budget.

    • Build, Optimize, and Present a Risk-Based Security Budget – Phase 3: Present the Budget
    • Preshopping Security Budget Presentation Template
    • Final Security Budget Presentation Template
    [infographic]

    Workshop: Build, Optimize, and Present a Risk-Based Security Budget

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review Requirements for the Budget

    The Purpose

    Understand your organization’s security requirements.

    Collect and review the requirements.

    Key Benefits Achieved

    Requirements are gathered and understood, and they will provide priorities for the security budget.

    Activities

    1.1 Define the scope and boundaries of the security budget.

    1.2 Review the security strategy.

    1.3 Review other requirements as needed, such as the mitigation effectiveness assessment or risk tolerance level.

    Outputs

    Defined scope and boundaries of the security budget

    2 Build the Budget

    The Purpose

    Map business capabilities to security controls.

    Create a budget that represents how risk can affect the organization.

    Key Benefits Achieved

    Finalized security budget that presents three different options to account for risk and mitigations.

    Activities

    2.1 Identify major business capabilities.

    2.2 Map capabilities to IT systems and security controls.

    2.3 Categorize security controls by bare minimum, standard practice, and ideal.

    2.4 Input all security controls.

    2.5 Input all other expenses related to security.

    2.6 Review the different budget options.

    2.7 Optimize the budget through defense-in-depth options.

    2.8 Finalize the budget.

    Outputs

    Identified major business capabilities, mapped to the IT systems and controls

    Completed security budget providing three different options based on risk associated

    Optimized security budget

    3 Present the Budget

    The Purpose

    Prepare a presentation to speak with stakeholders early and build support prior to budget approvals.

    Present a pilot presentation and incorporate any feedback.

    Prepare for the final budget presentation.

    Key Benefits Achieved

    Final presentations in which to present the completed budget and gain stakeholder feedback.

    Activities

    3.1 Begin developing a communication strategy.

    3.2 Build the preshopping report.

    3.3 Practice the presentation.

    3.4 Conduct preshopping discussions with stakeholders.

    3.5 Collect initial feedback and incorporate into the budget.

    3.6 Prepare for the final budget presentation.

    Outputs

    Preshopping Report

    Final Budget Presentation

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Select and Use SDLC Metrics Effectively

    • Buy Link or Shortcode: {j2store}150|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $2,991 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to implement (or revamp existing) software delivery metrics to monitor performance as well as achieve its goals.
    • You know that metrics can be a powerful tool for managing team behavior.
    • You also know that all metrics are prone to misuse and mismanagement, which can lead to unintended consequences that will harm your organization.
    • You need an approach for selecting and using effective software development lifecycle (SDLC) metrics that will help your organization to achieve its goals while minimizing the risk of unintended consequences.

    Our Advice

    Critical Insight

    • Metrics are powerful, dangerous, and often mismanaged, particularly when they are tied to reward or punishment. To use SDLC metrics effectively, know the dangers, understand good practices, and then follow Info-Tech‘s TAG (team-oriented, adaptive, and goal-focused) approach to minimize risk and maximize impact.

    Impact and Result

    • Begin by understanding the risks of metrics.
    • Then understand good practices associated with metrics use.
    • Lastly, follow Info-Tech’s TAG approach to select and use SDLC metrics effectively.

    Select and Use SDLC Metrics Effectively Research & Tools

    Start here – read the Executive Brief

    Understand both the dangers and good practices related to metrics, along with Info-Tech’s TAG approach to the selection and use of SDLC metrics.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the dangers of metrics

    Explore the significant risks associated with metrics selection so that you can avoid them.

    • Select and Use SDLC Metrics Effectively – Phase 1: Understand the Risks of Metrics

    2. Know good practices related to metrics

    Learn about good practices related to metrics and how to apply them in your organization, then identify your team’s business-aligned goals to be used in SDLC metric selection.

    • Select and Use SDLC Metrics Effectively – Phase 2: Know Good Practices Related to Metrics
    • SDLC Metrics Evaluation and Selection Tool

    3. Rank and select effective SDLC metrics for your team

    Follow Info-Tech’s TAG approach to selecting effective SDLC metrics for your team, create a communication deck to inform your organization about your selected SDLC metrics, and plan to review and revise these metrics over time.

    • Select and Use SDLC Metrics Effectively – Phase 3: Rank and Select Effective SDLC Metrics for Your Team
    • SDLC Metrics Rollout and Communication Deck
    [infographic]

    Workshop: Select and Use SDLC Metrics Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Dangers of Metrics

    The Purpose

    Learn that metrics are often misused and mismanaged.

    Understand the four risk areas associated with metrics: Productivity loss Gaming behavior Ambivalence Unintended consequences

    Productivity loss

    Gaming behavior

    Ambivalence

    Unintended consequences

    Key Benefits Achieved

    An appreciation of the dangers associated with metrics.

    An understanding of the need to select and manage SDLC metrics carefully to avoid the associated risks.

    Development of critical thinking skills related to metric selection and use.

    Activities

    1.1 Examine the dangers associated with metric use.

    1.2 Share real-life examples of poor metrics and their impact.

    1.3 Practice identifying and mitigating metrics-related risk.

    Outputs

    Establish understanding and appreciation of metrics-related risks.

    Solidify understanding of metrics-related risks and their impact on an organization.

    Develop the skills needed to critically analyze a potential metric and reduce associated risk.

    2 Understand Good Practices Related to Metrics

    The Purpose

    Develop an understanding of good practices related to metric selection and use.

    Introduce Info-Tech’s TAG approach to metric selection and use.

    Identify your team’s business-aligned goals for SDLC metrics.

    Key Benefits Achieved

    Understanding of good practices for metric selection and use.

    Document your team’s prioritized business-aligned goals.

    Activities

    2.1 Examine good practices and introduce Info-Tech’s TAG approach.

    2.2 Identify and prioritize your team’s business-aligned goals.

    Outputs

    Understanding of Info-Tech’s TAG approach.

    Prioritized team goals (aligned to the business) that will inform your SDLC metric selection.

    3 Rank and Select Your SDLC Metrics

    The Purpose

    Apply Info-Tech’s TAG approach to rank and select your team’s SDLC metrics.

    Key Benefits Achieved

    Identification of potential SDLC metrics for use by your team.

    Collaborative scoring/ranking of potential SDLC metrics based on their specific pros and cons.

    Finalize list of SDLC metrics that will support goals and minimize risk while maximizing impact.

    Activities

    3.1 Select your list of potential SDLC metrics.

    3.2 Score each potential metric’s pros and cons against objectives using a five-point scale.

    3.3 Collaboratively select your team’s first set of SDLC metrics.

    Outputs

    A list of potential SDLC metrics to be scored.

    A ranked list of potential SDLC metrics.

    Your team’s first set of goal-aligned SDLC metrics.

    4 Create a Communication and Rollout Plan

    The Purpose

    Develop a rollout plan for your SDLC metrics.

    Develop a communication plan.

    Key Benefits Achieved

    SDLC metrics.

    A plan to review and adjust your SDLC metrics periodically in the future.

    Communication material to be shared with the organization.

    Activities

    4.1 Identify rollout dates and responsible individuals for each SDLC metric.

    4.2 Identify your next SDLC metric review cycle.

    4.3 Create a communication deck.

    Outputs

    SDLC metrics rollout plan

    SDLC metrics review plan

    SDLC metrics communication deck

    Measure IT Project Value

    • Buy Link or Shortcode: {j2store}431|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $5,549 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • People treat benefits as a box to tick on the business case, deflating or inflating them to facilitate project approval.
    • Even if benefits are properly defined, they are usually forgotten once the project is underway.
    • Subsequent changes to project scope may impact the viability of the project’s business benefits, resulting in solutions that do not deliver expected value.

    Our Advice

    Critical Insight

    • It is rare for project teams or sponsors to be held accountable for managing and/or measuring benefits. The assumption is often that no one will ask if benefits have been realized after the project is closed.
    • The focus is largely on the project’s schedule, budget, and scope, with little attention paid to the value that the project is meant to deliver to the organization.
    • Without an objective stakeholder to hold people accountable for defining benefits and demonstrating their delivery, benefits will continue to be treated as red tape.
    • Sponsors will not take the time to define benefits properly, if at all. The project team will not take the time to ensure they are still achievable as the project progresses. When the project is complete, no one will investigate actual project success.

    Impact and Result

    • The project sponsor and business unit leaders must own project benefits; IT is only accountable for delivering the solution.
    • IT can play a key role in this process by establishing and supporting a benefits realization process. They can help business unit leaders and sponsors define benefits properly, identify meaningful metrics, and report on benefits realization effectively.
    • The project management office is ideally suited to facilitate this process by providing tools and templates, and a consistent and comparable view across projects.
    • Project managers are accountable for delivering the project, not for delivering the benefits of the project itself. However, they must ensure that changes to project scope are assessed for impact on benefits viability.

    Measure IT Project Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits legitimacy practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish benefits legitimacy during portfolio Intake

    This phase will help you define a benefits management process to help support effective benefits definition during portfolio intake.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 1: Establish Benefits Legitimacy During Portfolio Intake
    • Project Sponsor Role Description Template
    • Benefits Commitment Form Template
    • Right-Sized Business Case Template

    2. Maintain benefits legitimacy throughout project planning and execution

    This phase will help you define a process for effective benefits management during project planning and the execution intake phase.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 2: Maintain Benefits Legitimacy Throughout Project Planning and Execution
    • Project Benefits Documentation Workbook
    • Benefits Legitimacy Workflow Template (PDF)
    • Benefits Legitimacy Workflow Template (Visio)

    3. Close the deal on project benefits

    This phase will help you define a process for effectively tracking and reporting on benefits realization post-project.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 3: Close the Deal on Project Benefits
    • Portfolio Benefits Tracking Tool
    • Benefits Lag Report Template
    • Benefits Legitimacy Handbook Template
    [infographic]

    Workshop: Measure IT Project Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze the Current State of Benefits Management

    The Purpose

    Assess the current state of benefits management at your organization and establish a realistic target state.

    Establish project and portfolio baselines for benefits management.

    Key Benefits Achieved

    Set achievable workshop goals and align stakeholder expectations.

    Establish a solid foundation for benefits management success.

    Activities

    1.1 Introductions and overview.

    1.2 Discuss attendee expectations and goals.

    1.3 Complete Info-Tech’s PPM Current State Scorecard.

    1.4 Perform right-wrong-confusing-missing analysis.

    1.5 Define target state for benefits management.

    1.6 Refine project levels.

    Outputs

    Info-Tech’s PPM Current State Scorecard report

    Right-wrong-confusing-missing analysis

    Stakeholder alignment around workshop goals and target state

    Info-Tech’s Project Intake Classification Matrix

    2 Establish Benefits Legitimacy During Portfolio Intake

    The Purpose

    Establish organizationally specific benefit metrics and KPIs.

    Develop clear roles and accountabilities for benefits management.

    Key Benefits Achieved

    An articulation of project benefits and measurements.

    Clear checkpoints for benefits communication during the project are defined.

    Activities

    2.1 Map the current portfolio intake process.

    2.2 Establish project sponsor responsibilities and accountabilities for benefits management.

    2.3 Develop organizationally specific benefit metrics and KPIs.

    2.4 Integrate intake legitimacy into portfolio intake processes.

    Outputs

    Info-Tech’s Project Sponsor Role Description Template

    Info-Tech’s Benefits Commitment Form Template

    Intake legitimacy process flow and RASCI chart

    Intake legitimacy SOP

    3 Maintain Benefits Legitimacy Throughout Project Planning and Execution

    The Purpose

    Develop a customized SOP for benefits management during project planning and execution.

    Key Benefits Achieved

    Ensure that all changes to the project have been recorded and benefits have been updated in preparation for deployment.

    Updated benefits expectations are included in the final sign-off package.

    Activities

    3.1 Map current project management process and audit project management documentation.

    3.2 Identify appropriate benefits control points.

    3.3 Customize project management documentation to integrate benefits.

    3.4 Develop a deployment legitimacy process flow.

    Outputs

    Customized project management toolkit

    Info-Tech’s Project Benefits Documentation Workbook

    Deployment of legitimacy process flow and RASCI chart

    Deployment of legitimacy SOP

    4 Close the Deal on Project Benefits

    The Purpose

    Develop a post-project benefits realization process.

    Key Benefits Achieved

    Clear project sponsorship accountabilities for post-project benefits tracking and reporting.

    A portfolio level benefits tracking tool for reporting on benefits attainment.

    Activities

    4.1 Identify appropriate benefits control points in the post-project process.

    4.2 Configure Info-Tech’s Portfolio Benefits Tracking Tool.

    4.3 Define a post-project benefits reporting process.

    4.4 Formalize protocol for reporting on, and course correcting, benefit lags.

    4.5 Develop a post-project legitimacy process flow.

    Outputs

    Info-Tech’s Portfolio Benefits Tracking Tool

    Post-Project legitimacy process flow and RASCI chart

    Post-Project Legitimacy SOP

    Info-Tech’s Benefits Legitimacy Handbook

    Info-Tech’s Benefits Legitimacy Workflow Template

    Choose Your Mobile Platform and Tools

    • Buy Link or Shortcode: {j2store}281|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

    Our Advice

    Critical Insight

    • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Impact and Result

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Choose Your Mobile Platform and Tools Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Choose Your Mobile Platform and Tools Storyboard

    This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

    • Choose Your Mobile Platform and Tools Storyboard

    2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Mobile Application Delivery Communication Template

    Infographic

    Workshop: Choose Your Mobile Platform and Tools

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Choose Your Platform and Delivery Solution

    The Purpose

    Choose the right mobile platform.

    Shortlist your mobile delivery solution and desired features and services.

    Key Benefits Achieved

    A chosen mobile platform that meets user and enterprise needs.

    Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

    Activities

    1.1 Select your platform approach.

    1.2 Shortlist your mobile delivery solution.

    1.3 Build your feature and service lists.

    Outputs

    Desired mobile platform approach.

    Shortlisted mobile delivery solutions.

    Desired list of vendor features and services.

    2 Create Your Roadmap

    The Purpose

    Design the mobile application minimal viable product (MVP).

    Create your mobile roadmap.

    Key Benefits Achieved

    An achievable and valuable mobile application that is scalable for future growth.

    Clear intent of business outcome delivery and completing mobile delivery activities.

    Activities

    2.1 Define your MVP release.

    2.2 Build your roadmap.

    Outputs

    MVP design.

    Mobile delivery roadmap.

    3 Set the Mobile Context

    The Purpose

    Understand your user’s environment needs, behaviors, and challenges.

    Define stakeholder expectations and ensure alignment with the holistic business strategy.

    Identify your mobile application opportunities.

    Key Benefits Achieved

    Thorough understanding of your mobile user and opportunities where mobile applications can help.

    Level set stakeholder expectations and establish targeted objectives.

    Prioritized list of mobile opportunities.

    Activities

    3.1 Generate user personas with empathy maps.

    3.2 Build your mobile application canvas.

    3.3 Build your mobile backlog.

    Outputs

    User personas.

    Mobile objectives and metrics.

    Mobile opportunity backlog.

    4 Identify Your Technical Needs

    The Purpose

    Define the mobile experience you want to deliver and the features to enable it.

    Understand the state of your current system to support mobile.

    Identify your definition of mobile application quality.

    List the concerns with mobile delivery.

    Key Benefits Achieved

    Clear understanding of the desired mobile experience.

    Potential issues and risks with enabling mobile on top of existing systems.

    Grounded understanding of mobile application quality.

    Holistic readiness assessment to proceed with mobile delivery.

    Activities

    4.1 Discuss your mobile needs.

    4.2 Conduct a technical assessment.

    4.3 Define mobile application quality.

    4.4 Verify your decision to deliver mobile applications.

    Outputs

    List of mobile features to enable the desired mobile experience.

    System current assessment.

    Mobile application quality definition.

    Verification to proceed with mobile delivery.

    Further reading

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    EXECUTIVE BRIEF

    Analyst Perspective

    Mobile is the way of working.

    Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

    To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

    This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

    Andrew Kum-Seun
    Senior Research Analyst,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

    Common Obstacles

    • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Info-Tech's Approach

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Insight Summary

    Overarching Info-Tech Insight

    Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

    Phase 1: Set the Mobile Context

    • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
    • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
    • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

    Phase 2: Define Your Mobile Approach

    • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
    • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
    • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

    Mobile is how the business works today

    Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

    Mobile Builds Interests
    61%
    Mobile devices drove 61% of visits to U.S. websites
    Source: Perficient, 2021

    Mobile Maintains Engagement
    54%
    Mobile devices generated 54.4% of global website traffic in Q4 2021.
    Source: Statista, 2022

    Mobile Drives Productivity
    82%
    According to 82% of IT executives, smartphones are highly important to employee productivity
    Source: Samsung and Oxford Economics, 2022

    Mobile applications enable and drive your digital business strategy

    Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

    Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

    Goal: Enhance Customer Experience

    • A shift from paper to digital communications
    • Seamless, omni-channel client experiences across devices
    • Create Digital interactive documents with sections that customers can customize to better understand their communications

    Goal: Increase Workflow Throughput & Efficiency

    • Digitized processes and use of data to improve process efficiency
    • Modern IT platforms
    • Automation through robotic process automation (RPA) where possible
    • Use of AI and machine learning for intelligent automation

    Source: Broadridge, 2022

    To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

    Well developed mobile applications bring unique opportunities to drive more value

    Role

    Opportunities With Mobile Applications

    Expected Value

    Stationary Worker

    Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

    Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

    • Reduce materials cost to complete administrative responsibilities.
    • Digitally and automatically store and archive frequently used documents.

    Roaming Worker
    (Engineer)

    Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

    Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

    • Readily access and update corporate data anywhere at anytime.
    • Expand employee responsibilities with minimal skills impact.

    Roaming Worker
    (Nurse)

    Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

    Receive messages from senior staff about patients and scheduling while on-call.

    • Quickly and accurately complete tasks and update patient data at site.
    • Be readily accessible to address urgent issues.

    Info-Tech Insight

    If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

    Workers expect IT to deliver against their high mobile expectations

    Workers want sophisticated mobile applications like what they see their peers and competitors use.

    Why is IT considering building their own applications?

    • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
    • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
    • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

    Continuously meeting aggressive user expectations will not be easy

    Value Quickly Wears Off
    39.9% of users uninstall an application because it is not in use.
    40%
    Source: n=2,000, CleverTap, 2021

    Low Tolerance to Waiting
    Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
    43%
    Source: AppSamurai, 2018

    Quick Fixes Are Paramount
    44% of defects are found by users
    44%
    Source: Perfecto Mobile, 2014

    Mobile emphasizes the importance of good security, performance, and integration

    Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Accept change as the norm

    IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

    What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

    What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

    Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

    How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Address the difficulties in managing enterprise mobile technologies

    Adaptability During Development

    Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

    High Cybersecurity Standards

    Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

    Integration with Other Systems

    Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

    Finding the Right Mobile Developers

    Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

    Source: Radoslaw Szeja, Netguru, 2022.

    Build and manage the right experience by treating mobile as digital products

    Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

    First, deliver the experience end users want and expect by designing the application against digital application principles.

    Business Value

    Continuous modernization

    • Fit for purpose
    • User-centric
    • Adaptable
    • Accessible
    • Private and secured
    • Informative and insightful
    • Seamless application connection
    • Relationship and network building

    To learn more, visit Info-Tech's Modernize Your Applications blueprint.

    Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

    • Product Strategy and Roadmap
    • External Relationships
    • User Adoption and Organizational Change Management
    • Funding
    • Knowledge Management
    • Stakeholder Management
    • Product Governance
    • Maintenance & Enhancement
    • User Support
    • Managing and Governing Data
    • Requirements Analysis and Design
    • Research & Development

    To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    WORKFLOW

    1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
    2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
    3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Strategic Perspective
    Business and Product Strategies

    1. End-User Perspective

    End User Needs

    • Productivity
    • Innovation
    • Transformation

    Native User Experience

    • Anytime, Anywhere
    • Visually Pleasing & Fulfilling
    • Personalized & Insightful
    • Hands-Off & Automated
    • Integrated Ecosystem

    2. Platform Perspective

    Technical Requirements

    Security

    Performance

    Integration

    Mobile Platform

    3. Solution Perspective

    Vendor Support

    Services

    Stack Mgmt.

    Quality & Risk

    Mobile Delivery Solutions

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be meaningful, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    Define the mobile experience your end users want

    • Anytime, Anywhere
      • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
    • Hands-Off and Automated
      • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
    • Personalized and Insightful
      • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
    • Integrated Ecosystem
      • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
    • Visually Pleasing and Fulfilling
      • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

    Web

    Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

    • Progressive Web Applications (PWA)
    • Mobile Web Sites

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security, and device-specific access and customizations.
    • Application use cases require significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?
  • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    Test

    Automated Testing

    One-Click Push or IT Push to App Store

    Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Digital Data Ethics

    • Download01-Title: Tech Trend Update: If Digital Ethics Then Data Equity
    • Download-01: Visit Link
    • member rating overall impact: 9/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    In the past two years, we've seen that we need quick technology solutions for acute issues. We quickly moved to homeworking and then to a hybrid form. We promptly moved many of our offline habits online.

    That necessitated a boost in data collection from us towards our customers and employees, and business partners.
    Are you sure how to approach this structurally? What is the right thing to do?

    Impact and Results

    • When you partner with another company, set clear expectations
    • When you are building your custom solution, invite constructive criticism
    • When you present yourself as the authority, consider the most vulnerable in the relationship

    innovation

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Service Management Integration With Agile Practices

    • Buy Link or Shortcode: {j2store}400|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management

    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Optimize the value stream of services and products.
    • Leverage the benefits of each practice.
    • Create a culture of collaboration to support a rapidly changing business.

    Our Advice

    Critical Insight

    Agile and Service Management are not necessarily at odds; find the integration points to solve specific problems.

    Impact and Result

    • Optimize the value stream of services and products.
    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Create a culture of collaboration to support a rapidly changing business.

    Service Management Integration With Agile Practices Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Service Management Integration With Agile Practices Storyboard – Use this deck to understand the integration points and how to overcome common challenges.

    Understand how service management integrates with Agile software development practices, and how to solve the most common challenges to work efficiently and deliver business value.

    • Service Management Integration With Agile Practices Storyboard

    2. Service Management Stakeholder Register Template – Use this tool to identify and document Service Management stakeholders.

    Use this tool to identify your stakeholders to engage when working on the service management integration.

    • ITSM Stakeholder Register Template

    3. Service Management Integration With Agile Practices Assessment Tool – Use this tool to identify key challenging integration points in your organization.

    Use this tool to identify which of your current practices might already be aligned with Agile mindset and which might need adjustment. Identify integration challenges with the current service management practices.

    • Service Management Integration With Agile Practices Assessment Tool
    [infographic]

    Further reading

    Service Management Integration With Agile Practices

    Understand how Agile transformation affects service management

    Analyst Perspective

    Don't forget about operations

    Many organizations believe that once they have implemented Agile that they no longer need any service management framework, like ITIL. They see service management as "old" and a roadblock to deliver products and services quickly. The culture clash is obvious, and it is the most common challenge people face when trying to integrate Agile and service management. However, it is not the only challenge. Agile methodologies are focused on optimized delivery. However, what happens after delivery is often overlooked. Operations may not receive proper communication or documentation, and processes are cumbersome or non-existent. This is a huge paradox if an organization is trying to become nimbler. You need to find ways to integrate your Agile practices with your existing Service Management processes.

    This is a picture of Renata Lopes

    Renata Lopes
    Senior Research Analyst
    Organizational Transformation Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Work efficiently and in harmony with Agile and service management to deliver business value.
    • Optimize the value stream of services and products.
    • Leverage the benefits of each practice.
    • Create a culture of collaboration to support a rapidly changing business.

    Common Obstacles

    • Culture clashes.
    • Inefficient or inexistent processes.
    • Lack of understanding of what Agile and service management mean.
    • Leadership doesn't understand the integration points of practices.
    • Development overlooks the operations requirement.

    Info-Tech's Approach

    • When integrating Agile and service management practices start by understanding the key integration points:
    • Processes
    • People and resources
    • Governance and org structure

    Info-Tech Insight

    Agile and Service Management are not necessarily at odds Find the integration points to solve specific problems.

    Your challenge

    Deliver seamless business value by integrating service management and Agile development.

    • Understand how Agile development impacts service management.
    • Identify bottlenecks and inefficiencies when integrating with service management.
    • Connect teams across the organization to collaborate toward the organizational goals.
    • Ensure operational requirements are considered while developing products in an Agile way.
    • Stay in alignment when designing and delivering services.

    The most significant Agile adoption barriers

    46% of respondents identified inconsistent processes and practices across teams as a challenge.
    Source: Digital.ai, 2021

    43% of respondents identified Culture clashes as a challenge.
    Source: Digital.ai, 2021

    What is Agile?

    Agile development is an umbrella term for several iterative and incremental development methodologies to develop products.

    In order to achieve Agile development, organizations will adopt frameworks and methodologies like Scaled Agile Framework (SAFe), Scrum, Large Scaled Scrum (LeSS), DevOps, Spotify Way of Working (WoW), etc.

    • DevOps
    • WoW
    • SAFe
    • Scrum
    • LeSS

    Master the Secrets of VMware Licensing to Maximize Your Investment

    • Buy Link or Shortcode: {j2store}138|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • A lack of understanding around VMware’s licensing models, bundles, and negotiation tactics makes it difficult to negotiate from a position of strength.
    • Unfriendly commercial practices combined with hyperlink-ridden agreements have left organizations vulnerable to audits and large shortfall payments.
    • Enterprise license agreements (ELAs) come in several purchasing models and do not contain the EULA or various VMware product guide documentation that governs license usage rules and can change monthly.
    • Without a detailed understanding of VMware’s various purchasing models, shelfware often occurs.

    Our Advice

    Critical Insight

    • Contracts are typically overweighted with a discount at the expense of contractual T&Cs that can restrict license usage and expose you to unpleasant financial surprises and compliance risk.
    • VMware customers almost always have incomplete price information from which to effectively negotiate a “best in class” ELA.
    • VMware has a large lead in being first to market and it realizes that running dual virtualization stacks is complex, unwieldy, and expensive. To further complicate the issues, most skill sets in the industry are skewed towards VMware.

    Impact and Result

    • Negotiate desired terms and conditions at the start of the agreement, and prioritize which use rights may be more important than an additional discount percentage.
    • Gather data points and speak with licensing partners to determine if the deal being offered is in fact as great as VMware says it is.
    • Beware of out-year pricing and ELA optimization reviews that may provide undesirable surprises and more spend than was planned.

    Master the Secrets of VMware Licensing to Maximize Your Investment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Your VMware Agreements – Use the Info-Tech tools capture your existing licenses and prepare for your renewal bids.

    Use Info-Tech’s licensing best practices to avoid shelfware with VMware licensing and remain compliant in case of an audit.

    • Master the Secrets of VMware Licensing to Maximize Your Investment Storyboard

    2. Manage your VMware agreements

    Use Info-Tech’s licensing best practices to avoid shelfware with VMware licensing and remain compliant in case of an audit.

    • VMware Business as Usual – Install Base SnS Renewal Only Tool
    • VMware ELA RFQ Template

    3. Transition to the VMWare Cloud – Use these tools to evaluate your ELA and vShpere requirements and make an informed choice.

    Manage your renewals and transition to the cloud subscription model.

    • VPP Transactional Purchase Tool
    • VMware ELA Analysis Tool
    • vSphere Edition 7 Features List

    Infographic

    Further reading

    Master the Secrets of VMware Licensing to Maximize Your Investment

    Learn the essential steps to avoid overspending and to maximize negotiation leverage with VMware.

    EXECUTIVE BRIEF

    Analyst Perspective

    Master the Secrets of VMware Licensing to Maximize Your Investment.

    The image contains a picture of Scott Bickley.

    The mechanics of negotiating a deal with VMware may seem simple at first as the vendor is willing to provide a heavy discount on an enterprise license agreement (ELA). However, come renewal time, when a reduction in spend or shelfware is needed, or to exit the ELA altogether, the process can be exceedingly frustrating as VMware holds the balance of power in the negotiation.

    Negotiating a complete agreement with VMware from the start can save you from an immense headache and unforeseen expenditures. Many VMware customers do not realize that the terms and conditions in the Volume Purchasing Program (VPP) and Enterprise Purchasing Program (EPP) agreements limit how and where they are able to use their licenses.

    Furthermore, after the renewal is complete, organizations must still worry about the management of various license types, accurate discovery of what has been deployed, visibility into license key assignments, and over and under use of licenses.

    Preventive and proactive measures enclosed within this blueprint will help VMware clients mitigate this minefield of challenges.

    Scott Bickley
    Practice Lead, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    VMware's dominant position in the virtualization space can create uncertainty to your options in the long term as well as the need to understand:

    • The hybrid cloud model.
    • Hybrid VM security and management.
    • New subscription license model and how it affects renewals.

    Make an informed decision with your VMware investments to allow for continued ROI.

    There are several hurdles that are presented when considering a VMware ELA:

    • Evolving licensing and purchasing models
    • Understanding potential ROI in the cloud landscape
    • Evolving door of corporate ownership

    Overcoming these and other obstacles are key to long-term satisfaction with your VMware infrastructure.

    Info-Tech has a two-phase approach:

    • Manage your VMware agreements.
    • Plan a transition to the cloud.

    A tactical roadmap approach to VMware ELA and the cloud will ensure long-term success and savings.

    Info-Tech Insight

    VMware customers almost always have incomplete price information from which to effectively negotiate a “best in class” ELA.

    Your challenge

    VMware's dominant position in the virtualization space can create uncertainty to your options in the long term driven by:

    • VMware’s dominant market position and ownership of the virtualization market, which is forcing customers to focus on managing capacity demand to ensure a positive ROI on every license.
    • The trend toward a hybrid cloud for many organizations, especially those considering using VMware in public clouds, resulting in confusion regarding licensing and compliance scenarios.

    ELAs and EPPs are generally the only way to get a deep discount from VMware.

    The image contains a pie chart to demonstrate that 85% have answered yes to being audited by VMware for software license compliance.

    Common obstacles

    There are several hurdles that are presented when considering a VMware ELA.

    • A lack of understanding around VMware’s licensing models, bundles, and negotiation tactics makes it difficult to negotiate from a position of strength.
    • Unfriendly commercial practices combined with hyperlink-ridden agreements have left organizations vulnerable to audits and large shortfall payments.
    • ELAs come in several purchasing models and do not contain the EULA or various VMware product guide documentation that govern license usage rules and can change monthly.

    Competition is a key driver of price

    The image contains a screenshot of a bar graph to demonstrate virtualization market share % 2022.

    Source: Datanyze

    Master the Secrets of VMware Licensing to Maximize your Investment

    The image contains a screenshot of the Thought model on Master the secrets of VMware Licensing to Maximize your Investment.

    Info-Tech’s methodology for Master the Secrets of VMware Licensing to Maximize Your Investment

    1. Manage Your VMware Agreements

    2. Transition to the VMware Cloud

    Phase Steps

    1.1 Establish licensing requirements

    1.2 Evaluate licensing options

    1.3 Evaluate agreement options

    1.4 Purchase and manage licenses

    1.5 Understand SnS renewal management

    2.1 Understand the VMware subscription model

    2.2 Migrate workloads and licenses

    2.3 Manage SnS and cloud subscriptions

    Phase Outcomes

    Understanding of your licensing requirements and what agreement option best fits your needs for now and the future.

    Knowledge of VMware’s sales model and how to negotiate the best deal.

    Knowledge of the evolving cloud subscription model and how to plan your cloud migration and transition to the new licensing.

    Insight summary

    Overarching insight

    With the introduction of the subscription licensing model, VMware licensing and renewals are becoming more complex and require a deeper understanding of the license program options to best manage renewals and cloud deployments as well as to maximize legacy ROI.

    Phase 1 insight

    Contracts are typically overweighted with a discount at the expense of contractual T&Cs that can restrict license usage and expose you to unpleasant financial surprises and compliance risk.

    Phase 1 insight

    VMware has a large lead in being first to market and it realizes running dual virtualization stacks is complex, unwieldy, and expensive. To further complicate the issues, most skill sets in the industry are skewed toward VMware.

    Phase 2 insight

    VMware has purposefully reduced a focus on the actual license terms and conditions; most customers focus on the transactional purchase or the ELA document, but the rules governing usage are on a website and can be changed by VMware regularly.

    Tactical insight

    Beware of out-year pricing and ELA optimization reviews that may provide undesirable surprises and more spend than was planned.

    Tactical insight

    Negotiate desired terms and conditions at the start of the agreement, and prioritize which use rights may be more important than an additional discount percentage.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    VMware ELA Analysis Tool

    VMware ELA RFQ Template Tool

    VPP Transaction Purchase Tool

    VMware ELA Analysis Tool

    Use this tool as a template for an RFQ with VMware ELA contracts.

    Use this tool to analyze cost breakdown and discount based on your volume purchasing program (VPP) level.

    The image contains screenshots of the VMware ELA Analysis Tool. The image contains a screenshot of the VMware ELA RFQ template tool. The image contains a screenshot of the VPP Transaction Purchase Tool.

    Key deliverable:

    VMware Business as Usual SnS Renewal Only Tool

    Use this tool to analyze discounts from a multi-year agreement vs. prepay. See how you can get the best discount.

    The image contains screenshots of the VMware Business as Usual SnS Renewal Only Tool.

    Blueprint Objectives

    The aim of this blueprint is to provide a foundational understanding of VMware’s licensing agreement and best practices to manage them.

    Why VMware

    What to Know

    The Future

    VMware is the leader in OS virtualization, however, this is a saturated market, which is being pressured by public and hybrid cloud as a competitive force taking market share.

    There are few viable alternatives to VMware for virtualization due to vendor lock-in of existing IT infrastructure footprint. It is too difficult and cost prohibitive to make a shift away from VMware even when alternative solutions are available.

    ELAs are the preferred method of contracting as it sets the stage for a land-and-expand product strategy; once locked into the ELA model, customers must examine VMware alternatives with preference or risk having Support and Subscription Services (SnS) re-priced at retail.

    VMware does not provide a great deal of publicly available information regarding its enterprise license agreement (ELA) options, leaving a knowledge gap that allows the sales team to steer the customer.

    VMware is taking countermeasures against increasing competition.

    Recent contract terms changed to eliminate perpetual caps on SnS renewals; they are now tied to a single year of discounted SnS, then they go to list price.

    Migration of list pricing to a website versus contract, where pricing can now be changed, reducing discount percentage effectiveness.

    Increased audits of customers, especially those electing to not renew an ELA.


    Examining VMware’s vendor profile

    Turbonomics conducted a vendor profile on major vendors, focusing on licensing and compliance. It illustrated the following results:

    The image contains a pie graph to demonstrate that the majority of companies say yes to using license enterprise software from VMware.

    The image contains a bar graph to demonstrate what license products organizations use of VMware products.

    Source: Turbonomics
    N-sample size

    Case Study

    The image contains a logo for ADP.

    INDUSTRY: Finance

    SOURCE: VMware.com

    “We’ll have network engineers, storage engineers, computer engineers, database engineers, and systems engineers all working together as one intact team developing and delivering goals on specific outcomes.” – Vipul Nagrath, CIO, ADP

    Improving developer capital management

    Constant innovation helped ADP keep ahead of customer needs in the human resources space, but it also brought constant changes to the IT environment. Internally, the company found it was spending too long working on delivering the required infrastructure and system updates. IT staff wanted to improve velocity for refreshes to better match the needs of ADP developers and encourage continued development innovation.

    Business needs

    • Improve turnaround time on infrastructure refreshes to better meet developer roadmaps.
    • Establish an IT culture that works at the global scale of ADP and empowers individual team members.
    • Streamline approach toward infrastructure resource delivery to reduce need for manual management.

    Impact

    • Infrastructure resource delivery reduced from 100+ days to minutes, improving ADP developer efficiency.
    • VMware Cloud™ on AWS establishes seamless private and public cloud workflows, fostering agility and innovation.
    • Automating IT management redirects resources to R&D, boosting time to market for new services.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Discuss scope requirements, objectives, and your specific challenges.

    Call #2: Assess the current state.

    Determine licensing position.

    Call #3: Complete a deployment count, needs analysis, and internal audit.

    Call #4: Review findings with analyst:

    • Review licensing options.
    • Review licensing rules.
    • Review contract option types.

    Call #5: Select licensing option. Document forecasted costs and benefits.

    Call #6: Review final contract:

    • Discuss negotiation points.
    • Plan a roadmap for SAM.

    Call #7: Negotiate final contract. Evaluate and develop a roadmap for SAM.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 2 to 6 calls over the course of 1 to 2 months.

    Phase # 1

    Manage Your VMware Agreements

    Phase 1

    Phase 2

    1.1 Establish licensing requirements

    1.2 Evaluate licensing options

    1.3 Evaluate agreement options

    1.4 Purchase and manage licenses

    2.1 Understand the VMware subscription model

    2.2 Migrate workloads and licenses

    2.3 Discuss the VMware sales approach

    2.4 Manage SnS and cloud subscriptions

    This phase will walk you through the following activities:

    • Understanding the VMware licensing model
    • Understanding the license agreement options
    • Understanding the VMware sales approach

    This phase will take you thorough:

    • The new VMware subscription movement to the cloud
    • How to prepare and migrate
    • Manage your subscriptions efficiently

    1.1 Establish licensing requirements

    VMware has greatly improved the features of vSphere over time.

    vSphere Main Editions Overview

    • vSphere Standard – Provides the basic features for server consolidation. A support and subscription contract (SnS) is mandatory when purchasing the vSphere Standard.
    • vSphere Enterprise Plus – Provides the full range of vSphere features. A support and subscription contract (SnS) is mandatory when purchasing the Enterprise Plus editions.
    • vSphere Essentials kit – The Essentials kit is an all-in-one solution for small environments with up to three hosts (2 CPUs on each host). Support is optional when purchasing the Essentials kit and is available on a per-incident basis.
    • vSphere Essentials Plus kit – This is similar to the Essentials kit and provides additional features such as vSphere vMotion, vSphere HA, and vSphere replication. A support and subscription contract (SnS) is sold separately, and a minimum of one year of SnS is required.

    Review vSphere Edition Features

    The image contains a screenshot to review the vSphere Edition Features.

    Download the vSphere Edition 7 Features List

    1.2 Evaluate licensing options

    VMware agreement types

    Review purchase options to align with your requirements.

    Transactional VPP EPP ELA

    Transactional

    Entry-level volume license purchasing program

    Mid-level purchasing program

    Highest-level purchasing program

    • Purchasing in this model is not recommended for business purposes unless very infrequent and low quantities.
    • 250 points minimum
    • Four tiers of discounts
    • Rolling eight-quarter points accumulation period
    • Discounts on license only

    Deal size of initial purchase typically is:

    • US$250K MSRP License + SnS (2,500 tokens)
    • Exceptions do exist with purchase volume

    Minimum deal size of top-up purchase:

    • US$50K MSRP License + SnS (500 tokens)
    • Initial purchase determines token level
    • Three-year term

    Minimum deal size of initial purchase:

    • US$150K-$250K
    • Discounted licenses and SnS through term of contract
    • Single volume license key
    • No final true-up
    • Global deployment rights and consolidation of multiple agreements

    1.2.1 The Volume Purchasing Program (VPP)

    This is the entry-level purchasing program aimed at small/mid-sized organizations.

    How the program works

    • The threshold to be able to purchase from the VPP program is 250 points minimum, equivalent to $25,000.
    • Discounts attained can only be applied to license purchases. They do not apply to service and support/renewals. Discounts range from 4% to 12%.
    • For the large majority of products 1 VPP point = ~$100.
      • Point values will be the same globally.
      • Point ratios may vary over time as SKUs are changed.
      • Points are valid for two years.

    Benefits

    • Budget predictability for two years.
    • Simple license purchase process.
    • Receive points on qualifying purchases that accumulate over a rolling eight-quarter period.
    • Online portal for tracking purchases and eligible discounts.
    • Global program where affiliates can purchase from existing contract.

    VPP Point & Discount Table

    Level

    Point Range

    Discount

    1

    250-599

    4%

    2

    600-999

    6%

    3

    1,000-1,749

    9%

    4

    1,750+

    12%

    Source: VMware Volume Purchasing Program

    1.2.2 Activity VPP Transactional Purchase Tool

    1-3 hours

    Instructions:

    1. Use the tool to analyze the cost breakdown and discount based on your Volume Purchasing Program level.
    2. On tab 1, Enter SnS install base renewal units and or new license details.
    3. Review tab 2 for Purchase summary.

    The image contains a screenshot of the VPP Transactional Purchase Tool.

    Input Output
    • SnS renewal details
    • New license requirements and pricing
    • Transaction purchase summary
    • Estimated VPP purchase level
    Materials Participants
    • Current VMware purchase orders
    • Any SnS renewal requirements
    • Transaction Purchase Tool
    • Procurement
    • Vendor Management
    • Licensing Admin

    Download the VPP Transactional Purchase Tool

    1.3 Evaluate agreement options

    Introduction to EPP and ELA

    What to know when using a token/credit-based agreement.

    Token/credit-based agreements carry high risk as customers are purchasing a set number of tokens/credits to be redeemed during the ELA term for licenses.

    • Tokens/credits that are not used during the ELA term expire and become worthless.
    • By default in most agreements (negotiation dependent), tokens/credits are tied to pricing maintained by VMware on its website that is subject to change (increase usually), resulting in a reduced value for the tokens/credits.
      • Therefore, it is necessary to negotiate to have current list prices for all products/versions included in the ELA to prevent price increases while in the current ELA term.
    • Token-based agreements may come with a lower overall discount level as VMware is granting more flexibility in terms of the wider product selection offered, vendor cost of overhead to manage the redemption program, currency exchange risks, and more complex revenue recognition headaches.

    1.3.1 The Enterprise Purchasing Program (EPP)

    This is aimed at mid-tier customers looking for flexibility with deeper discounting.

    How the program works

    • Token-based program in which tokens are redeemed for licenses and/or SnS.
      • Tokens can be added at any time to active fund.
      • Token usage is automatically tracked and reported.
    • Minimum order of 2,500 tokens, equivalent to $250,000 (1 token=$100).
      • Exceptions have been made, allowing for lower minimum spends.
    • Restricted to specific regions, not a global agreement.
    • Self-service portal for access to license keys and support entitlements.
    • Deeper discounting than the VMware Volume Purchase Program.
    • EPP initial purchase gets VPP L4 for four years.

    Benefits

    • Able to mix and match VMware products, manage licenses, and adjust deployment strategy.
    • Prices are protected for term of the EPP agreement.
    • Number of tokens needed to obtain a product or SnS are negotiated at the start of the contract and fixed for the term.
    • SnS is co-termed to the EPP term.
    • Ability to purchase new products that become available at a future date and are listed on the EPP Eligibility Matrix.

    EPP Level & Point Table

    Level

    Point Range

    7

    2,500-3,499

    8

    3,500-4,499

    9

    4,500-5,999

    10

    6,000+

    Source: VMware Volume Purchasing Program

    1.3.2 The ELA is aimed at large global organizations, offering the deepest discounts with operational benefits and flexibility

    What is an ELA?

    • The ELA agreement provides the best vehicle for global enterprises to obtain maximum discounts and price-hold protection for a set period of time. Discounts and price holds are removed once an ELA has expired.
    • The ELA minimum spend previously was $500,000. Purchase volume now generally starts at $250K total spend with exceptions and, depending on VMware, it may be possible to attain for $150K in net-new license spend.

    Key things to know

    • Customers pay up front for license and SnS rights, but depending on the deployment plans, the value of the licenses is not realized and/or recognized for up to two years after point of purchase.
    • License and SnS is paid up front for a three-year period in most ELAs, although a one- or two-year term can be negotiated.
    • Licenses not deployed in year one should be discounted in value and drive a re-evaluation of the ELA ROI, as even heavily discounted licenses that are not used until year three may not be such a great deal in retrospect.
      • Use a time value of money calculation to arrive at a realistic ROI.
      • Partner with Finance and Accounting to ensure the ROI also clears any Internal Hurdle Rate (IHR).
      • Share and strategically position your IHR with VMware and resellers to ensure they understand the minimum value an ELA deal must bring to the table.
    • Organizational changes, such as merger, acquisition, and divestiture (MAD) activities, may result in the customer paying for license rights that can no longer be used and/or require a renegotiated ELA.

    Info-Tech Insight

    If a legacy ELA exists that has “deploy or lose” language, engage VMware to recapture any lost license rights as VMware has changed this language effective with 2016 agreements and there is an “appeals” process for affected customers.

    1.3.3 Select the best ELA variant to match your specific demand profile and financial needs

    The advantages of an ELA are:

    • Maximum discount level + price protection
    • SnS discounted at % of net license fee
    • Sole option for global use territory rights

    General disadvantages are:

    • Term lock-in with SnS for three years
    • Pay up front and if defer usage, ROI drops
    • Territory rights priced at a premium versus domestic use rights

    Type of ELAs

    ELA Type

    Description

    Pros and Cons

    Capped (max quantities)

    Used to purchase a specific quantity and type of license.

    Pro – Clarity on what will be purchased

    Pro – Lower risk of over licensing

    Con – Requires accurate forecasting

    All you can eat or unlimited

    Used to purchase access to specified products that can be deployed in unlimited quantities during the ELA term.

    Pro – Acquire large quantity of licenses

    Pro – Accurate forecasting not critical

    Con – Deployment can easily exceed forecast, leading to high renewal costs

    Burn-down

    A form of capped ELA purchase that uses prepaid tokens that can be used more flexibly to acquire a variety of licenses or services. This can include the hybrid purchasing program (HPP) credits. However, the percentage redeemable for VMware subscription services may be limited to 10% of the MSRP value of the HPP credit.

    Pro – Accurate demand forecast not critical

    Pro – Can be used for products and services

    Con – Unused tokens or credits are forfeited

    True-up

    Allows for additional purchases during the ELA term on a determined schedule based on the established ELA pricing.

    Pro – Consumption payments matched after initial purchase

    Pro – Accurate demand forecast not critical

    Con – Potentially requires transaction throughout term

    1.4 Purchase and manage licenses

    Negotiating ELA terms and conditions

    Editable copies of VMware’s license and governance documentation are a requirement to initiate the dialogue and negotiation process over T&Cs.

    VMware’s licensing is complex and although documentation is publicly available, it is often hidden on VMware’s website.

    Many VMware customers often overlook reviewing the license T&Cs, leaving them open to compliance risks.

    It is imperative for customers to understand:

    • Product definition for licensing of each acquired product
    • Products included by bundle
    • Use restrictions:
      • The VMware Product Guide, which includes information about:
        • ELA Order Forms, Amendments, Exhibits, EULA, Support T&Cs, and other policies that add dozens of pages to a contractual agreement.
        • All of these documents are web based and can change monthly; URL links in the contract do not take the user to the actual document but a landing page from which customers must find the applicable documents.
      • Obtain copies of ALL current documents at the time of your order and keep as a reference in the CLM and SAM systems.

    Build in time to obtain, review, and negotiate these documents (easily weeks to months).

    1.4.1 Negotiating ELA terms and conditions specifics

    License and Deployment

    • Review perpetual use rights for all licenses purchased under the ELA (exception being subscription services).
    • Carefully scrutinize contract language for clearly defined deployment rights.
      • Some agreements contain language that terminates the use rights for licenses not deployed by the end of the ELA term.
    • While older contracts would frequently contain clearly defined token values and product prices for the ELA term, VMware has moved away from this process and now refers to URL links for current MSRP pricing.

    Use Rights

    • The customer’s legal entities and territories listed in the contract are hard limits on the license usage via the VMware Product Guide definitions. Global use rights are not a standard license grant with VMware license agreement by default. Global rights are usually tied to an ELA.
    • VMware audits most aggressively against violations of territory use rights and will use the non-compliance events to resolve the issue via a commercial transaction.
      • Negotiate for assignment rights with no strings attached in terms of fees or multi-party consent by future affiliates or successors to a surviving entity.
    • Extraordinary Corporate Transaction clause: VMware’s standard language prevents customers from using licenses within the ELA for any third party that becomes part of customer’s business by way of acquisition, merger, consolidation, change of control, reorganization, or other similar transaction.
      • Request VMware to drop this language.
    • Include any required language pertaining to MAD events as default language will not allow for transfer or assignment of license rights.

    Checklist of necessary information to negotiate the best deal

    Product details that go beyond the sales pitch

    • Product family
    • Unique product SKU for license renewal
    • Part description
    • Current regional or global price list
    • One and three-year proposal for SnS renewals including new license and SnS detail
    • SnS term dates
    • Discount or offered prices for all line items (global pricing is generally ~20% higher than US pricing)

    Different support levels (e.g. basic, enterprise, per incident)

    • Standard pricing:
      • Basic Support = 21% of current list price (12x5)
      • Production Support = 25% of current list price (24x7 for severity 1 issues) – defined in VMware Support and Subscription Services T&Cs; non-severity 1 issues are 12x5

    Details to ensure the product being purchased matches the business needs

    • Realizing after the fact the product is insufficient with respect to functional requirements or that extra spend is required can be frustrating and extend expected timelines

    SnS renewals pricing is based on the (1) year SnS list price

    • This can be bundled for a multi-year discounted SnS rate (can result in 12%+ under VPP)

    Governing agreements, VPP program details

    • Have a printed copy of documents that are URL links, which VMware can change, allowing for surprises or unexpected changes in rules

    1.4.2 Activity VMware ELA Analysis Tool

    2-4 hours

    Instructions:

    1. As a group, review the various RFQ responses. Identify top three proposals and start to enter proposal details into the VPP Prepay or ELA tabs of the analysis tool.
    2. Review savings in the ELA Offer Analysis tab.

    The image contains screenshots of the VMware ELA Analysis Tool.

    Input Output
    • RFQ requirements data
    • RFQ response data
    • Analysis of ELA proposals
    • ELA savings analysis
    Materials Participants
    • RFQ response documents
    • ELA Analysis Tool
    • IT Leadership
    • Procurement
    • Vendor Management

    Download the VMware ELA Analysis Tool

    1.4.3 Negotiating ELA terms and conditions specifics: pricing, renewal, and exit

    VMware does not offer price protection on future license consumption by default.

    Securing “out years” pricing for SnS or the cost of SnS is critical or it will default to a set percentage (25%) of MSRP, removing the ELA discount.

    Typically, the out year is one year; maximum is two years.

    Negotiate the “go forward” SnS pricing post-ELA term as part of the ELA negotiations when you have some leverage.

    Default after (1) out year is to rise to 25% of current MSRP versus as low as 20% of net license price within the ELA.

    Carefully incorporate the desired installed-base licenses that were acquired pre-ELA into the agreement, but ensure unwanted licenses are removed.

    Ancillary but binding support policies, online terms and conditions, and other hyperlinked documentation should be negotiated and incorporated as part of the agreement whenever possible.

    1.4.4 Find the best reseller partner

    Seek out a qualified VMware partner that will work with you and with your interest as a priority:

    1. Resellers, at minimum, should have achieved an enterprise-level rating, as these partners can offer the deepest discounts and have more clout with VMware.
    2. Select your reseller prior to engaging in any RFX acquisition steps. Verify they are enterprise level or higher AND secure their written commitment to maximum pass-through of the discounting provided to them by VMware.
    3. Document and prioritize key T&Cs for your ELA and submit to your sales team along with a requirement and timeline for their formal response. Essentially, this escalates outside of the VMware process and disrupts the status quo. Ideally this will occur in advance of being presented a contract by VMware and be pre-emptive in nature.
    4. If applicable and of benefit or a high priority, seek out a reseller that is willing to finance the VMware upfront payment cost at a low or no interest rate.
    5. It will be important to have ELA-level deals escalated to higher levels of authority to obtain “best in class” discount levels, above and beyond those prescribed in the VMware sales playbook.
    6. VMware’s standard process is to “route” customers through a pre-defined channel and “deal desk” process. Preferred pricing of up to an additional 10% discount is reserved for the first reseller that registers the deal with VMware, with larger discounts reserved for the Enterprise and Premium partners. Additional discounts can be earned if the deal closes within specified time periods (First Deal Registration).

    1.4.5 Activity VMware ELA RFQ Template

    1-3 hours

    Use this tool for as a template for an RFQ with VMware ELA contracts.

    1. For SnS renewals that contain no new licenses, state that the requirement for award consideration is the provisioning of all details for each itemized SnS renewal product code corresponding to all the licenses of your installed base. The details for the renewals are to be placed in Section 1 of the template.
    2. SnS Renewal Options: Info-Tech recommends that you ask for one- and three-year SnS renewal proposals, assuming these terms are realistic for your business requirements. Then compare your SnS BAU costs for these two options against ELA offers to determine the best choice for your renewal.

    The image contains a screenshot of the VMware ELA RFQ Template.

    Input Output
    • Renewing SnS data
    • Agreement type options
    • Detailed list of required licenses
    • Summary list of SnS requirements
    Materials Participants
    • RFQ Template
    • SnS renewal summary
    • New license/subscription details
    • IT Leadership
    • Vendor Management
    • Procurement

    Download the VMware ELA RFQ Template

    1.4.6 Consider your path forward

    Consider your route forward as contract commitments, license compliance, and terms and conditions differ in structure to perpetual models previously used.

    • Are you able to accurately discover VMware licensing within your environment?
    • Is licensing managed for compliance? Are internal audits conducted so you have accurate results?
    • Have the product use rights been examined for terms and conditions such as geographic rights? Some T&Cs may change over time due to hyperlinked references within commercial documents.
    • How are Oracle and SQL being used within your VMware environment? This may affect license compliance with Oracle and Microsoft in virtualized environments.
    • Prepare for the Subscription model; it’s here now and will be the lead discussion with all VMware reps going forward.

    Shift to Subscription

    1. With the $64bn takeover by Broadcom, there will be a significant shift and pressure to the subscription model.
    2. Broadcom has significant growth targets for its VMware acquisition that can only be achieved through a strong press to a SaaS model.

    Info-Tech Insight

    VMware has a license cost calculator and additional licensing documents that can be used to help determine what spend should be.

    Phase # 2

    Transition to the VMware Cloud

    Phase 1

    Phase 2

    1.1 Establish licensing requirements

    1.2 Evaluate licensing options

    1.3 Evaluate agreement options

    1.4 Purchase and manage licenses

    2.1 Understand the VMware subscription model

    2.2 Migrate workloads and licenses

    2.3 Discuss the VMware sales approach

    2.4 Manage SnS and cloud subscriptions

    This phase will walk you through the following activities:

    • Understand the VMware licensing model
    • Understand the license agreement options
    • Understand the VMware sales approach

    This phase will take you thorough:

    • The new VMware subscription movement to the cloud
    • How to prepare and migrate
    • Manage your subscriptions efficiently

    2.1 Understand the VMware subscription model

    VMware Cloud Universal

    • VMware Cloud Universal unifies compute, network, and storage capabilities across infrastructures, management, and applications.
    • Take advantage of financial and cloud management flexibility by combining on-premises and SaaS capabilities for automation, operations, log analytics, and network visibility across your infrastructure.
    • Capitalize on VMware knowledge by integrating proven migration methods and plans across your transformation journey such as consumption strategies, business outcome workshops, and more.
    • Determine your eligibility to earn a one-time discount with this exclusive benefit designed to offset the value of your current unamortized VMware on-premises license investments and then reallocate toward your multi-cloud initiatives.

    2.2 Migrate workloads and licenses to the cloud

    There are several cloud migration options and solutions to consider.

    • VMware Cloud offers solutions that can provide a low-cost path to the cloud that will help accelerate modernization.
    • There are also many third-party solution providers who can be engaged to migrate workloads and other infrastructure to VMware Cloud and into other public cloud providers.
    • VMware Cloud can be deployed on many IaaS providers such as AWS, Azure, Google, Dell, and IBM.

    VMware Cloud Assist

    1. Leverage all available transition funding opportunities and any IaaS migration incentives from VMware.
    2. Learn and understand the value and capabilities of VMware vRealize Cloud Universal to help you transition and manage hybrid infrastructure.

    2.2.1 Manage your VMware cloud subscriptions

    Use VMware vRealize to manage private, public, and local environments.

    Combine SaaS and on-premises capabilities for automation, operations, log analytics, network visibility, security, and compliance into one license.

    The image contains a screenshot of a diagram to demonstrate VMware cloud subscriptions.

    2.3 The VMware sales approach

    Understand the pitch before entering the discussion

    1. VMware will present a PowerPoint presentation proposal comparing a Business-as-Usual (BAU) scenario versus the ELA model.
    2. Critical factors to consider if considering the proposed ELA are growth rate projections, deployment schedule, cost of non-ELA products/options, shelf-ware, and non-ELA discounts (e.g. VPP, multi-year, or pre-paid).
    3. Involving VMware’s direct account team along with your reseller in the negotiations can be beneficial. Keep in mind that VMware ultimately decides on the final price in terms of the discount that is passed through. Ensure you have a clear line of sight into how pricing is determined.
    4. Explore reseller incentives and promotional programs that may provide for deeper than normal discount opportunities.

    INFO-TECH TIP: Create your own assumptions as inputs into the BAU model and then evaluate the ELA value proposition instead of depending on VMware’s model.

    2.4 Manage SnS and cloud subscriptions

    The new subscription model is making SnS renewal more complex.

    • Start renewal planning four to six months prior to anniversary.
    • Work closely with your reseller on your SnS renewal options.
    • Request “as is” versus subscription renewal proposal from reseller or VMware with a “savings” component.
    • Consider and review multi-year versus annual renewal; savings will differ.
    • For the Subscription transition renewal model, ensure that credits for legacy licensing is provided.
    • Negotiate cloud transition investments and incentives from VMware.

    What information to collect and how to analyze it

    • Negotiating toward preferred terms on SnS is critical, more so than when new license purchases are made, as approximately 75-80% of server virtualization are at x86 workloads, where maintenance revenue is a larger source of revenue for VMware than new license sales.
    • All relevant license and SnS details must be obtained from VMware to include Product Family, Part Description, Product Code (SKU), Regional/Global List Price, SnS Term Dates, and Discount Price for all new licenses.
    • VMware has all costs tied to the US dollar; you must calculate currency conversion into ROI models as VMware does not adjust token values of products across geographies or currency of purchase. The token to dollar value by product SKU is locked for the three-year term. This translates into a variable cost model depending on how local currency fluctuates against the US dollar; time the initial purchase to take this into consideration, if applicable.
    • Products purchased based on MSRP price with each token contains a value of US$100. Under the Hybrid Purchasing Program (HPP) credit values and associated buying power will fluctuate over the term as VMware reserves the right to adjust current list prices. Consider locking in a set product list and pricing versus HPP.
    • Take a structured approach to discover true discounts via the use of a tailored RFQ template and options model to compare and contrast VMware ELA proposals.

    Use Info-Tech Research Group’s customized RFQ template to discover true discount levels and model various purchase options for VMware ELA proposals.

    The image contains a screenshot of the VMware RFQ Template Tool.

    Summary of accomplishment

    Knowledge Gained

    • The key pieces of licensing information that should be gathered about the current state of your own organization.
    • An in-depth understanding of the required licenses across all of your products.
    • Clear methodology for selecting the most effective contract type.
    • Development of measurable, relevant metrics to help track future project success and identify areas of strength and weakness within your licensing program.

    Processes Optimized

    • Senior leaders in IT now have a clear understanding of the importance of licensing in relation to business objectives.
    • Understanding of the various licensing considerations that need to be made.
    • Contract negotiation.

    Related Info-Tech Research

    Prepare for Negotiations More Effectively

    • IT budgets are increasing, but many CIOs feel their budgets are inadequate to accomplish what is being asked of them.
    • Eighty percent of organizations don’t have a mature, repeatable, scalable negotiation process.
    • Training dollars on negotiations are often wasted or ineffective.

    Price Benchmarking & Negotiation

    You need to achieve an objective assessment of vendor pricing in your IT contracts, but you have limited knowledge about:

    • Current price benchmarking on the vendor.
    • Pricing and negotiation intelligence.
    • How to secure a market-competitive price.
    • Vendor pricing tiers, models, and negotiation tactics.

    VMware vRealize Cloud Management

    VMware vCloud Suite is an integrated offering that brings together VMware’s industry-leading vSphere hypervisor and VMware vRealize Suite multi-vendor hybrid cloud management platform. VMware’s new portable licensing units allow vCloud Suite to build and manage both vSphere-based private clouds and multi-vendor hybrid clouds.

    Bibliography

    Barrett, Alex. “vSphere and vCenter licensing and pricing explained -- a VMware license guide.” TechTarget, July 2010. Accessed 7 May 2018.
    Bateman, Kayleigh. “VMware licensing, pricing and features mini guide.” Computer Weekly, May 2011. Accessed 7 May 2018.
    Blaisdell, Rick. “What Are The Common Business Challenges The VMware Sector Faces At This Point In Time?” CIO Review, n.d. Accessed 7 May 2018.
    COMPAREX. “VMware Licensing Program.” COMPAREX, n.d. Accessed 7 May 2018.
    Couesbot, Erwann. “Using VMware? Oracle customers hate this licensing pitfall.” UpperEdge, 17 October 2016. Accessed 7 May 2018.
    Crayon. “VMware Licensing Programs.” Crayon, n.d. Accessed 7 May 2018.
    Datanyze." Virtualization Software Market Share.” Datanyze, n.d. Web.
    Demers, Tom. “Top 18 Tips & Quotes on the Challenges & Future of VMware Licensing.” ProfitBricks, 1 September 2015. Accessed 7 May 2018.
    Fenech, J. “A quick look at VMware vSphere Editions and Licensing.” VMware Hub by Altaro, 17 May 2017. Accessed 7 May 2018.
    Flexera. “Challenges of VMware Licensing.” Flexera, n.d. Accessed 5 February 2018.
    Fraser, Paris. “A Guide for VMware Licensing.” Sovereign, 11 October 2016. Accessed 7 May 2018.
    Haag, Michael. “IDC Data Shows vSAN is the Largest Share of Total HCI Spending.” VMware Blogs, 1 December 2017. Accessed 7 May 2018.
    Kealy, Victoria. “VMware Licensing Quick Guide 2015.” The ITAM Review, 17 December 2015. Accessed 7 May 2018.
    Kirsch, Brian. “A VMware licensing guide to expanding your environment.” TechTarget, August 2017. Accessed 7 May 2018.
    Kirupananthan, Arun. “5 reasons to get VMware licensing right.” Softchoice, 16 April 2018. Accessed 7 May 2018.
    Knorr, Eric. “VMware on AWS: A one-way ticket to the cloud.” InfoWorld, 17 October 2016. Accessed 7 May 2018
    Leipzig. “Help, an audit! License audits by VMware. Are you ready?” COMPAREX Group, 2 May 2016. Accessed 7 May 2018.
    Mackie, Kurt. “VMware Rips Microsoft for Azure “Bare Metal” Migration Solution.” Redmond Magazine, 27 November 2017. Accessed 7 May 2018.
    Micromail. “VMware vSphere Software Licensing.” Micromail, n.d. Accessed 7 May 2018.
    Microsoft Corportation. “Migrating VMware to Microsoft Azure” Microsoft Azure, November 2017. Accessed 7 May 2018.
    Peter. “Server Virtualization and OS Trends.” Spiceworks, 30 August 2016. Accessed 7 May 2018.
    Rich. “VMware running on Azure.” The ITAM Review, 28 November 2017. Accessed 7 May 2018.
    Robb, Drew. “Everything you need to know about VMware’s licensing shake up.” Softchoice, 4 March 2016. Accessed 7 May 2018.
    Rose, Brendan. “How to determine which VMware licensing option is best.” Softchoice, 28 July 2015. Accessed 7 May 2018.
    Scholten, Eric. “New VMware licensing explained.” VMGuru, 12 July 2011. Accessed 7 May 2018.
    Sharwood, Simon. “Microsoft to run VMware on Azure, on bare metal. Repeat. Microsoft to run VMware on Azure.” The Register, 22 November 2017. Accessed 7 May 2018.
    Siebert, Eric. “Top 7 VMware Management Challenges.” Veeam, n.d. Web.
    Smith, Greg. “Will The Real HCI Market Leader Please Stand Up?” Nutanix, 29 September 2017. Accessed 7 May 2018.
    Spithoven, Richard. “Licensing Oracle software in VMware vCenter 6.0.” LinkedIn, 2 May 2016. Accessed 7 May 2018.
    VMTurbo, Inc. “Licensing, Compliance & Audits in the Cloud Era.” Turbonomics, November 2015. Web.
    VMware. “Aug 1st – Dec 31st 2016 Solution Provider Program Requirements & Incentives & Rewards.” VMware, n.d. Web.
    VMware. “Global Support and Subscription Services “SnS” Renewals Policy.” VMware, n.d. Web.
    VMware. “Support Policies.” VMware, n.d. Accessed 7 May 2018.
    VMware. “VMware Cloud Community.” VMware Cloud, n.d. Accessed 7 May 2018.
    VMware. “VMware Cloud on AWS” VMware Cloud, n.d. Accessed 7 May 2018.
    VMware. “VMware Enterprise Purchasing Program.” VMware, 2013. Web.
    VMware. “VMware Product Guide.” VMware, May 2018. Web.
    VMware. “VMware Volume Purchasing Program.” VMware, April 2019. Web.
    VMware. "VMware Case Studies." VMware, n.d. Web.
    Wiens, Rob. “VMware Enterprise Licensing – What You Need To Know. House of Brick, 14 April 2017. Accessed 7 May 2018

    Mentoring for Agile Teams

    • Buy Link or Shortcode: {j2store}154|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $187,599 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s realities are driving organizations to digitize faster and become more Agile.
    • Most hierarchical, command and control–style organizations are not yet well adapted to using Agile.
    • So-called textbook Agile practices often clash with traditional processes and practices.
    • Members must adapt their Agile practices to accommodate their organizational realities.

    Our Advice

    Critical Insight

    • There is no one-size-fits-all approach to Agile. Agile practices need to be adjusted to work in your organization based on a thoughtful diagnosis of the challenges and solutions tailored to the nature of your organization.

    Impact and Result

    • Identify your Agile challenges and success factors (both organization-wide and team-specific).
    • Leverage the power of research and experience to solve key Agile challenges and gain immediate benefits for your project.
    • Your Agile playbook will capture your findings so future projects can benefit from them.

    Mentoring for Agile Teams Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand how a Agile Mentoring can help your organization to successfully establish Agile practices within your context.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take the Info-Tech Agile Challenges and Success Factors Survey

    This tool will help you identify where your Agile teams are experiencing the most pain so you can create your Agile challenges hit list.

    • Agile Challenges and Success Factors Survey

    2. Review typical challenges and findings

    While each organization/team will struggle with its own individual challenges, many members find they face similar organizational/systemic challenges when adopting Agile. Review these typical challenges and learn from what other members have discovered.

    • Mentoring for Agile Teams – Typical Findings

    Infographic

    Workshop: Mentoring for Agile Teams

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take the Agile Challenges and Success Factors Survey

    The Purpose

    Determine whether an Agile playbook is right for you.

    Broadly survey your teams to identify Agile challenges and success factors in your organization.

    Key Benefits Achieved

    Better understanding of common Agile challenges and success factors

    Identification of common Agile challenges and success factors are prevalent in your organization

    Activities

    1.1 Distribute survey and gather results.

    1.2 Consolidate survey results.

    Outputs

    Completed survey responses from across teams/organization

    Consolidated heat map of your Agile challenges and success factors

    2 Identify Your Agile Challenges Hit List

    The Purpose

    Examine consolidated survey results.

    Identify your most pressing challenges.

    Create a hit list of challenges to be resolved.

    Key Benefits Achieved

    Identification of the most serious challenges to your Agile transformation

    Attention focused on those challenge areas that are most impacting your Agile teams

    Activities

    2.1 Analyze and discuss your consolidated heat map.

    2.2 Prioritize identified challenges.

    2.3 Select your hit list of challenges to address.

    Outputs

    Your Agile challenges hit list

    3 Problem Solve

    The Purpose

    Address each challenge in your hit list to eliminate or improve it.

    Key Benefits Achieved

    Better Agile team performance and effectiveness

    Activities

    3.1 Work with Agile mentor to problem solve each challenge in your hit list.

    3.2 Apply these to your project in real time.

    Outputs

    4 Create Your Agile Playbook

    The Purpose

    Capture the findings and lessons learned while problem solving your hit list.

    Key Benefits Achieved

    Strategies and tactics for being successful with Agile in your organization which can be applied to future projects

    Activities

    4.1 For each hit list item, capture the findings and lessons learned in Module 3.

    4.2 Document these in your Agile Playbook.

    Outputs

    Your Agile Playbook deliverable

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    • Buy Link or Shortcode: {j2store}378|cart{/j2store}
    • member rating overall impact: 7.3/10 Overall Impact
    • member rating average dollars saved: $10,756 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The demand for qualified cybersecurity professionals far exceeds supply. As a result, organizations are struggling to protect their data against the evolving threat landscape.
    • It is a constant challenge to know what skills will be needed in the future, and when and how to acquire them.

    Our Advice

    Critical Insight

    • Plan for the inevitable. All industries are expected to be affected by the talent gap in the coming years. Plan ahead to address your organization’s future needs.
    • Base skills acquisition decisions on the five key factors to define skill needs. Create an impact scale for the five key factors (data criticality, durability, availability, urgency, and frequency) that reflects your organizational strategy, initiatives, and pressures.
    • A skills gap will always exist to some degree. The threat landscape is constantly changing, and your workforce’s skill sets must evolve as well.

    Impact and Result

    • Organizations must align their security initiatives to talent requirements such that business objectives are achieved and the business is cyber ready.
    • Identify if there are skill gaps in your current workforce.
    • Decide how you’ll acquire needed skills based on characteristics of need for each skill.

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a technical skills acquisition strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skill needs for target state

    Identify what skills will be needed in your future state.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 1: Identity Skill Needs for Target State
    • Security Initiative Skills Guide
    • Skills Gap Prioritization Tool

    2. Identify technical skill gaps

    Align role requirements with future initiative skill needs.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 2: Identify Technical Skill Gaps
    • Current Workforce Skills Assessment
    • Technical Skills Workbook
    • Information Security Compliance Manager
    • IT Security Analyst
    • Chief Information Security Officer
    • Security Administrator
    • Security Architect

    3. Develop a sourcing plan for future work roles

    Acquire skills based on the impact of the five key factors.

    • Close the InfoSec Skills Gap: Develop a Skills Sourcing Plan for Future Work Roles – Phase 3: Develop a Sourcing Plan for Future Work Roles
    [infographic]

    Workshop: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Skill Needs for Target State

    The Purpose

    Determine the skills needed in your workforce and align them to your organization’s security roadmap.

    Key Benefits Achieved

    Insight on what skills your organization will need in the future.

    Activities

    1.1 Understand the importance of aligning security initiatives skill needs with workforce requirements.

    1.2 Identify needed skills for future initiatives.

    1.3 Prioritize the initiative skill gaps.

    Outputs

    Security Initiative Skills Guide

    Skills Gap Prioritization Tool

    2 Define Technical Skill Requirements

    The Purpose

    Identify and create technical skill requirements for key work roles that are needed to successfully execute future initiatives.

    Key Benefits Achieved

    Increased understanding of the NICE Cybersecurity Workforce Framework.

    Standardization of technical skill requirements of current and future work roles.

    Activities

    2.1 Assign work roles to the needs of your future environment.

    2.2 Discuss the NICE Cybersecurity Workforce Framework.

    2.3 Develop technical skill requirements for current and future work roles.

    Outputs

    Skills Gap Prioritization Tool

    Technical Skills Workbook

    Current Workforce Skills Assessment

    3 Acquire Technical Skills

    The Purpose

    Assess your current workforce against their role’s skill requirements.

    Discuss five key factors that aid acquiring skills.

    Key Benefits Achieved

    A method to acquire skills in future roles.

    Activities

    3.1 Continue developing technical skill requirements for current and future work roles.

    3.2 Conduct Current Workforce Skills Assessment.

    3.3 Discuss methods of acquiring skills.

    3.4 Develop a plan to acquire skills.

    Outputs

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    4 Plan to Execute Action Plan

    The Purpose

    Assist with communicating the state of the skill gap in your organization.

    Key Benefits Achieved

    Strategy on how to acquire skills needs of the organization.

    Activities

    4.1 Review skills acquisition plan.

    4.2 Discuss training and certification opportunities for staff.

    4.3 Discuss next steps for closing the skills gap.

    4.4 Debrief.

    Outputs

    Technical Skills Workbook

    Availability and Capacity Management

    • Buy Link or Shortcode: {j2store}10|cart{/j2store}
    • Related Products: {j2store}10|crosssells{/j2store}
    • Up-Sell: {j2store}10|upsells{/j2store}
    • member rating overall impact: 8.0/10.0
    • member rating average dollars saved: $2,950
    • member rating average days saved: 10
    • Parent Category Name: Resilient IT Operations
    • Parent Category Link: /resilience/resilient-operations-and-it
    Develop your availability and capacity management plant and align it with exactly what the business expects.

    Integrate IT Risk Into Enterprise Risk

    • Buy Link or Shortcode: {j2store}195|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Our Advice

    Critical Insight

    • Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize the organization’s ability to respond to risk.

    Impact and Result

    • Understand gaps in the organization’s current approach to risk management practices.
    • Establish a standardized approach for how IT risks impact the enterprise as a whole.
    • Drive a risk-aware organization toward innovation and consider alternative options for how to move forward.
    • Integrate IT risks into the foundational risk practice.

    Integrate IT Risk Into Enterprise Risk Research & Tools

    Integrated Risk Management Capstone – A framework for how IT risks can be integrated into your organization’s enterprise risk management program to enable strategic risk-informed decisions.

    This is a capstone blueprint highlighting the benefits of an integrated risk management program that uses risk information and data to inform strategic decision making. Throughout this research you will gain insight into the five core elements of integrating risk through assessing, governing, defining the program, defining the process, and implementing.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Integrate IT Risk Into Enterprise Risk Capstone
    • Integrated Risk Maturity Assessment
    • Risk Register Tool

    Infographic

    Further reading

    Integrate IT Risk Into Enterprise Risk

    Don’t fear IT risks, integrate them.

    EXECUTIVE BRIEF

    Analyst Perspective

    Having siloed risks is risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Petar Hristov Research Director, Security, Privacy, Risk & Compliance.
    Petar Hristov
    Research Director, Security, Privacy, Risk & Compliance
    Photo of Ian Mulholland Research Director, Security, Risk & Compliance.
    Ian Mulholland
    Research Director, Security, Risk & Compliance
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice
    Ibrahim Abdel-Kader
    Research Analyst, CIO Practice

    Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.

    In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.

    When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.

    And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.

    Executive Summary

    Your Challenge

    Most organizations fail to integrate IT risks into enterprise risks:

    • IT risks, when considered, are identified and classified separately from the enterprise-wide perspective.
    • IT is expected to own risks over which they have no authority or oversight.
    • Poor behaviors, such as only considering IT risks when conducting compliance or project due diligence, have been normalized.

    Common Obstacles

    IT leaders have to overcome these obstacles when it comes to integrating risk:

    • Making business leaders aware of, involved in, and able to respond to all enterprise risks.
    • A lack of data or information being used to support a holistic risk management process.
    • A low level of enterprise risk maturity.
    • A lack of risk management capabilities.

    Info-Tech’s Approach

    By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:

    • Understanding gaps in the organization’s current approach to risk management practices.
    • Establishing a standardized approach for how IT risks impact the enterprise as a whole.
    • Driving a risk-aware organization toward innovation and considering alternative options for how to move forward.
    • Helping integrate IT risks into the foundational risk practice.

    Info-Tech Insight

    Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.

    What is integrated risk management?

    • Integrated risk management is the process of ensuring all forms of risk information, including information and technology, are considered and included in the enterprise’s risk management strategy.
    • It removes the siloed approach to classifying risks related to specific departments or areas of the organization, recognizing that each of those risks is a threat to the overarching enterprise.
    • Aggregating the different threats or uncertainty that might exist within an organization allows for informed decisions to be made that align to strategic goals and continue to drive value back to the business.
    • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

    Enterprise Risk Management (ERM)

    • IT
    • Security
    • Digital
    • Vendor/Third Party
    • Other

    Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.

    IT risk is enterprise risk

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Your challenge

    Embedding IT risks into the enterprise risk management program is challenging because:

    • Most organizations classify risks based on the departments or areas of the business where the uncertainty is likely to happen.
    • Unnecessary expectations are placed on the IT department to own risks over which they have no authority or oversight.
    • Risks are often only identified when conducting due diligence for a project or ensuring compliance with regulations and standards.

    Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.

    35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)

    12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)

    Common obstacles

    These barriers make integrating IT risks difficult to address for many organizations:

    • IT risks are not seen as enterprise risks.
    • The organization’s culture toward risk is not defined.
    • The organization’s appetite and threshold for risk are not defined.
    • Each area of the organization has a different method of identifying, assessing, and responding to risk events.
    • Access to reliable and informative data to support risk management is difficult to obtain.
    • Leadership does not see the business value of integrating risk into a single management program.
    • The organization’s attitudes and behaviors toward risk contradict the desired and defined risk culture.
    • Skills, training, and resources to support risk management are lacking, let alone those to support integrated risk management.

    Integrating risks has its challenges

    62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)

    20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in Enterprise Risk Management.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Integrated Risk Mapping — Downside Risk Focus

    A diagram titled 'Risk and Controls' beginning with 'Possible Sources' and a list of sources, 'Control Activities' to prevent, the 'RISK EVENT', 'Recovery Activities' to recover, and 'Possible Repercussions' with a list of ramifications.

    Integrated Risk Mapping — Downside and Upside Risk

    Third-Party Risk Example

    Example of a third-party risk mapped onto the diagram on the previous slide, but with potential upsides mapped out as well. The central risk event is 'Vendor exposes private customer data'. Possible Sources of the downside are 'External Attack' with likelihood prevention method 'Define security standard requirements for vendor assessment' and 'Exfiltration of data through fourth-party staff' with likelihood prevention method 'Ensure data is properly classified'. Possible Sources of the upside are 'Application rationalization' with likelihood optimization method 'Reduce number of applications in environment' and 'Review vendor assessment practices' with likelihood optimization method 'Improve vendor onboarding'. Possible Repercussions on the downside are 'Organization unable to operate in jurisdiction' with impact minimization method 'Engage in-house risk mitigation responses' and 'Fines levied against organization' with impact minimization method 'Report incident to any regulators'. Possible Repercussions on the upside are 'Easier vendor integration and management' with impact utilization method 'Improved vendor onboarding practices' and 'Able to bid on contracts with these requirements' with impact utilization method 'Vendors must provide attestations (e.g. SOC or CMMC)'.

    Insight Summary

    Overarching insight

    Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.

    Govern risk strategically

    Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.

    Assess risk maturity

    Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.

    Manage risk

    It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.

    Implement risk management

    Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.

    Tactical insight

    Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.

    Integrated risk benefits

    IT Benefits

    • IT executives have a responsibility but not accountability when it comes to risk. Ensure the right business stakeholders have awareness and ability to make informed risk decisions.
    • Controls and responses to risks that are within the “IT” realm will be funded and provided with sufficient support from the business.
    • The business respects and values the role of IT in supporting the enterprise risk program, elevating its role into business partner.

    Business Benefits

    • Business executives and boards can make informed responses to the various forms of risk, including those often categorized as “IT risks.”
    • The compounding severity of risks can be formally assessed and ideally quantified to provide insight into how risks’ ramifications can change based on scenarios.
    • Risk-informed decisions can be used to optimize the business and drive it toward adopting innovation as a response to risk events.
    • Get your organization insured against cybersecurity threats at the lowest premiums possible.

    Measure the value of integrating risk

    • Reduce Operating Costs

      • Organizations can reduce their risk operating costs by 20 to 30% by adopting enterprise-wide digital risk initiatives (McKinsey & Company).
    • Increase Cybersecurity Threat Preparedness

      • Increase the organization’s preparedness for cybersecurity threats. 79% of organizations that were impacted by email threats in 2020 were not prepared for the hit (Diligent)
    • Increase Risk Management’s Impact to Drive Strategic Value

      • Currently, only 3% of organizations are extensively using risk management to drive their unique competitive advantage, compared to 35% of companies who do not use it at all (AICPA & NC State Poole College of Management).
    • Reduce Lost Productivity for the Enterprise

      • Among small businesses, 76% are still not considering purchasing cyberinsurance in 2021, despite the fact that ransomware attacks alone cost Canadian businesses $5.1 billion in productivity in 2020 (Insurance Bureau of Canada, 2021).

    “31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)

    Make integrated risk management sustainable

    58%

    Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture)

    70%

    Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk)

    54%

    Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte)

    63%

    Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management)

    Successful adoption of integrated risk management is often associated with these key elements.

    Assessment

    Assess your organization’s method of addressing risk management to determine if integrated risk is possible

    Assessing the organization’s risk maturity

    Mature or not, integrated risk management should be a consideration for all organizations

    The first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information.

    In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information.

    A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go.

    Pie chart titled 'Organizational Risk Management Maturity Assessment Results' showing just under half 'Progressing', a third 'Established', a seventh 'Emerging', and a very small portion 'Leading or Aspirational'.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understand the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Maturity should inform your approach to risk management

    The outcome of the risk maturity assessment should inform how risk management is approached within the organization.

    A row of waves starting light and small and becoming taller and darker in steps. The levels are 'Non-existent', 'Basic', 'Partially Integrated', 'Mostly Integrated', 'Fully Integrated', and 'Optimized'.

    For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.

    However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment

    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization

    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    Collaborate Effectively in Microsoft Teams

    • Buy Link or Shortcode: {j2store}63|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Your organization has adopted Microsoft Teams, but users are not maximizing their use of it.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end users to use Teams creatively.
    • IT must follow best practices for evaluation of new functionality when integrating Microsoft and third-party apps and also communicate changes to end users.
    • Due in part to the frequent addition of new features and lack of communication and training, many organizations don’t know which apps would benefit their users.

    Our Advice

    Critical Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Impact and Result

    Use Info-Tech’s Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases.
    • Prioritize the most important Teams apps and features to support use cases.
    • Implement request process for new Teams apps.
    • Communicate new Teams collaboration functionality.

    Collaborate Effectively in Microsoft Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collaborate Effectively in Microsoft Teams Deck – Maximize the use of your chosen collaboration software solution.

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    • Collaborate Effectively in Microsoft Teams Storyboard

    2. Microsoft Teams End-User Satisfaction Survey – Capture end-user feedback on their collaborative use of Microsoft Teams.

    The survey responses will inform your organization's collaboration use cases for Teams and help you to identify which features and apps to enable.

    • Microsoft Teams End-User Satisfaction Survey

    3. Microsoft Teams Planning Tool – A tool to help prioritize features to implement.

    Use this Excel tool to help you document the organization’s key collaboration use cases and prioritize which Teams apps to implement and encourage adoption on.

    • Microsoft Teams Planning Tool
    [infographic]

    Further reading

    Collaborate Effectively in Microsoft Teams

    Empower your users to explore Teams collaboration beyond the basics.

    Analyst Perspective

    Life after Teams implementation

    You have adopted Teams, implemented it, and painted an early picture for your users on the basics. However, your organization is not yet maximizing its use of Teams' collaboration capabilities. Although web conferencing, channel-based collaboration, and chat are the most obvious ways Teams supports collaboration, users must explore Teams' functionality further to harness the application's full potential.

    You should enable your users to expand their collaboration use cases in Teams, but not at the risk of being flooded with app requests, nor user confusion or dissatisfaction. Instead, develop a process to evaluate and integrate new apps that will benefit the organization. Encourage your users to request new apps that will benefit them, while proactively planning for app integration that users should be alerted to.

    Photo of Emily Sugerman, Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Emily Sugerman
    Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization has adopted Microsoft Teams, but users are not getting the maximum benefit.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while enabling end-user creativity.
    • IT must follow best practices for evaluating new functionality when integrating Microsoft and third-party apps, while communicating changes to end users.
    • Due partly to the frequent addition of new features and lack of communication and training, many organizations don't know which apps would benefit their users.

    Common Obstacles

    • Users are unenthusiastic about exploring Teams further due to negative past experiences, preference for other applications, or indifference.
    • End users are unaware of the available range of features. When they become aware and try to add unapproved or unlicensed apps, they experience the frustration of being declined.
    • Users seek support from IT who are unfamiliar with new Teams features an apps, or with supporting Teams beyond the basics.
    • IT teams have no process to raise end-user awareness of these apps and functionality.

    Info-Tech's Approach

    Use Info-Tech's Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Are your users in a Teams rut?

    Are users failing to maximize their use of Teams to collaborate and get work done?

    Teams can do much more than chat, video conferencing, and document sharing. A fully-deployed Teams also lets users leverage apps and advanced collaboration features.

    However, IT must create a process for evaluating and approving Microsoft and third-party apps, and for communicating changes to end users.

    In the end, IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end-user creativity.

    Third-party app use in Teams is rising:

    “Within Teams, the third-party apps with 10,000 users and above rose nearly 40% year-over-year.”
    Source: UC Today, 2023.

    Collaborate effectively in Microsoft Teams

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    Challenges with Teams collaboration

    • Lack of motivation to explore available features
    • Scattered information
    • Lack of comfort using Teams beyond the basics
    • Blocked apps
    • Overlapping features
    • Confusing permissions

    Empowering Collaboration in Microsoft Teams

    1. Identify current collaboration challenges and use cases in Teams
    2. Create Teams app request workflows
    3. Set up communication hubs in Teams
    4. Empower end users to customize their Teams for effective collaboration

    Solution

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Project deliverables

    Use these tools to develop your plan to enable effective collaboration in Microsoft Teams.

    Key deliverable:

    Microsoft Teams Planning Tool

    An Excel tool for documenting the organization's key collaboration use cases and prioritizing which Teams apps to implement and encourage adoption of.

    Sample of the Microsoft Teams Planning Tool deliverable.

    Additional support:

    Microsoft Teams End-User Satisfaction Survey

    Use or adapt this survey to capture user perception of how effectively Teams supports collaboration needs.

    Sample of the End-user satisfaction survey deliverable.

    Insight Summary

    Key Insight:

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Additional insights:

    Insight 1

    Users can browse the Teams app store and attempt to add unapproved apps, but they may not be able to distinguish between available and blocked apps. To avoid a bad user experience, communicate which apps they can add without additional approval and which they will need to send through an approval process.

    Insight 2

    Teams lets you customize the message users see when they request unapproved apps and/or redirect their request to your own URL. Review this step in the request process to ensure users are seeing the instructions that they need to see.

    Insight 3

    A Teams hub is where users can access a service catalog of approved Teams apps and submit service requests for new ones via the Make a Request button.

    Section 1: Collaborating Effectively in Teams for IT

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    Stop: Do you need the Teams Cookbook?

    If you:

    • are at the Teams implementation stage,
    • require IT best practices for initial governance of Teams creation, or
    • require end-user best practices for basic Teams functionality …

    Consult the Microsoft Teams Cookbook first.

    Understand the Microsoft vision of Teams collaboration

    Does it work for you?

    Microsoft's vision for Teams collaboration is to enable end-user freedom. For example, out of the box, users can create their own teams and channels unless IT restricts this ability.

    Teams is meant to be more than just chats and meetings. Microsoft is pushing Teams app integration so that Teams becomes, essentially, a landing page from which users can centralize their work and org updates.

    In partnership with the business, IT must determine which guardrails are necessary to balance end-user collaboration and creativity with the need for governance and control.

    Why is it difficult to increase the caliber of collaboration in Teams?

    Because collaboration is inherently messy, complex, and creative

    Schubert & Glitsch find that enterprise collaboration systems (such as Teams) have characteristics that reflect the unstructured and creative nature of collaboration. These systems “are designed to support joint work among people in the workplace. . . [They] contain, for the most part, unstructured content such as documents, blogs, or news posts,” and their implementations “are often reported to follow a ‘bottom up' and rather experimental introduction approach.” The open-endedness of the tool requires users to be able to creatively and voluntarily apply it, which in turn requires more enterprise effort to help increase adoption over time through trial and error.

    Source: Procedia Computer Science, 2015

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Activity 1: Identify current challenges

    Input: Team input, Survey results
    Output: List of Teams challenges experienced by the organization
    Materials: Whiteboard (digital or physical)
    Participants: Teams collaboration working group

    First, identify what works and what doesn't for your users in Teams

    • Have users reported any challenges with Teams as their primary means of channel-based collaboration? Run a short survey to capture end-user sentiment on how Teams works for them. This survey can be set up and distributed through Microsoft Forms. Distribute either to the whole organization or a specific focus group. Gather feedback from users on the following: What are the major ways they need to collaborate to do their jobs? What IT-supported tools do they need to support this collaboration? What specific aspects of Teams do they want to better exploit?
    • If you send out transactional surveys on service desk tickets, run a report on Teams-related tickets to identify common complaints.
    • Brainstorm Teams challenges IT has experienced personally or have seen reported – especially difficulties with collaboration.
    • Once you have the data, group the challenges into themes. Are the challenges specifically related to collaboration? Data issues? Support issues? Access issues? Technical issues? Document them in tab 2 of the Microsoft Teams Planning Tool.

    Download the Microsoft Teams End-User Satisfaction Survey template

    Define your organization's key collaboration scenarios

    Next, identify what users need to do in Teams

    The term collaboration scenarios has been proposed to describe the types of collaboration behavior your software – in this case, Teams – must support (Schubert & Glitsch, 2015). A successful implementation of this kind of tool requires that you “identif[y] use cases and collaboration scenarios that best suit a specific company and the people working in it” (Schubert & Glitsch, 2016).

    Teams tends to support the following kinds of collaboration and productivity goals (see list).

    What types of collaboration scenarios arise in the user feedback in the previous activity? What do users most need to do?

    Be proactive: Configure Microsoft Teams to match collaboration scenarios/use cases your users must engage in. This will help prevent an increase in shadow IT, where users attempt to bring in unapproved/unreviewed software that might duplicate your existing service catalog and/or circumvent the proper review and procurement process.

    MS Teams Use Cases

    1. Gather feedback
    2. Collaboratively create content
    3. Improve project & task management
    4. Add media content
    5. Conduct knowledge management
    6. Increase meeting effectiveness
    7. Increase employee engagement
    8. Enhance professional development
    9. Provide or access support
    10. Add third-party apps

    Activity 2: Match your collaboration scenarios to Teams capabilities

    Input: Collaboration scenarios, Teams use cases
    Output: Ranked list of Teams features to implement and/or promote
    Materials: Microsoft Teams Planning Tool
    Participants: Teams collaboration working group

    Which features support the key collaboration use cases?

    1. Using the Microsoft Teams Planning Tool, list your organization's key collaboration scenarios. Draw on the data returned in the previous activity. List them in Tab 2.
    2. See the following slide for the types of collaboration use cases Teams is designed to support. In the planning tool, select use cases that best match your organizational collaboration scenarios.
    3. Dive into more specific features on Tab 3, which are categorized by collaboration use case. Where do users' collaboration needs align with Teams' inherent capabilities? Add lines in Tab C for the third-party apps that you are considering adding to Teams.
    4. In columns B and C of Tab 3, decide and prioritize the candidates for implementation. Review the list of prioritized features on tab 4.

    NB: Microsoft has introduced a Teams Premium offering, with additional capabilities for meetings and webinars (including customized banding, meeting watermarks, and virtual webinar green rooms) and will paywall some features previously available without Premium (live caption translations, meeting data on attendee departure/arrival times) (“What is Microsoft Teams Premium?”, n.d.)

    Download the Microsoft Teams Planning Tool

    MS Teams productivity & collab features

    Teams apps & collaboration features enable the following types of work. When designing collaboration use cases, identify which types of collaboration are necessary, then explore each category in depth.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    The Teams app store

    • The lure of the app store: Your users will encounter a mix of supported and unsupported applications, some of which they can access, some for which you have no licenses, some built by your organization, some built by Microsoft or third parties. However, the distinction between these categories may not be immediately apparent to users. Microsoft does not remove blocked apps from users' view.
    • Users may attempt to add unsupported apps and then receive error messages or prompts to send a request through Teams to IT for approval.
    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that can provide value.
    • However, their third-party status introduces another set of complications.
    • Attempting to add third-party apps may expose users to sales pitches and encourage the implementation of shadow IT, circumventing the IT request process.

    Info-Tech Insight

    Users can browse and attempt to add unapproved apps in the Teams app store, but they may have difficulty distinguishing between available and blocked apps. To avoid a bad user experience, communicate to your users which apps they can add without additional approval, and which must be sent through an approval process.

    Decide how you will evaluate requests for new Teams apps

    • As you encourage users to explore and fully utilize Teams, you may see increased requests for admin approval for apps you do not currently support.
    • To prevent disorganized response and user dissatisfaction, build out a workflow for handling new/unapproved Teams app requests. Ensure the workflow accounts for Microsoft and third-party apps.
    • What must you consider when integrating third-party tools? You must have control over what users may add. These requests should follow, or build upon, your existing process for non-standard requests, including a process for communicating the change.
    • Track the fulfillment time for Teams app requests. The longer the user must wait for a response, the more their satisfaction will decline.

    icrosoft suggests that you regularly review the app usage report in the Teams admin center as “a signal about the demand for an app within your organization.” This will help you proactively determine which apps to evaluate for approval.

    Build request workflow for unsupported Teams apps

    What are the key steps?

    1. Request comes in
    2. Review by a technical review team
    3. Review by service desk or business analyst
    4. Additional operational technical reviews if necessary
    5. Procurement and installation
    6. Communication of result to requester
    7. App added to the catalog so it can be used by others

    Example workflow of a 'Non-Standard Software Request Process'.

    Info-Tech Insight

    Teams allows you to customize the message users see when they request an unapproved app and/or redirect their request to your own URL. Review this step in the request process to ensure your users are seeing the instructions that they need to see.

    Download the Service Request Workflow library

    Incorporate new approved service requests into a service request catalog

    Follow the process in Reduce Shadow IT With a Service Request Catalog to build out a robust request management process and service catalog to continuously incorporate new non-standard requests and advertise new Teams apps:

    • Design the service
    • Design the catalog
    • Build the catalog
    • Market the service

    Sample of the 'Reduce Shadow IT With a Service Request Catalog' blueprint.

    Add a company hub to Teams

    Use Teams to help users access the company intranet for organizational information that is relevant to their roles.

    This can be done in two ways:

    1. By adding a SharePoint home site to Teams.
    2. By leveraging Viva Connections: A hub to access other apps and Viva services. The user sees a personalized dashboard, feed, and resources.

    Venn diagram with two circles 'Viva Connections - App-based employee experience where individuals get their work done' and 'Home Sites - Portal that features organizational news, events, and supplemental resources'. The overlapping middle has a list: 'News, Shared navigation, Integrates with M365, Developer platforms & management, Audience targeting, Web parts, Permissions'. (Venn diagram recreated from Microsoft Learn, 2023.)

    Info-Tech Insight

    The hub is where users can access a service catalog of approved Teams apps and submit service requests for a new one via a Make a Request button.

    Communicate changes to Teams

    Let end users know what's available and how to add new productivity tools.

    Where will users find approved Teams apps? How will you inform people about what's available? Once a new app is available, how is this communicated?

    Options:

    • Communicate new Teams features in high-visibility places (e.g. the Hub).
    • Leverage the Power Apps Bulletins app in Teams to communicate regular announcements about new features.
    • Create a company-wide Team with a channel called “What's New in Teams.” Post updates on new features and integrations, and link to more detailed knowledgebase articles on how to use the new features.
    • Aim for the sweet spot of communication frequency: not too much nor too little.

    Measure your success

    Determine how you will evaluate the success of your efforts to improve the Teams collaboration experience

    Improved satisfaction with Teams: Increased net promoter score (NPS)

    Utilization of features: Increased daily average users on key features, apps, integrations

    Timeliness: % of SLAs met for service request fulfillment

    Improved communication to end users about Teams' functionality: Satisfaction with knowledgebase articles on Teams

    Satisfaction with communication from IT

    Section 2: Collaborating Effectively in Teams for End Users

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    For IT: Use this section to help users understand Teams collaboration features

    Share the collateral in this section with your users to support their deeper exploration of Teams collaboration.

    • Use the Microsoft Teams Planning Tool to prepare a simple service catalog of the features and apps available to your users.
    • Edit Tab 2 (MS Teams Collab Features & Apps) by deleting the blocked apps/features.
    • Share this document with your users by linking to it via this image on the following slides:
    Sample of the Microsoft Teams Planning Tool deliverable.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    End-user customization of Teams

    Consider how you want to set up your Teams view. Add the apps you already use to have them at your fingertips in Teams.

    You can . . .

    1. Customize your navigation bar by pinning your preferred apps and working with them within Teams (Microsoft calls these personal apps).
    2. Customize your message bar by adding the app extensions you find most useful. Screenshot of the message bar with the 3-dot highlighted.
    3. Customize chats and Teams by adding tabs with content your group needs frequent access to. Screenshot of MS Teams tabs with the plus sign highlighted.
    4. Set up connectors to send notifications from apps to a Team and bots to answer questions and automate simple tasks. Screenshot of the 'Set up a connector' button.

    Learn more from Microsoft here

    MS Teams productivity & collab features

    The Apps catalog includes a range of apps that users may add to channels, chat, or the navigation bar. Teams also possesses other collaboration features that may be underused in your organization.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    Samples of four features: 'Prioritize with a voting table', 'Launch a live meeting poll', 'Launch a survey', and 'Request an update'.

    Download the Microsoft Teams Collaboration Tool for an expanded list of features & apps

    Use integrated Teams features to gather feedback and provide updates

    • Vote: Create a list of items for teams to brainstorm pros and cons, and then tabulate votes on. This component can be edited inline by anyone with whom the component is shared. The edits will sync anywhere the component is shared.
    • Meeting polls: Capture instant feedback from teams, chat, and call participants. Participant anonymity can be set by the poll organizer. Results can be exported.
    • Create surveys and quizzes and share the results. Results can be exported.
    • Create, track, and review updates and progress reports from teams and individuals.

    Collaboratively create content

    Samples of four features: 'Add Office suite docs', 'Brainstorm in Whiteboard', 'Add Loop components', and 'Take notes in OneNote'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use integrated Teams features composed as a group, with live-synced changes

    • Microsoft Office documents: Add/upload files to a chat or channel discussion. Find them again in the Files tab or add the file itself as a tab to a chat or channel and edit it within Teams.
    • Brainstorm with the Whiteboard application. Add a whiteboard to a tab or to a meeting.
    • Add Loop components to a chat: Create a list, checklist, paragraph, or table that can be edited in real time by anyone in the chat.
    • Add OneNote to a chat or channel tab or use during a meeting to take notes. Pin OneNote to your app bar if it's one of your most frequently-used apps.

    Improve project & task management

    Samples of four features: 'Request approvals and updates', 'Add & track tasks', 'Create a personal notespace', and 'Manage workflows'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Keep track of projects and tasks

    • Use the Approvals and Update apps to create, track, and respond to requests for approvals and progress reports within Teams.
    • Use Tasks by Planner & To Do to track both individual and team tasks. Pin the Tasks app to the app bar, add a plan as a tab to a Team, and turn any Teams message into a task by right-clicking on it.
    • Start a chat with yourself to maintain a private space to jot down quick notes.
    • Add Lists to a Teams channel.
    • Explore automation: Add pre-built Teams workflows from the Workflows app, or build new ones in PowerAutomate
    • IT teams may leverage Teams apps like Azure Boards, Pipelines, Repos, AD notifications, and GitHub.

    Add media content

    Samples of four features: 'Share news stories', 'Share YouTube videos', 'Share Stream content', and 'Add RSS feeds'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Enrich Teams conversations with media, and keep a library of video resources

    • Search for and add specific news stories to a chat or channel. See recent news stories in search.
    • Search, share, and watch YouTube videos.
    • Share video links from Microsoft Stream.
    • Add RSS feeds.

    Knowledge management

    Samples of four features: 'SharePoint Pages', 'SharePoint document library', 'SharePoint News', and 'Who'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Pull together document libraries and make information easier to find

    • Add a page from an existing SharePoint site to a Team as a tab.
    • Add a SharePoint document library to a Team as a tab.
    • Search names of members of your organization to learn about their role, place in the organizational structure, and contact information.

    Increase meeting effectiveness

    Samples of four features: 'Take meeting notes', 'Set up a Q&A', 'Use live captions', and 'Record and transcribe meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Facilitate interactions and document meeting outcomes

    • Take simple notes during a meeting.
    • Start conversations and ask and answer questions in a dedicated Q&A space during the Teams meeting.
    • Turn on live captions during the meeting.
    • Record a meeting and automatically generate a transcript of the meeting.
    • Assign attendees to breakout rooms.
    • Track the effectiveness of the meeting by producing an attendance report with the number of attendees, the meeting start/end time, a list of the attendees, and participation in activities.

    Increase employee engagement

    Samples of four features: 'Send praise', 'Build an avatar', 'Add video effects', and 'Play games during meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use features that enhance social interaction among Teams users

    • Send supportive comments to colleagues using Praise.
    • Build out digital avatars to toggle on during meetings instead of your own video.
    • Apply different visual effects, filters, and backgrounds to your screen during meetings.
    • Games for Work: Launch icebreaker games during a meeting.
    • Translate a Teams message from another language to your default language.
    • Send emojis, GIFs, and stickers in messages or as reactions to others' messages. You can also send reactions live during meetings to increase meeting engagement.

    Enhance professional development

    Samples of four features: 'Launch Viva Learning', 'Turn on Speaker Coach', 'Viva Insights', and 'Viva Goals'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Connect with learning resources and apply data-driven feedback based on Teams usage

    • Add learning materials from various course catalogs in Viva Learning.
    • Speaker Coach: Receive AI feedback on your performance as a speaker during a meeting.
    • Receive automatically generated insights and suggestions from Viva Insights on work habits and time allocation to different work activities.
    • Viva Goals: Track organizational "objectives and key results"/manage organizational goals

    Provide or access support

    Samples of four features: 'Access MS Support', 'Manage Teams & M365', 'Deploy power virtual agents', and 'Consult MS resource center'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    IT and user-facing resources for accessing or providing support

    • Admin: Carry out simple Teams management tasks (for IT).
    • Power Virtual Agents: Build out chatbots to answer user questions (can be built by IT and end users for their customers).
    • Resource Center: A combination of pre-built Microsoft resources (tips, templates) with resources provided by organizational IT.
    • Support: Access Microsoft self-serve knowledgebase articles (for IT).

    Add third-party apps

    Understand the availability/restrictions of the built-in Teams app catalog

    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that may provide value.
    • However, being able to view an app in the app store does not necessarily mean it's supported or licensed by your organization.
    • Teams will allow users to request access to apps, which will then be evaluated by your IT support team. Follow your service desk's recommended request process for requesting and justifying the addition of a new Teams app that is not currently supported.
    • Before making the request, investigate existing Teams features to determine if the functionality is already available.

    Research contributors

    Mike Cavanagh
    Global Service Desk Manager
    Clearwater Seafoods LP

    Info-Tech contributors:

    Benedict Chang, Senior Advisory Analyst

    John Donovan, Principal Research Director

    Allison Kinnaird, Practice Lead

    P.J. Ryan, Research Director

    Natalie Sansone, Research Director

    Christine West, Managing Partner

    Related Info-Tech Research

    Sample of the 'Reduce Shadow IT with a Service Request Catalog' blueprint.

    Reduce Shadow IT With a Service Request Catalog

    Foster business relationships through sourcing-as-a-service. There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Sample of the 'Microsoft Teams Cookbook' blueprint.

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Teams. Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with M365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Sample of the 'Govern Office 365 (M365)' blueprint.

    Govern Office 365

    You bought it. Use it right. Map your organizational goals to the administration features available in the Office 365/M365 console. Your governance should reflect your requirements.

    Bibliography

    Mehta, Tejas. “The Home Site App for Microsoft Teams.” Microsoft Community Hub. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/the-home-site-app-for-microsoft-teams/ba-p/1714255.

    Overview: Viva Connections. 7 Mar. 2023, https://learn.microsoft.com/en-us/viva/connections/viva-connections-overview.

    Rogers, Laura. “SharePoint Home Site in Teams.” Wonderlaura, 24 Jun 2021. https://wonderlaura.com/2021/06/24/sharepoint-home...

    Schubert, Petra, and Johannes H. Glitsch. “Adding Structure to Enterprise Collaboration Systems: Identification of Use Cases and Collaboration Scenarios.” Procedia Computer Science, vol. 64, Jan. 2015, pp. 161–69. ScienceDirect, https://doi.org/10.1016/j.procs.2015.08.477.

    Schubert, Petra, and Johannes Glitsch. “Use Cases and Collaboration Scenarios: How Employees Use Socially-Enabled Enterprise Collaboration Systems (ECS).” International Journal of Information Systems and Project Management, vol. 4, no. 2, Jan. 2016, pp. 41–62.

    Thompson, Mark. “User Requests for Blocked Apps in the Teams Store.” Supersimple365, 5 Apr 2022, https://supersimple365.com/user-requests-for-apps-...

    “What is Microsoft Teams Premium?” Breakwater IT, n.d., https://breakwaterit.co.uk/guides/microsoft-teams-...

    Wills, Jonny. “Microsoft Teams Monthly Users Hits 280 Million.” UC Today, 25 Jan. 2023, https://www.uctoday.com/unified-communications/microsoft-teams-monthly-users-hits-280-million/.

    Document Business Goals and Capabilities for Your IT Strategy

    • Buy Link or Shortcode: {j2store}77|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a strategic driver, IT needs to work with the business. Yet, traditionally IT has not worked hand-in-hand with the business. IT does not know what information it needs from the business to execute on its initiatives.
    • A faster time to new investment decisions mean that IT needs a repeatable and efficient process to understand what the business needs.
    • CIOs must execute strategic initiatives to create an IT function that can support the business. Most CIOs fail because of low business support.

    Our Advice

    Critical Insight

    • Understanding the business context is a must for all strategic IT initiatives. At its core, each strategic IT project requires answers to a specific set of questions regarding the business.
    • An effective CIO understands which part of the business context applies to which strategic IT project and, in turn, what questions to ask to uncover those insights.

    Impact and Result

    • Uncover what IT knows and needs to know about the business context. This is a necessary first step to begin each of Info-Tech’s strategic IT initiatives, which any CIO should complete.
    • Conduct efficient and repeatable business context discovery activities to uncover business context gaps.
    • Document the business context you have uncovered and streamline the process for executing on Info-Tech’s strategic CIO blueprints.

    Document Business Goals and Capabilities for Your IT Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define the business context, review Info-Tech’s methodology, and understand how we can support you in completing key CIO strategic initiatives.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and document the business needs of the organization

    Define the business context needed to complete strategic IT initiatives.

    • Document Business Goals and Capabilities for Your IT Strategy – Storyboard
    • Business Context Discovery Tool
    • Business Context Discovery Record Template
    • PESTLE Analysis Template
    • Strategy Alignment Map Template
    [infographic]

    Workshop: Document Business Goals and Capabilities for Your IT Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Missing Business Context (pre-work)

    The Purpose

    Conduct analysis and facilitate discussions to uncover business needs for IT.

    Key Benefits Achieved

    A baseline understanding of what business needs mean for IT

    Activities

    1.1 Define the strategic CIO initiatives our organization will pursue.

    1.2 Complete the Business Context Discovery Tool.

    1.3 Schedule relevant interviews.

    1.4 Select relevant Info-Tech diagnostics to conduct.

    Outputs

    Business context scope

    Completed Business Context Discovery Tool

    Completed Info-Tech diagnostics

    2 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    2.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    3 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    3.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    4 Review Business Context and Next Steps

    The Purpose

    Review findings and implications for IT’s strategic initiative.

    Key Benefits Achieved

    A thorough understanding of business needs and how IT’s strategic initiatives addresses those needs

    Activities

    4.1 Review documented business context with IT team.

    4.2 Discuss next steps for strategic CIO initiative execution.

    Outputs

    Finalized version of the business context

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often considered the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls to protect the organization.

    Impact and Result

    • After this blueprint, you will have created a full vulnerability management program that allows you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach allows you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Implement Risk-Based Vulnerability Management – Phases 1-4

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

     

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group. Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

      Mitigate the risk surface by reducing the time across the phases › Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

      Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.) Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

      Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

      Plan risk mitigation strategy › Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint. Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint. Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    Phase Measured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resources Phase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

      Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'. Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities. For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP Template Sample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scanned How to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP Template Sample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to ask Description
    Is there a hard-dollar impact from downtime? This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust? If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor? Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk? Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company: Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect. Arrow pointing right. Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

     
    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposure Reduction of overall risk due to vulnerabilities Decrease in vulnerabilities Track the number of vulnerabilities year after year.
    Appropriate allocation of time and resources Proper prioritization of vulnerability mitigation activities Decrease of critical and high vulnerabilities Track the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the business Minimize risk when vulnerabilities are detected Remediate vulnerabilities more quickly Mean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning tool Minimize the ratio, indicating that the tool sees everything Ratio between known assets and what the scanner tracks Scanner coverage compared to known assets in the organization.
    Having effective tools to track and address Accuracy of the scanning tool Difference or ratio between reported vulnerabilities and verified ones Number of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposure Visibility into persistent vulnerabilities and risk mitigation measures Number of exceptions granted Number of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool. When you add an exploitation tool to the mix, you move down the spectrum. Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment Options Do you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database Coverage Scanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning Method Evaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    Integration What is the breadth of other security and non-security technologies the tool can integrate with?
    Remediation How detailed are the recommended remediation actions? The more granular, the better.
     

    Differentiator

    Description

    Prioritization Does the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform Support What is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    Pricing As with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-Premises Either an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    Cloud Either hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    Managed A third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based Scanning Locally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active Scanning Tool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active Scanning Scanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive Scanning Scanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Mandate Data Valuation Before It’s Mandated

    • Buy Link or Shortcode: {j2store}121|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data can be valuable if used properly or dangerous when mishandled.
    • The organization needs to understand the value of their data before they can establish proper data management practice.
    • Data is not considered a capital asset unless there is a financial transaction (e.g. buying or selling data assets).
    • Data valuation is not easy, and it costs money to collect, store, and maintain data.

    Our Advice

    Critical Insight

    • Data always outlives people, processes, and technology. They all come and go, while data remains.
    • Oil is a limited resource, data is not. Contrary to oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.
    • Data is beyond currency, assets, or commodities and needs to be a category of its own.

    Impact and Result

    • Every organization must calculate the value of their data. This will enable organizations to become truly data-driven.
    • Too much time has been spent arguing different methods of valuation. An organization must settle on valuation that is acceptable to all its stakeholders.
    • Align data governance and data management to data valuation. Often organizations struggle to justify data initiatives due to lack of visibility in data valuation.
    • Establish appropriate roles and responsibilities and ensure alignment to a common set of goals as a foundation to get the most accurate future data valuation for your organization.
    • Assess organization data assets and implementation roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the higher maturity of data assets.

    Mandate Data Valuation Before It’s Mandated Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the value associated with the organization's data. Review Info-Tech’s methodology for assessing data value and justifying your data initiatives with a value proposition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify data valuation

    Understand the benefits of data valuation.

    • Mandate Data Valuation Before It’s Mandated – Phase 1: Demystify Data Valuation

    2. Data value chain

    Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.

    • Mandate Data Valuation Before It’s Mandated – Phase 2: Data Value Chain

    3. Data value assessment

    Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.

    • Mandate Data Valuation Before It’s Mandated – Phase 3: Data Value Assessment
    [infographic]

    Workshop: Mandate Data Valuation Before It’s Mandated

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Value of Data Valuation

    The Purpose

    Explain data valuation approach and value proposition.

    Key Benefits Achieved

    A clear understanding and case for data valuation.

    Activities

    1.1 Review common business data sources and how the organization will benefit from data valuation assessment.

    1.2 Understand Info-Tech’s data valuation framework.

    Outputs

    Organization data valuation priorities

    2 Capture Organization Data Value Chain

    The Purpose

    Capture data sources and data collection methods.

    Key Benefits Achieved

    A clear understanding of the data value chain.

    Activities

    2.1 Assess data sources and data collection methods.

    2.2 Understand key insights and value proposition.

    2.3 Capture data value chain.

    Outputs

    Data Valuation Tool

    3 Data Valuation Framework

    The Purpose

    Leverage the data valuation framework.

    Key Benefits Achieved

    Capture key data valuation dimensions and align with data value chain.

    Activities

    3.1 Introduce data valuation framework.

    3.2 Discuss key data valuation dimensions.

    3.3 Align data value dimension to data value chain.

    Outputs

    Data Valuation Tool

    4 Plan for Continuous Improvement

    The Purpose

    Improve organization’s data value.

    Key Benefits Achieved

    Continue to improve data value.

    Activities

    4.1 Capture data valuation metrics.

    4.2 Define data valuation for continuous monitoring.

    4.3 Create a communication plan.

    4.4 Define a plan for continuous improvements.

    Outputs

    Data valuation metrics

    Data Valuation Communication Plan

    Transform Your Field Technical Support Services

    • Buy Link or Shortcode: {j2store}112|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    Our Advice

    Critical Insight

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Impact and Result

    • Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model.
    • Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team.
    • With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    Transform Your Field Technical Support Services Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transform Field Services Guide – A brief deck that outlines key migration steps to improve our remote client support services.

    This blueprint will help you:

    • Transform Your Field Technical Services Storyboard

    2. Transform Field Services Template – A template to create a transformation proposal.

    This template will help you to build your proposal to transform your field services.

    • Proposal to Transform Field Technical Services Template
    [infographic]

    Further reading

    Transform Your Field Technical Support Services

    Improve service and reduce costs through digital transformation.

    Analyst Perspective

    Improve staffing challenges through digital transformation.

    Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

    The image contains a picture of Sandi Conrad.

    Sandi Conrad

    Principal Research Director

    Infrastructure & Operations Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

    Common Obstacles

    Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

    Info-Tech’s Approach

    • Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
    • Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
    • Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

    Info-Tech Insight

    Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
    • Redefine the role of onsite technicians when the help desk is outsourced.
    • Define requirements when supplementing with outsourced field services teams.
    • Identify barriers to streamlining processes.
    • Look for opportunities to streamline processes and better use technical teams.
    • Communicate and manage change to support roles.

    With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

    What is field services?

    Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

    The image contains a diagram to demonstrate what may be supported by field services and what should be supported by field services.

    What challenges are you trying to solve within your field services offering?

    Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

    • Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
    • Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
    • What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
    • Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
    • Has the support value been defined?
    The image contains a graph to demonstrate Case Casuals in Field Services, where the highest at 55% is break/fix.

    Field services will see the biggest improvements through technology updates

    Customer Intake

    Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.

    The image contains a picture to demonstrate the different field services.

    Triage and Troubleshoot

    Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.

    Improve Communications

    FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.

    Schedule Technicians

    Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.

    Enable Work From Anywhere

    FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.

    Manage Expectations

    Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

    Digital transformation can dramatically improve customer and technician experience

    The image contains an arrown that dips and rises dramatically to demonstrate how digital transformation can dramatically increase customer and technician experience.
    Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

    Improve technician utilization and scheduling with field services management software

    Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

    FSM solutions are designed to manage large teams of technicians, providing automated dispatch recommendations based on skills matching and proximity.

    Routes can be mapped to reduce travel time and mileage and adjusted to respond to emergency requests by technician skills or proximity. Automation will provide suggestions for work allocation.

    Spare parts management may be part of a field services solution, enabling technicians to easily identify parts needed and update real-time inventory as parts are deployed.

    Push notifications in real-time streamline communications from the field to the office, and enable technicians to close service records while in the field.

    Dispatchers can easily view availability, assign work orders, attach notes to work orders, and immediately receive updates if technicians acknowledge or reject a job.

    Maintenance work can be built into online checklists and forms to provide a technician with step-by-step instructions and to ensure a complete review.

    Skills and location-based routing allow dispatchers to be able to see closest tech for emergency deployments.

    Improve time to resolve while cutting costs by using visual remote support tools

    Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

    Visual remote tools can provide secure connections through any smartphone, with no need for the client to install an application.

    The technicians can take control of the camera to zoom in, turn on the flashlight for extra lighting, take photos, and save video directly to the tickets.

    Optical character recognition allows automatic text capture to streamline process to check warranty, recalls, and asset history.

    Visual, interactive workflows enhance break/fix and inspections, providing step-by-step guidance visual evidence and using AI and augmented reality to assess the images, and can provide next steps by connecting to a visual knowledgebase.

    Integration with field service management tools will allow information to easily be captured and uploaded immediately into the service record.

    Self-serve is available through many of these tools, providing step-by-step instructions using visual cues. These solutions are designed to work in low-bandwidth environments, using Wi-Fi or cellular service, and sessions can be started with a simple link sent through SMS.

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact: 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    Build an ERP Strategy and Roadmap

    • Buy Link or Shortcode: {j2store}585|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $76,462 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Enterprise Resource Planning
    • Parent Category Link: /enterprise-resource-planning
    • Organizations often do not know where to start with an ERP project.
    • They focus on tactically selecting and implementing the technology.
    • ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Our Advice

    Critical Insight

    • An ERP strategy is an ongoing communication tool for the business.
    • Accountability for ERP success is shared between IT and the business.
    • An actionable roadmap provides a clear path to benefits realization.

    Impact and Result

    • Align the ERP strategy and roadmap with business priorities, securing buy-in from the business for the program.
    • Identification of gaps, needs, and opportunities in relation to business processes; ensuring the most critical areas are addressed.
    • Assess alternatives for the critical path(s) most relevant to your organization’s direction.

    Build an ERP Strategy and Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an ERP Strategy and Roadmap – A comprehensive guide to align business and IT on what the organization needs from their ERP.

    A business-led, top-management-supported initiative partnered with IT has the greatest chance of success.

  • Aligning and prioritizing key business and technology drivers.
  • Clearly defining what is in and out of scope for the project.
  • Getting a clear picture of how the business process and underlying applications support the business strategic priorities.
  • Pulling it all together into an actionable roadmap.
    • Build an ERP Strategy and Roadmap – Phases 1-4
    • ERP Strategy Report Template
    [infographic]

    Workshop: Build an ERP Strategy and Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Introduction to ERP

    The Purpose

    To build understanding and alignment between business and IT on what an ERP is and the goals for the project

    Key Benefits Achieved

    Clear understanding of how the ERP supports the organizational goals

    What business processes the ERP will be supporting

    An initial understanding of the effort involved

    Activities

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Outputs

    ERP strategy model

    ERP Operating model

    2 Build the ERP operation model

    The Purpose

    Generate an understanding of the business processes, challenges, and application portfolio currently supporting the organization.

    Key Benefits Achieved

    An understanding of the application portfolio supporting the business

    Detailed understanding of the business operating processes and pain points

    Activities

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Outputs

    Application portfolio

    Mega-processes with level 1 process lists

    3 Project set up

    The Purpose

    A project of this size has multiple stakeholders and may have competing priorities. This section maps those stakeholders and identifies their possible conflicting priorities.

    Key Benefits Achieved

    A prioritized list of ERP mega-processes based on process rigor and strategic importance

    An understanding of stakeholders and competing priorities

    Initial compilation of the risks the organization will face with the project to begin early mitigation

    Activities

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    Outputs

    Prioritized ERP operating model

    Stakeholder map.

    Competing priorities list.

    Initial risk register.

    4 Roadmap and presentation review

    The Purpose

    Select a future state and build the initial roadmap to set expectations and accountabilities.

    Key Benefits Achieved

    Identification of the future state

    Initial roadmap with expectations on accountability and timelines

    Activities

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Outputs

    Future state options

    Initiative roadmap

    Draft final deliverable

    Further reading

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    Table of Contents

    Analyst Perspective

    Phase 3: Plan Your Project

    Executive Summary

    Step 3.1: Stakeholders, risk, and value

    Phase 1: Build Alignment and Scope

    Step 3.2: Project set up

    Step 1.1: Aligning Business and IT

    Phase 4: Next Steps

    Step 1.2: Scope and Priorities

    Step 4.1: Build your roadmap

    Phase 2: Define Your ERP

    Step 4.2: Wrap up and present

    Step 2.1: ERP business model

    Summary of Accomplishment

    Step 2.2: ERP processes and supporting applications

    Research Contributors

    Step 2.3: Process pains, opportunities, and maturity

    Related Info-Tech Research

    Bibliography

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    EXECUTIVE BRIEF

    Analyst Perspective

    A foundational ERP strategy is critical to decision making.

    Photo of Robert Fayle, Research Director, Enterprise Applications, Info-Tech Research Group.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business

    ERP systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the ERP system.

    Robert Fayle
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations often do not know where to start with an ERP project. They focus on tactically selecting and implementing the technology but ignore the strategic foundation that sets the ERP system up for success. ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Common Obstacles

    ERP projects impact the entire organization – they are not limited to just financial and operating metrics. The disruption is felt during both implementation and in the production environment.

    Missteps early on can cost time, financial resources, and careers. Roughly 55% of ERP projects reported being over budget, and two-thirds of organizations implementing ERP realized less than half of their anticipated benefits.

    Info-Tech’s Approach

    Obtain organizational buy-in and secure top management support. Set clear expectations, guiding principles, and critical success factors.

    Build an ERP operating model/business model that identifies process boundaries, scope, and prioritizes requirements. Assess stakeholder involvement, change impact, risks, and opportunities.

    Understand the alternatives your organization can choose for the future state of ERP. Develop an actionable roadmap and meaningful KPIs that directly align with your strategic goals.

    Info-Tech Insight

    Accountability for ERP success is shared between IT and the business. There is no single owner of an ERP. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.

    Insight summary

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    A measured and strategic approach to change will help mitigate many of the risks associated with ERP projects, which will avoid the chances of these changes becoming the dreaded “career killers.”

    A business led, top management supported initiative partnered with IT has the greatest chance of success.

    • A properly scoped ERP project reduces churn and provides all parts of the business with clarity.
    • This blueprint provides the business and IT the methodology to get the right level of detail for the business processes that the ERP supports so you can avoid getting lost in the details.
    • Build a successful ERP Strategy and roadmap by:
      • Aligning and prioritizing key business and technology drivers.
      • Clearly defining what is in and out of scope for the project.
      • Providing a clear picture of how the business process and underlying applications support the business strategic priorities.
      • Pulling it all together into an actionable roadmap.

    Enterprise Resource Planning (ERP)

    What is ERP?

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    A diagram visualizing the many aspects of ERP and the categories they fall under. Highlighted as 'Supply Chain Management' are 'Supply Chain: Procure to Pay' and 'Distribution: Forecast to Delivery'. Highlighted as 'Customer Relationship Management' are 'Sales: Quote to Cash', 'CRM: Market to Order', and 'Customer Service: Issue to Resolution'.

    ERP use cases:

    • Product-Centric
      Suitable for organizations that manufacture, assemble, distribute, or manage material goods.
    • Service-Centric
      Suitable for organizations that provide and manage field services and/or professional services.

    ERP by the numbers

    50-70%
    Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70%. Taking the low end of those analyst reports, one in two ERP projects is considered a failure. (Source: Saxena and Mcdonagh)

    85%
    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin. (Source: Gallup)

    40%
    Nearly 40% of companies said functionality was the key driver for the adoption of a new ERP. (Source: Gheorghiu)

    ERP dissatisfaction

    Drivers of Dissatisfaction
    Business
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    Data
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    People and teams
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    Technology
    • Systems integration
    • Multi-channel complexity
    • Capability shortfall
    • Lack of product support

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Info-Tech’s methodology for developing a foundational ERP strategy and roadmap

    1. Build alignment and scope 2. Define your ERP 3. Plan your project 4. Next Steps
    Phase Steps
    1. Aligning business and IT
    2. Scope and priorities
    1. ERP Business Model
    2. ERP processes and supporting applications
    3. Process pains, opportunities & maturity
    1. Stakeholders, risk & value
    2. Project set up
    1. Build your roadmap
    2. Wrap up and present
    Phase Outcomes Discuss organizational goals and how to advance those using the ERP system. Establish the scope of the project and ensure that business and IT are aligned on project priorities. Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes. Generate a list of applications that support the identified processes. Conclude with a complete view of the mega-processes and their sub-processes. Map out your stakeholders to evaluate their impact on the project, build an initial risk register and discuss group alignment. Conclude the phase by setting the initial core project team and their accountabilities to the project. Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution. Build a communication plan as part of organizational change management, which includes the stakeholder presentation.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample of the Key Deliverable 'ERP Strategy Report'.

    ERP Strategy Report

    Complete an assessment of processes, prioritization, and pain points, and create an initiative roadmap.

    Samples of blueprint deliverables related to 'ERP Strategy Report'.

    ERP Business Model
    Align your business and technology goals and objectives in the current environment.
    Sample of the 'ERP Business Model' blueprint deliverable.
    ERP Operating Model
    Identify and prioritize your ERP top-level processes.
    Sample of the 'ERP Operating Model' blueprint deliverable.
    ERP Process Prioritization
    Assess ERP processes against the axes of rigor and strategic importance.
    Sample of the 'ERP Process Prioritization' blueprint deliverable.
    ERP Strategy Roadmap
    A data-driven roadmap of how to address the ERP pain points and opportunities.
    Sample of the 'ERP Strategy Roadmap' blueprint deliverable.

    Executive Brief Case Study

    INDUSTRY: Aerospace
    SOURCE: Panorama, 2021

    Aerospace organization assesses ERP future state from opportunities, needs, and pain points

    Challenge

    Several issues plagued the aerospace and defense organization. Many of the processes were ad hoc and did not use the system in place, often relying on Excel. The organization had a very large pain point stemming from its lack of business process standardization and oversight. The biggest gap, however, was from the under-utilization of the ERP software.

    Solution

    By assessing the usage of the system by employees and identifying key workarounds, the gaps quickly became apparent. After assessing the organization’s current state and generating recommendations from the gaps, it realized the steps needed to achieve its desired future state. The analysis of the pain points generated various needs and opportunities that allowed the organization to present and discuss its key findings with executive leadership to set milestones for the project.

    Results

    The overall assessment led the organization to the conclusion that in order to achieve its desired future state and maximize ROI from its ERP, the organization must address the internal issues prior to implementing the upgraded software.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Phase 1

    • Call #1: Scoping call to understand the current situation.
    • Call #2: Establish business & IT alignment and project scope.

    Phase 2

    • Call #3: Discuss the ERP Strategy business model and mega-processes.
    • Call #4: Begin the drill down on the level 1 processes.

    Phase 3

    • Call #5: Establish the stakeholder map and project risks.
    • Call #6: Discuss project setup including stakeholder commitment and accountability.

    Phase 4

    • Call #7: Discuss resolution paths and build initial roadmap.
    • Call #8: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Introduction to ERP

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Build the ERP operating model

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Project set up

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    3.5 Workshop retrospective

    Roadmap and presentation review

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Next Steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. ERP strategy model
    2. ERP operating model
    1. Application portfolio
    2. Mega-processes with level 1 process lists
    1. Prioritized ERP operating model
    2. Stakeholder map
    3. Competing priorities list
    4. Initial risk register
    1. Future state options
    2. Initiative roadmap
    3. Draft final deliverable
    1. Completed ERP strategy template
    2. ERP strategy roadmap

    Build an ERP Strategy and Roadmap

    Phase 1

    Build alignment and scope

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    Build a common language to ensure clear understanding of the organizational needs. Define a vision and guiding principles to aid in decision making and enumerate how the ERP supports achievement of the organizational goals. Define the initial scope of the ERP project. This includes the discussion of what is not in scope.

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Create a compelling case that addresses strategic business objectives

    When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.

    When faced with a challenge, prepare for the WHY.

    • Why do we need this?
    • Why are we spending all this money?
    • Why are we bothering?
    • Why is this important?
    • Why did we do it this way?
    • Why did we choose this vendor?

    Most organizations can answer “What?”
    Some organizations can answer “How?”
    Very few organizations have an answer for “Why?”

    Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.

    Step 1.1

    Aligning business and IT

    Activities
    • 1.1.1 Build a glossary
    • 1.1.2 ERP Vision and guiding principles
    • 1.1.3 Corporate goals and ERP benefits

    This step will walk you through the following activities:

    • Building a common language to ensure a clear understanding of the organization’s needs.
    • Creating a definition of your vision and identifying the guiding principles to aid in decision making.
    • Defining how the ERP supports achievement of the organizational goals.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    Business and IT have a shared understanding of how the ERP supports the organizational goals.

    Are we all talking about the same thing?

    Every group has their own understanding of the ERP system, and they may use the same words to describe different things. For example, is there a difference between procurement of office supplies and procurement of parts to assemble an item for sale? And if they are different, do your terms differ (e.g., procurement versus purchasing)?

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Activity 1.1.1 Build a glossary

    1 hour
    1. As a group, discuss the organization’s functional areas, business capabilities, value streams, and business processes.
    2. Ask each of the participants if there are terms or “jargon” that they hear used that they may be unclear on or know that others may not be aware of. Record these items in the table along with a description.
      • Acronyms are particularly important to document. These are often bandied about without explanation. For example, people outside of finance may not understand that FP&A is short for Financial Planning and Analysis.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Glossary'.

    Download the ERP Strategy Report Template

    Activity 1.1.1 Working slide

    Example/working slide for your glossary. Consider this a living document and keep it up to date.

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Vision and Guiding Principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES

    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of best industry practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    1 hour

    1. As a group, discuss whether you want to create a separate ERP vision statement or re-state your corporate vision and/or goals.
      • An ERP vision statement will provide project-guiding principles, encompass the ERP objectives, and give a rationale for the project.
      • Using the corporate vision/goals will remind the business and IT that the project is to find an ERP solution that supports and enhances the organizational objectives.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we used internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Guiding Principles.

    Download the ERP Strategy Report Template

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real time data-driven decisions, increased employee productivity, and IT investment protection.

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Utilize ERP best practices: Do not recreate or replicate what we have today, focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unify data model and integrate processes where possible. Assess integration needs carefully.

    Align the ERP strategy with the corporate strategy

    Corporate Strategy Unified Strategy ERP Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.
    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    Info-Tech Insight

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.

    1.1.3 – Corporate goals and ERP benefits

    1-2 hours

    1. Discuss the business objectives. Identify two or three objectives that are a priority for this year.
    2. Produce several ways a new ERP system will meet each objective.
    3. Think about the modules and ERP functions that will help you realize these benefits.

    Cost Reduction

    • Decrease Total Cost: Reduce total costs by five percent by January 2022.
    • Decrease Specific Costs: Reduce costs of “x” business unit by ten percent by Jan. next year.

    ERP Benefits

    • Reduce headcount
    • Reallocate workers
    • Reduce overtime
    • Increased compliance
    • Streamlined audit process
    • Less rework due to decrease in errors

    Download the ERP Strategy Report Template

    Activity 1.1.3 – Corporate goals and ERP benefits

    Corporate Strategy ERP Benefits
    End customer visibility (consumer experience)
    • Help OEM’s target customers
    • Keep customer information up-to-date, including contact choices
    • [Product A] process support improvements
    • Ability to survey and track responses
    • Track and improve renewals
    • Service support – improve cycle times for claims, payment processing, and submission quality
    Social responsibility
    • Reduce paper internally and externally
    • Facilitating tracking and reporting of EFT
    • One location for all documents
    New business development
    • Track all contacts
    • Measure where in process the contact is
    • Measure impact of promotions
    Employee experience
    • Improve integration of systems reducing manual processes through automation
    • Better tracking of sales for employee comp
    • Ability to survey employees

    Step 1.2

    Scope and priorities

    Activities
    • 1.2.1 Project scope
    • 1.2.2 Competing priorities

    This step will walk you through the following activities:

    • Define the initial scope of the ERP project. This includes the discussion of what is not in scope. For example, a stand-alone warehouse management system may be out of scope while an existing HRMS could be in scope.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    A project scope statement and a prioritized list of projects that may compete for organizational resources.

    Understand the importance of setting expectations with a scope statement

    Be sure to understand what is in scope for an ERP strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling MMS or BI under ERP.

    A diamond shape with three layers. Inside is 'In Scope', middle is 'Scope Creep', and outside is 'Out of Scope'.

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of ERP will be based on the scope statement.

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. HRIS, CRM, PLM etc.) rather than granular requirements that would lead to vendor application selection (e.g. SAP, Microsoft, Oracle, etc.).

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration.

    In Scope Out of Scope
    Strategy High-level ERP requirements, strategic direction
    Software selection Vendor application selection, Granular system requirements

    Activity 1.2.1 – Define scope

    1 hour

    1. Formulate a scope statement. Decide which people, processes, and functions the ERP strategy will address. Generally, the aim of this project is to develop strategic requirements for the ERP application portfolio – not to select individual vendors.
    2. To assist in forming your scope statement, answer the following questions:
      • What are the major coverage points?
      • Who will be using the systems?
      • How will different users interact with the systems?
      • What are the objectives that need to be addressed?
      • Where do we start?
      • Where do we draw the line?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Scope Statements'.

    Download the ERP Strategy Report Template

    Activity 1.2.1 – Define scope

    Scope statements

    The following systems are considered in scope for this project:

    • Finance
    • HRMS
    • CRM
    • Supply chain

    The following systems are out of scope for this project:

    • PLM – product lifecycle management
    • Project management
    • Contract management

    The following systems are in scope, in that they must integrate into the new system. They will not change.

    • Payroll processing
    • Bank accounts
    • EDI software

    Know your competing priorities

    Organizations typically have multiple projects on the table or in flight. Each of those projects requires resources and attention from business and/or the IT organization.

    Don’t let poor prioritization hurt your ERP implementation.
    BNP Paribas Fortis had multiple projects that were poorly prioritized resulting in the time to bring products to market to double over a three-year period. (Source: Neito-Rodriguez, 2016)

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023

    Activity 1.2.2 – Competing priorities

    1 hour

    1. As a group, discuss the projects that are currently in flight as well as any known projects including such things as territory expansion or new regulation compliance.
    2. For each project discuss and record the following items:
      • The project timeline. When does it start and how long is it expected to run?
      • How important is this project to the organization? A lot of high priority projects are going to require more attention from the staff involved.
      • What are the implications of this project?
        • What staff will be impacted? What business users will be impacted, and what is the IT involvement?
        • To what extent will the overall organization be impacted? Is it localized to a location or is it organization wide?
        • Can the project be deferred?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Priorities'.

    Download the ERP Strategy Report Template

    Activity 1.2.2 – Competing priorities

    List all your known projects both current and proposed. Discuss the prioritization of those projects, whether they are more or less important than your ERP project.

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023 Medium
    Point of Sale replacement Oct 2021– Mar 2022 Medium
    ERP utilization and training on unused systems Friday, Sept 17 Medium Could impact multiple staff
    Managed Security Service RFP This calendar year Medium
    Mental Health Dashboard In research phase Low

    Build an ERP Strategy and Roadmap

    Phase 2

    Define your ERP

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes
    • Generate a list of applications that support the identified processes
    • Assign stakeholders, discuss pain points, opportunities, and key success indicators
    • Assign process and technology maturity to each stakeholder

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Step 2.1

    ERP business model

    Activities
    • 2.1.1 Environmental factors, technology drivers, and business needs
    • 2.1.2 Challenges, pain points, enablers, and organizational goals

    This step will walk you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discuss the ERP benefits and opportunities

    This step involves the following participants:

    • ERP implementation team
    • Business stakeholders

    Outcomes of this step

    • ERP business model

    Explore environmental factors and technology drivers

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements
    The ERP Business Model with 'Business Needs', 'Environmental Factors', and 'Technology Drivers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    External Considerations
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    Organizational Drivers
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
      • Use of data in the system (no exports)
    Technology Considerations
    • Data accuracy
    • Data quality
    • Better reporting
    Functional Requirements
    • Information availability
    • Integration between systems
    • Secure data

    Activity 2.1.1 – Explore environmental factors and technology drivers

    1 hour

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Environmental Factors', 'Technology Drivers', and 'Business Needs'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Environmental FactorsTechnology DriversBusiness Needs
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    • Document storage
    • Cloud security standards
    • Functionality based on deployment
    • Cloud-first based on above
    • Integration with external data suppliers
    • Integration with internal systems (Elite?)
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
    • Use of data in the system (no exports)
    • CapEx vs. OpEx

    Discuss challenges, pain points, enablers and organizational goals

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard and marker to capture key findings.
    3. Consider organizational goals along with barriers and enablers to ERP success.
    The ERP Business Model with 'Organizational Goals', 'Enablers', and 'Barriers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    Functional Gaps
    • No online purchase order requisition
    Technical Gaps
    • Inconsistent reporting – data quality concerns
    Process Gaps
    • Duplication of data
    • Lack of system integration
    Barriers to Success
    • Cultural mindset
    • Resistance to change
    Business Benefits
    • Business-IT alignment
    IT Benefits
    • Compliance
    • Scalability
    Organizational Benefits
    • Data accuracy
    • Data quality
    Enablers of Success
    • Change management
    • Alignment to strategic objectives

    Activity 2.1.2 – Discuss challenges, pain points, enablers, and organizational goals

    1 hour

    1. Identify challenges with the current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard or flip chart and markers to capture key findings.
    3. Consider functional gaps, technical gaps, process gaps, and barriers to ERP success.
    4. Identify the opportunities and benefits from an integrated system.
    5. Brainstorm potential enablers for successful ERP selection and implementation. Use a whiteboard and markers to capture key findings.
    6. Consider business benefits, IT benefits, organizational benefits, and enablers of success.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Organizational Goals', 'Enablers', and 'Barriers'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Organizational Goals Enablers Barriers
    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    Step 2.2

    ERP processes and supporting applications

    Activities
    • 2.2.1 ERP process inventory
    • 2.2.2 Application portfolio

    This step will walk you through the following activities:

    • Identify the top-level (mega) processes and create an initial list of the sub-processes
    • Generate a list of applications that support the identified processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A list of in scope business processes
    • A list of current applications and services supporting the business processes

    Process Inventory

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation rather than how.

    Business capabilities:

    • Represent stable business functions
    • Are unique and independent of each other
    • Will typically have a defined business outcome

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    A process map titled 'Business capability map (Level 0)' with many processes sectioned off into sections and subsections. The top-left section is 'Products and Services Development' with subsections 'Design'(6 processes) and 'Manufacturing'(3 processes). The top-middle section is 'Revenue Generation'(3 processes) and below that is 'Sourcing'(2 processes). The top-right section is 'Demand Fulfillment'(9 processes). Along the bottom is the section 'Enterprise Management and Planning' with subsections 'Human Resources'(4 processes), 'Business Direction'(4 processes), and 'Finance'(4 processes).

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Activity 2.2.1 – Process inventory

    2-4 hours

    1. As a group, discuss the business capabilities, value streams, and business processes.
    2. For each capability determine the following:
      • Is this capability applicable to our organization?
      • What application, if any, supports this capability?
    3. Are there any missing capabilities to add?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Process Inventory' table on the next slide.

    Download the ERP Strategy Report Template

    Activity 2.2.1 – Process inventory

    Core Finance Core HR Workforce Management Talent Management Warehouse Management Enterprise Asset Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • General ledger
    • Accounts payable
    • Accounts receivable
    • GL consolidation
    • Cash management
    • Billing and invoicing
    • Expenses
    • Payroll accounting
    • Tax management
    • Reporting
    • Payroll administration
    • Benefits administration
    • Position management
    • Organizational structure
    • Core HR records
    • Time and attendance
    • Leave management
    • Scheduling
    • Performance management
    • Talent acquisition
    • Offboarding & onboarding
    • Plan layout
    • Manage inventory
    • Manage loading docks
    • Pick, pack, ship
    • Plan and manage workforce
    • Manage returns
    • Transfer product cross-dock
    • Asset lifecycle management
    • Supply chain management
    • Maintenance planning & scheduling
    Planning & Budgeting Strategic HR Procurement Customer Relationship Management Facilities Management Project Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • Budget reporting
    • Variance analysis
    • Multi-year operating plan
    • Monthly forecasting
    • Annual operating plan
    • Compensation planning
    • Workforce planning
    • Succession planning
    • Supplier management
    • Purchase order management
    • Workflow approvals
    • Contract / tender management
    • Contact management
    • Activity management
    • Analytics
    • Plan and acquire
    • Asset maintenance
    • Disposal
    • Project management
    • Project costing
    • Budget control
    • Document management

    Complete an inventory collection of your application portfolio

    MANAGED vs. UNMANAGED APPLICATION ENVIRONMENTS

    • Managed environments make way for easier inventory collection since there is significant control as to what applications can be installed on a company asset. Organizations will most likely have a comprehensive list of supported and approved applications.
    • Unmanaged environments are challenging to control because users are free to install any applications on company assets, which may or may not be supported by IT.
    • Most organizations fall somewhere in between – there is usually a central repository of applications and several applications that are exceptions to the company policies. Ensure that all applications are accounted for.

    Determine your inventory collection method:

    MANUAL INVENTORY COLLECTION
    • In its simplest form, a spreadsheet is used to document your application inventory.
    • For large organizations, reps interview all business domains to create a list of installed applications.
    • Conducting an end-user survey within your business domains is one way to gather your application inventory and assess quality.
    • This manual approach is most appropriate for smaller organizations with small application portfolios across domains.
    AUTOMATED INVENTORY COLLECTION
    • Using inventory collection compatibility tools, discover all of the supported applications within your organization.
    • This approach may not capture all applications, depending on the parameters of your automated tool.
    • This approach works well in a managed environment.

    Activity 2.2.2 – Understand the current application portfolio

    1-2 hours

    1. Brainstorm a list of the applications that support the ERP business processes inventoried in Activity 2.2.1. If an application has multiple instances, list each instance as a separate line item.
    2. Indicate the following for each application:
      1. User satisfaction. This may be more than one entry as different groups – e.g., IT vs. business – may differ.
      2. Processes supported. Refer to processes defined in Activity 2.2.1. Update 2.2.1 if additional processes are identified during this exercise.
      3. Define a future disposition: Keep, Update, Replace. It is possible to have more than one disposition, e.g., Update or Replace is a valid disposition.
    3. [Optional] Collect the following information about each application. This information can be used to calculate the cost per application and total cost per user:
      1. Number of users or user groups
      2. Estimated maintenance costs
      3. Estimated capital costs
      4. Estimated licensing costs
      5. Estimated support costs

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Application Portfolio' table on the next slide.

    Download the ERP Strategy Report Template

    2.2.2 - Application portfolio

    Inventory your applications and assess usage, satisfaction, and disposition

    Application Name Satisfaction Processes Supported Future Disposition
    PeopleSoft Financials Medium and declining ERP – shares one support person with HR Update or Replace
    Time Entry (custom) Low Time and Attendance Replace
    PeopleSoft HR Medium Core HR Update or Replace
    ServiceNow High ITSM
    CSM: Med-Low
    ITSM and CSM
    CSM – complexity and process changes
    Update
    Data Warehouse High IT
    Business: Med-Low
    BI portal – Tibco SaaS datamart Keep
    Regulatory Compliance Medium Regulatory software – users need training Keep
    ACL Analytics Low Audit Replace
    Elite Medium Supply chain for wholesale Update (in progress)
    Visual Importer Med-High Customs and taxes Keep
    Custom Reporting application Med-High Reporting solution for wholesale (custom for old system, patched for Elite) Replace

    2.3.1 – Visual application portfolio [optional]

    A diagram of applications and how they connect to each other. There are 'External Systems' and 'Internal Systems' split into three divisions, 'Retail Division', 'Wholesale Division', and 'Corporate Services'. Example external systems are 'Moneris', 'Freight Carriers', and 'Banks'. Example internal systems are 'Retail ERP/POS', 'Elite', and 'Excel'.

    Step 2.3

    Process pains, opportunities, and maturity

    Activities
    • 2.3.1 Level one process inventory with stakeholders
    • 2.3.2 Process pain points and opportunities
    • 2.3.3 Process key success indicators
    • 2.3.4 Process and technology maturity
    • 2.3.5 Mega-process prioritization

    This step will walk you through the following activities:

    • Assign stakeholders, discuss pain points, opportunities, and key success indicators for the mega-processes identified in Step 2.1
    • Assign process and technology maturity to each prioritizing the mega-processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    For each mega-process:

    • Level 1 processes with process and technology maturity assigned
    • Stakeholders identified
    • Process pain points, opportunities, and key success indicators identified
    • Prioritize the mega-processes

    Building out the mega-processes

    Congratulations, you have made it to the “big lift” portion of the blueprint. For each of the processes that were identified in exercise 2.2.1, you will fill out the following six details:

    1. Primary stakeholder(s)
    2. A description of the process
    3. hat level 1 processes/capabilities the mega-process is composed of
    4. Problems the new system must solve
    5. What success will look like when the new system is implemented
    6. The process and technological maturity of each level 1 process.

    Sample of the 'Core Finance' slide in the ERP Strategy Report, as shown on the next slide, with numbers corresponding to the ordered list above. 1 is on a list of 'Stakeholders', 2 is by the 'Description' box, 3 is on the 'Capability' table column, 4 is on the 'Current Pain Points' box, 5 is on the 'Key Success Factors' box, and 6 is on the 'Maturity' ratings column.

    It will take one to three hours per mega-process to complete the six different sections.

    Note:
    For each mega-process identified you will create a separate slide in the ERP Strategy Report. Default slides have been provided. Add or delete as necessary.

    Sample of the 'Core Finance' slide in the ERP Strategy Report. Note on the list of stakeholders reads 'Primary Stakeholders'. Note on the title, Core Finance, reads 'Mega-process name'. Note on the description box reads 'Description of the process'. Note on the 'Key Success Factors' box reads 'What success looks like'. Note on the 'Current Pain Points' box reads 'Problems the new system must solve'. Below is a capability table with columns 'Capability', 'Maturity', and a blank on for notes. Note on the 'Capability' table column reads 'Level 1 process'. Note on the 'Maturity' ratings column reads 'Level 1 process maturity of process and technology'. Note on the notes column reads 'Level 1 process notes'.

    An ERP project is most effective when you follow a structured approach to define, select, implement, and optimize

    Top-down approach

    ERP Strategy
    • Operating Model – Define process strategy, objectives, and operational implications.
    • Level 1 Processes –Define process boundaries, scope at the organization level; the highest level of mega-process.

    • Level 2 Processes – Define processes by function/group which represent the next level of process interaction in the organization.
    • Level 3 Processes – Decompose process by activity and role and identify suppliers, inputs, outputs, customers, metrics, and controls.
    • Functional Specifications; Blueprint and Technical Framework – Refine how the system will support and enable processes; includes functional and technical elements.
    • Org Structure and Change Management – Align org structure and develop change mgmt. strategy to support your target operating model.
    • Implementation and Transition to Operations – Execute new methods, systems, processes, procedures, and organizational structure.
    • ERP Optimization and Continuous Improvement – Establish a program to monitor, govern, and improve ERP systems and processes.

    *A “stage gate” approach should be used: the next level begins after consensus is achieved for the previous level.

    Activity 2.3.1 – Level 1 process inventory with stakeholders

    1 hour per mega-process

    1. Identify the primary stakeholder for the mega-process. The primary stakeholder is usually the process owner. For example, for core finance the CFO is the process owner/primary stakeholder. Name a maximum of three stakeholders.
    2. In the lower section, detail all the capabilities/processes associated with the mega-process. Be careful to remain at the level 1 process level as it is easy to start identifying the “How” of a process. The “How” is too deep.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Stakeholders' list and 'Capability' table column highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.2 – Process pain points and opportunities

    30+ minutes per mega-process

    1. As a group, write a clear description of the mega-process. This helps establish alignment on the scope of the mega-process.
    2. Start with the discussion of current pain points with the various capabilities. These pain points will be items that the new solution will have to resolve.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.3 – Key success indicators

    30 minutes per mega-process

    1. Document key success factors that should be base-lined in the existing system to show the overall improvement once the new system is implemented. For example, if month-end close takes 12 days in the current system, target three days for month-end close in the new system.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.4 – Process and technology maturity

    1 hour

    1. For each capability/level 1 process identified determine you level of process maturity:
      • Weak – Ad hoc processes without documentation
      • Moderate – Documented processes that are often executed consistently
      • Strong – Documented processes that include exception handling that are rigorously followed
      • Payroll is an example of a strong process, even if every step is manual. The process is executed the same every time to ensure staff are paid properly and on time.
    2. For each capability/level 1 process identified determine you level of technology maturity:
      • Weak – manual execution and often paper-based
      • Moderate – Some technology support with little automation
      • Strong – The process executed entirely within the technology stack with no manual processes

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Maturity' and notes columns highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.5 – Mega-process prioritization

    1 hour

    1. For the mega-processes identified, map each process’s current state in terms of process rigor versus organizational importance.
      • For process rigor, refer to your process maturity in the previous exercises.
    2. Now, as a group discuss how you want to “move the needle” on each of the processes. Remember that you have a limited capacity so focus on the processes that are, or will be, of strategic importance to the organization. The processes that are placed in the top right quadrant are the ones that are likely the strategic differentiators.

    Record this information in the ERP Strategy Report Template.

    A smaller version of the process prioritization map on the next slide.

    Download the ERP Strategy Report Template.

    ERP Process Prioritization

    Establishing an order of importance can impact vendor selection and implementation roadmap; high priority areas are critical for ERP success.

    A prioritization map placing processes by 'Rigor' and 'Organizational Importance' They are numbered 1-9, 0, A, and B and are split into two colour-coded sets for 'Future (green)' and 'Current(red)'. On the x-axis 'Organizational Importance' ranges from 'Operational' to 'Strategic' and on the y-axis 'Process Rigor' ranges from 'Get the Job Done' to 'Best Practice'. Comparing 'Current' to 'Future', they have all moved up from 'Get the Job Done' into 'Best Practice' territory and a few have migrated over from 'Operational' to 'Strategic'. Processes are 1. Core Finance, 2. Core HR, 3. Workforce Management, 4.Talent Management, 5. Employee Health and Safety, 6. Enterprise Asset Management, 7.Planning & Budgeting, 8. Strategic HR, 9. Procurement Mgmt., 0. CRM, A. Facilities, and B. Project Management.

    Build an ERP Strategy and Roadmap

    Phase 3

    Plan your project

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned
    • Set the initial core project team and their accountabilities and get them started on the project

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 3.1

    Stakeholders, risk, and value

    Activities
    • 3.1.1 Stakeholder analysis
    • 3.1.2 Potential pitfalls and mitigation strategies
    • 3.1.3 Project value [optional]

    This step will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An understanding of the stakeholders and their project influence
    • An initial risk register
    • A consensus on readiness to proceed

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Value Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    An example stakeholder map, categorizing stakeholders by amount of influence and interest.

    Activity 3.1.1 – Map your stakeholders

    1 hour

    1. As a group, identify all the ERP stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected Influence and Involvement in the project
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.
      • Sponsor – An internal stakeholder who has final sign-off on the ERP project.
      • End User – Front-line users of the ERP technology.
      • IT – Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.
      • Business – Additional stakeholders that will be impacted by any ERP technology changes.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Slide titled 'Map the organization's stakeholders with a more in-depth example of a stakeholder map and long 'List of Stakeholders'. The quadrants that stakeholders are sorted into by influence and involvement are labelled 'Keep Satisfied (1)', 'Involve Closely (2)', 'Monitor (3)', and 'Keep Informed (4)'.

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding the technical and strategic risks of a project can help you establish contingencies to reduce the likelihood of risk occurrence and devise mitigation strategies to help offset their impact if contingencies are insufficient.

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Remember

    The biggest sources of risk in an ERP strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Managing change
    • Executive sponsorship
    • Sufficient funding
    • Setting the right expectations

    Activity 3.1.2 – Identify potential project pitfalls and mitigation strategies

    1-2 hours

    1. Discuss what “Impact” and “Likelihood” mean to your organization. For example, define Impact by what is important to your organization – financial loss, reputational impact, employee loss, and process impairment are all possible factors.
    2. Identify potential risks that may impede the successful completion of each work initiative. Risks may include predictable factors such as low resource capability, or unpredictable factors such as a change in priorities leading to withdrawn buy-in.
    3. For each risk, identify mitigation tactics. In some cases, mitigation tactics might take the form of standalone work initiative. For example, if a risk is lack of end-user buy-in, a work initiative to mitigate that risk might be to build an end-user communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Risks

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Project approval 1 1 Build a strong business case for project approval and allow adequate time for the approval process
    Software does not work as advertised resulting in custom functionality with associated costs to create/ maintain 1 2 Work with staff to change processes to match the software instead of customizing the system thorough needs analysis prior to RFP creation
    Under estimation of staffing levels required, i.e. staff utilized at 25% for project when they are still 100% on their day job 1 2 Build a proper business case around staffing (be somewhat pessimistic)
    EHS system does not integrate with new HRMS/ERP system 2 2
    Selection of an ERP/HRMS that does not integrate with existing systems 2 3 Be very clear in RFP on existing systems that MUST be integrated to
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Is the organization committed to the ERP project?

    A recent study of critical success factors to an ERP implementation identified top management support and interdepartmental communication and cooperation as the top two success factors.

    By answering the seven questions the key stakeholders are indicating their commitment. While this doesn’t guarantee that the top two critical success factors have been met, it does create the conversation to guide the organization into alignment on whether to proceed.

    A table of example stakeholder questions with options 1-5 for how strongly they agree or disagree. 'Strongly disagree - 1', 'Somewhat disagree - 2', 'Neither agree or disagree - 3', 'Somewhat agree - 4', 'Strongly agree - 5'.

    Activity 3.1.3 – Project value (optional)

    30 minutes

    1. As a group, discuss the seven questions in the table. Ensure everyone agrees on what the questions are asking. If necessary, modify the language so that the meaning is clear to everyone.
    2. Have each stakeholder answer the seven questions on their own. Have someone compile the answers looking for:
      1. Any disagrees, strongly, somewhat, or neither as this indicates a lack of clarity. Endeavour to discover what additional information is required.
      2. [Optional] Have the most positive and most negative respondents present their points of view for the group to discuss. Is someone being overly optimistic, or pessimistic? Did the group miss something?

    There are no wrong answers. It should be okay to disagree with any of these statements. The goal of the exercise is to generate conversation that leads to support of the project and collaboration on the part of the participants.

    Record this information in the ERP Strategy Report Template.

    A preview of the next slide.

    Download the ERP Strategy Report Template

    Ask the right questions now to determine the value of the project to the organization

    Please indicate how much you agree or disagree with each of the following statements.

    Question # Question Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree
    1. I have everything I need to succeed. 1 2 3 4 5
    2. The right people are involved in the project. 1 2 3 4 5
    3. I understand the process of ERP selection. 1 2 3 4 5
    4. My role in the project is clear to me. 1 2 3 4 5
    5. I am clear about the vision for this project. 1 2 3 4 5
    6. I am nervous about this project. 1 2 3 4 5
    7. There is leadership support for the project. 1 2 3 4 5

    Step 3.2

    Project set up

    Activities
    • 3.2.1 Create the project team
    • 3.2.2 Set the project RACI

    This step will walk you through the following activities:

    • Set the initial core project team and their accountabilities to the project.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • Identify the core team members and their time commitments.
    • Assign responsibility, accountability or communication needs.

    Identify the right stakeholders for your project team

    Consider the core team functions when composing the project team. It is essential to ensure that all relevant perspectives (business, IT, etc.) are evaluated to create a well-aligned and holistic ERP strategy.

    PROJECT TEAM ROLES

    • Project champion
    • Project advisor
    • Steering committee
    • Project manager
    • Project team
    • Subject matter experts
    • Change management specialist

    PROJECT TEAM FUNCTIONS

    • Collecting all relevant inputs from the business.
    • Gathering high-level requirements.
    • Creating a roadmap.

    Info-Tech Insight

    There may be an inclination towards a large project team when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units like HR and Finance, as well as IT.

    Activity 3.2.1 – Project team

    1 hour

    1. Considering your ERP project scope, discuss the resources and capabilities necessary, and generate a complete list of key stakeholders considering each of the roles indicated on the chart to the right.
    2. Using the list previously generated, identify a candidate(s) for each role and determine their responsibility in the ERP strategy and their expected time commitment.

    Record this information in the ERP Strategy Report Template.

    Preview of the table on the next slide.

    Download the ERP Strategy Report Template

    Project team

    Of particular importance for this table is the commitment column. It is important that the organization understands the level of involvement for all roles. Failure to properly account for the necessary involvement is a major risk factor.

    Role Candidate Responsibility Commitment
    Project champion John Smith
    • Provide executive sponsorship.
    20 hours/week
    Steering committee
    • Establish goals and priorities.
    • Define scope and approve changes.
    • Provide adequate resources and resolve conflict.
    • Monitor project milestones.
    10 hours/week
    Project manager
    • Prepare and manage project plan.
    • Monitor project team progress.
    • Conduct project team meetings.
    40 hours/week
    Project team
    • Drive day-to-day project activities.
    • Coordinate department communication.
    • Make process and design decisions.
    40 hours/week
    Subject matter experts by area
    • Attend meetings as needed.
    • Respond to questions and inquiries.
    5 hours/week

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core ERP strategy team members and then structure a RACI chart with the relevant categories and roles for the overall project.

    • Responsible – Conducts work to achieve the task
    • Accountable – Answerable for completeness of task
    • Consulted – Provides input for the task
    • Informed – Receives updates on the task

    Benefits of assigning RACI early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring stakeholders are kept informed of project progress, risks, and successes.

    Activity 3.2.2 – Project RACI

    1 hour

    1. The ERP strategy will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    2. Modify the left-hand column to match the activities expected in your project.

    Record this information in the ERP Strategy Report Template.

    Preview of the RACI chart on the next slide.

    Download the ERP Strategy Report Template

    3.2.2 – Project RACI

    Project champion Project advisor Project steering committee Project manager Project team Subject matter experts
    Determine project scope & vision I C A R C C
    Document business goals I I A R I C
    Inventory ERP processes I I A C R R
    Map current state I I A R I R
    Assess gaps and opportunities I C A R I I
    Explore alternatives R R A I I R
    Build a roadmap R A R I I R
    Create a communication plan R A R I I R
    Present findings R A R I I R

    Build an ERP Strategy and Roadmap

    Phase 4

    Next steps

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 4.1

    Build your roadmap

    Activities
    • 4.1.1 Pick your path
    • 4.1.2 Build your roadmap
    • 4.1.3 Visualize your roadmap (optional)

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    A diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Explore the options for achieving your ideal future state

    CURRENT STATE STRATEGY
    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention. MAINTAIN CURRENT SYSTEM
    Your existing application is, for the most part, functionally rich, but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. AUGMENT CURRENT SYSTEM
    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. OPTIMIZE: CONSOLIDATE AND INTEGRATE SYSTEMS
    Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes altogether. TRANSFORM: REPLACE CURRENT SYSTEM

    Option: Maintain your current system

    Resolve your existing process and people pain points

    MAINTAIN CURRENT SYSTEM

    Keep the system, change the process.

    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones, and involves minimal cost, time, and effort.

    INDICATORS POTENTIAL SOLUTIONS
    People Pain Points
    • Lack of training
    • Low user adoption
    • Lack of change management
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy
    Process Pain Points
    • Legacy processes
    • Workarounds and shortcuts
    • Highly specialized processes
    • Inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of reporting functions.
    • Lacking functional depth in key process areas.
    • Add point solutions or enable modules to address missing functionality.
    Data Pain Points
    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Option: Consolidate and integrate

    Consolidate and integrate your current systems to address your technology and data pain points

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing
    Data Pain Points
    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of functionality and poor integration.
    • Obsolete technology.
    • Not aligned with technology direction or enterprise architecture plans.
    • Evaluate the ERP technology landscape.
    • Determine if you need to replace the current system with a point solution or an all-in-one solution.
    • Align ERP technologies with enterprise architecture.
    Data Pain Points
    • Limited capability to store and retrieve data.
    • Understand your data requirements.
    Process Pains
    • Insufficient tools to manage workflow.
    • Review end-to-end processes.
    • Assess user satisfaction.

    Activity 4.1.1 – Path to future state

    1+ hour
    1. Discuss the four options and the implications for your organization.
    2. Come to an agreement on your chosen path.

    The same diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Activity 4.1.2 – Build a roadmap

    1-2 hours

    1. Start your roadmap with the stakeholder presentation. This is your mark in the sand to launch the project.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.

    Record this information in the ERP Strategy Report Template.

    Note:
    Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Preview of the strategy roadmap table on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy roadmap

    Initiative Owner Start Date Completion Date
    Create final workshop deliverable Info-Tech 16 September, 2021
    Review final deliverable Workshop sponsor
    Present to executive team Oct 2021
    Build business case CFO, CIO, Directors 3 weeks to build
    3-4 weeks process time
    Build an RFI for initial costings 1-2 weeks
    Stage 1 approval for requirements gathering Executive committee Milestone
    Determine and acquire BA support for next step 1 week
    Requirements gathering – level 2 processes Project team 5-6 weeks effort
    Build RFP (based on informal approval) CFO, CIO, Directors 4th calendar quarter 2022 Possible completion January 2023
    2-4 weeks

    Activity 4.1.3 – Build a visual roadmap [optional]

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.2 and creating a visual.

    Record this information in the ERP Strategy Report Template.

    Preview of the visual strategy roadmap chart on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy Roadmap

    A table set up similarly to the previous one, but instead of 'Start Date' and 'Completion Date' columns there are multiple small columns broken up by fiscal quarters (i.e.. FY2022: Q1, Q2, Q3, Q4). There is a key with a light blue diamond shape representing a 'Milestone' and a blue arrow representing a 'Work in progress'; they are placed the Quarters columns according to when each row item reached a milestone or began its progress.

    Step 4.2

    Wrap up and present

    Activities
    • 4.2.1 Communication plan
    • 4.2.2 Stakeholder presentation

    This step will walk you through the following activities:

    • Build a communication plan as part of organizational change management, which includes the stakeholder presentation

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An initial communication plan for organizational change management
    • A stakeholder presentation

    Effectively communicate the changes an ERP foundation strategy will impose

    A communication plan is necessary because not everyone will react positively to change. Therefore, you must be prepared to explain the rationale behind any initiatives that are being rolled out.

    Steps:

    1. Start by building a sound communication plan.
    2. The communication plan should address all stakeholders that will be subject to change, including executives and end users.
    3. Communicate how a specific initiative will impact the way employees work and the work they do.
    4. Clearly convey the benefits of the strategy to avoid resistance.

    “The most important thing in project management is communication, communication, communication. You have to be able to put a message into business terms rather than technical terms.” (Lance Foust, I.S. Manager, Plymouth Tube Company)

    Project Goals Communication Goals Required Resources Communication Channels
    Why is your organization embarking on an ERP project? What do you want employees to know about the project? What resources are going to be utilized throughout the ERP strategy? How will your project team communicate project updates to the employees?
    Streamline processes and achieve operational efficiency. We will focus on mapping and gathering requirements for (X) mega-processes. We will be hiring process owners for each mega-process. You will be kept up to date about the project progress via email and intranet. Please feel free to contact the project owner if you have any questions.

    Activity 4.2.1 – Communication plan

    1 hour

    1. List the types of communication events and documents you will need to produce and distribute.
    2. Indicate the purpose of the event or document, who the audience is, and who is responsible for the communication.
    3. Identify who will be responsible for the development and delivery of the communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the Communication Plan table on the next slide.

    Download the ERP Strategy Report Template

    Communication plan

    Use the communication planning template to track communication methods needed to convey information regarding ERP initiatives.

    This is designed to help your organization make ERP initiatives visible and create stakeholder awareness.

    Audience Purpose Delivery/ Format Communicator Delivery Date Status/Notes
    Front-line employees Highlight successes Bi-weekly email CEO Mondays
    Entire organization Highlight successes
    Plans for next iteration
    Monthly townhall Senior leadership Last Thursday of every month Recognize top contributors from different parts of the business. Consider giving out prizes such as coffee mugs
    Iteration demos Show completed functionality to key stakeholders Iteration completion web conference Delivery lead Every other Wednesday Record and share the demonstrations to all employees

    Conduct a presentation of the final deliverable for stakeholders

    After completing the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Decide what needs to be presented and to whom. The purpose and format for communicating initiatives varies based on the audience. Identify the audience first to ensure initiatives are communicated appropriately.
    • IT and the business speak different languages. The business may not have the patience to try to understand IT, so it is up to IT to learn and use the language of business. Failing to put messages into language that resonates with the business will create disengagement and resistance.
    • Effective communication takes preparation to get the right content and tone to convey your real message.

    Learn From Other Organizations

    “When delivering the strategy and next steps, break the project down into consumable pieces. Make sure you deliver quick wins to retain enthusiasm and engagement.

    By making it look like a different project you keep momentum and avoid making it seem unattainable.” (Scott Clark, Innovation Credit Union)

    “To successfully sell the value of ERP, determine what the high-level business problem is and explain how ERP can be the resolution. Explicitly state which business areas ERP is going to touch. The business often has a very narrow view of ERP and perceives it as just a financial system. The key part of the strategy is that the organization sees the broader view of ERP.” (Scott Clark, Innovation Credit Union)

    Activity 4.2.2 – Stakeholder presentation

    1 hour

    1. The following sections of the ERP Strategy Report Template are designed to function as the stakeholder presentation:
      1. Workshop Overview
      2. ERP Models
      3. Roadmap
    2. You can use the Template as your presentation deck or extract the above sections to create a stand-alone stakeholder presentation.
    3. Remember to take your audience into account and anticipate the questions they may have.

    Samples of the ERP Strategy Report Template.

    Download the ERP Strategy Report Template

    Summary of Accomplishment

    Get the Most Out of Your ERP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Build an ERP Strategy and Roadmap allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of ERP processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Research Contributors

    Name Title Organization
    Anonymous Anonymous Software industry
    Anonymous Anonymous Pharmaceutical industry
    Boris Znebel VP of Sales Second Foundation
    Brian Kudeba Director, Administrative Systems Fidelis Care
    David Lawrence Director, ERP Allegheny Technologies Inc.
    Ken Zima CIO Aquarion Water Company
    Lance Foust I.S. Manager Plymouth Tube Company
    Pooja Bagga Head of ERP Strategy & Change Transport for London
    Rob Schneider Project Director, ERP Strathcona County
    Scott Clark Innovation Credit Union
    Tarek Raafat Manager, Application Solutions IDRC
    Tom Walker VP, Information Technology StarTech.com

    Related Info-Tech Research

    Bibliography

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub. 2018. Accessed 21 Feb. 2021.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup. n.d. Accessed 21 Feb. 2021.

    Neito-Rodriguez, Antonio. Project Management | How to Prioritize Your Company's Projects. 13 Dec. 2016. Accessed 29 Nov 2021. Web.

    "A&D organization resolves organizational.“ Case Study. Panorama Consulting Group. 2021. PDF. 09 Nov. 2021. Web.

    "Process Frameworks." APQC. n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, 29-37. 22 Feb. 2019. Accessed 21 Feb. 2021.

    Microsoft Dynamics 365: Understand the Transition to the Cloud

    • Buy Link or Shortcode: {j2store}350|cart{/j2store}
    • member rating overall impact: 8.7/10 Overall Impact
    • member rating average dollars saved: $94,858 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Your on-premises Dynamics CRM or AX needs updating or replacing, and you’re not sure whether to upgrade or transition to the cloud with the new Microsoft Dynamics 365 platform. You’re also uncertain about what the cost might be or if there are savings to be had with a transition to the cloud for your enterprise resource planning system.
    • The new license model, Apps vs. Plans and Dual Use Rights in the cloud, includes confusing terminology and licensing rules that don’t seem to make sense. This makes it difficult to purchase proper licensing that aligns with your current on-premises setup and to maximize your choices in transition licenses.
    • There are different licensing programs for Dynamics 365 in the cloud. You need to decide on the most cost effective program for your company, for now and for the future.
    • Microsoft is constantly pressuring you to move to the cloud, but you don’t understand the why. You're uncertain if there's real value in such a strategic move right now, or if should you wait awhile.

    Our Advice

    Critical Insight

    • Focus on what’s best for you. Do a thorough current state assessment of your hardware and software needs and consider what will be required in the near future (one to four years).
    • Educate yourself. You should have a good understanding of your options from staying on-premises vs. an interim hybrid model vs. a lift and shift to the cloud.
    • Consider the overall picture. There might not be hard cost savings to be realized in the near term, given the potential increase in licensing costs over a CapEx to OpEx savings.

    Impact and Result

    • Understanding the best time to transition, from a licensing perspective, could save you significant dollars over the next one to four years.
    • Planning and effectively mapping your current licenses to the new cloud user model will maximize your current investment into the cloud and fully leverage all available Microsoft incentives in the process.
    • Gaining the knowledge required to make the most informed transition decision, based on best timing, most appropriate licensing program, and maximized cost savings in the near term.
    • Engaging effectively with Microsoft and a competent Dynamics partner for deployment or licensing needs.

    Microsoft Dynamics 365: Understand the Transition to the Cloud Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should learn about Microsoft Dynamics 365 user-based cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Timing

    Review to confirm if you are eligible for Microsoft cloud transition discounts and what is your best time to move to the cloud.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 1: Timing
    • Microsoft License Agreement Summary Tool
    • Existing CRM-AX License Summary Worksheet

    2. Licensing

    Begin with a review to understand user-based cloud licensing, then move to mapping your existing licenses to the cloud users and plans.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 2: Licensing
    • Microsoft Dynamics 365 On-Premises License Transition Mapping Tool
    • Microsoft Dynamics 365 User License Assignment Tool
    • Microsoft Licensing Programs Brief Overview

    3. Cost review

    Use your cloud mapping activity as well your eligible discounts to estimate your cloud transition licensing costs.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 3: Cost Review
    • Microsoft Dynamics 365 Cost Estimator

    4. Analyze and decide

    Start by summarizing your choice license program, decide on the ideal time, then move on to total cost review.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 4: Analyze and Decide
    [infographic]

    Workshop: Microsoft Dynamics 365: Understand the Transition to the Cloud

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand What You Own and What You Can Transition to the Cloud

    The Purpose

    Understand what you own and what you can transition to the cloud.

    Learn which new cloud user licenses to transition.

    Key Benefits Achieved

    All your licenses in one summary.

    Eligible transition discounts.

    Mapping of on-premises to cloud users.

    Activities

    1.1 Validate your discount availability.

    1.2 Summarize agreements.

    1.3 Itemize your current license ownership.

    1.4 Review your timing options.

    1.5 Map your on-premises licenses to the cloud-based, user-based model.

    Outputs

    Current agreement summary

    On-premises to cloud user mapping summary

    Understanding of cloud app and plan features

    2 Transition License Cost Estimate and Additional Costs

    The Purpose

    Estimate cloud license costs and other associated expenses.

    Summarize and decide on the best timing, users, and program.

    Key Benefits Achieved

    Good cost estimate of equivalent cloud user-based licenses.

    Understanding of when and how to move your on-premises licensing to the new Dynamics 365 cloud model.

    Activities

    2.1 Estimate cloud user license costs.

    2.2 Calculate additional costs related to license transitions.

    2.3 Review all activities.

    2.4 Summarize and analyze your decision.

    Outputs

    Cloud user licensing cost modeling

    Summary of total costs

    Validation of costs and transition choices

    An informed decision on your Dyn365 timing, licensing, and costs

    Migrate to Office 365 Now

    • Buy Link or Shortcode: {j2store}292|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $19,928 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • As Microsoft continues to push Office 365, the transition to Office 365 has likely already been decided, but uncertainty surrounds the starting point and the best path forward.
    • The lack of a clear migration process that considers all the relevant risks and opportunities creates significant ambiguity around an Office 365 migration.
    • As organizations migrate to Office 365, the change in Office’s licensing structure presents obscurity in spending that could cost the business tens of thousands of unnecessary dollars spent if not approached strategically.
    • The fear of overlooking risks regarding the cloud, data, and existing infrastructure threatens to place IT in a position of project paralysis.

    Our Advice

    Critical Insight

    • Many businesses are opting for a one-size-fits-all licensing strategy. Without selecting licensing to suit actual user needs, you will oversupply users and overspend on licensing.
    • Jumping into an Office 365 migration project without careful thought of the risks of a cloud migration will lead to project halt and interruption. Intentionally plan in order to expose risk to develop project foresight for a smooth migration.
    • A migration to Office 365 represents a significant change in the way users interact with Office. Be careful not to forget about the user as you take on the project. Engage the users consistently for a smooth transition.

    Impact and Result

    • Start by evaluating the business, users, and infrastructure requirements to ensure that all needs are clearly defined and the best fit-for-purpose migration plan can be decided on.
    • Assess the underlying risk associated with a migration to the cloud and build mitigation strategies to counter risk or impending issues and identify project interruptions before they happen.
    • Build a roadmap through a logical step-by-step process to outline major milestones and develop a communication plan to engage users throughout the migration. Demonstrate IT’s due diligence by relaying the project findings and results back to the business using Info-Tech’s Office 365 migration plan.

    Migrate to Office 365 Now Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should migrate to Office 365 now, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate requirements and licensing

    Evaluate the business, user, and infrastructure requirements to ensure that all needs are clearly defined and the best fit-for-purpose migration plan can be decided on.

    • Migrate to Office 365 Now – Phase 1: Evaluate Requirements and Licensing
    • Office 365 Migration Plan Report
    • Office 365 Migration Workbook

    2. Mitigate key risks of the cloud

    Expose key cloud risks across five major areas and build mitigation strategies to counter risk and gain foresight for migration.

    • Migrate to Office 365 Now – Phase 2: Mitigate Key Risks of the Cloud

    3. Build the roadmap

    Outline major milestones of migration and build the communication plan to transition users smoothly. Complete the Office 365 migration plan report to present to business stakeholders.

    • Migrate to Office 365 Now – Phase 3: Build the Roadmap
    • End-User Engagement Template
    [infographic]

    Workshop: Migrate to Office 365 Now

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Evaluate Office 365 License Needs

    The Purpose

    Review corporate and project goals.

    Review and prioritize relevant services and applications to shape the migration path.

    Review Office 365 license models.

    Profile end users to rightsize licensing.

    Estimate dollar impact of new licensing model.

    Key Benefits Achieved

    Corporate goals for Office 365.

    Prioritized migration path of applications.

    Decision on user licensing structure.

    Projected cost of licensing.

    Activities

    1.1 Outline corporate and project goals to paint the starting line.

    1.2 Review and prioritize services.

    1.3 Rightsize licensing.

    Outputs

    Clear goals and metrics for migration

    Prioritized list of applications

    Effective licensing structure

    2 Assess Value, Readiness, and Risks

    The Purpose

    Conduct value and readiness assessment of current on-premises services.

    Identify and evaluate risks and challenges.

    Assess IT’s readiness to own and manage Office 365.

    Key Benefits Achieved

    Completed value and readiness assessment.

    Current targets for service and deployment models.

    List of perceived risks according to five major risk areas.

    Assessed IT’s readiness to own and manage Office 365.

    Established go/caution/stop for elected Office 365 services.

    Activities

    2.1 Assess value and readiness.

    2.2 Identify key risks.

    2.3 Identify changes in IT skills and roles.

    Outputs

    Cloud service appropriateness assessment

    Completed risk register

    Reorganization of IT roles

    3 Mitigate Risks

    The Purpose

    Review Office 365 risks and discuss mitigation strategies.

    Key Benefits Achieved

    Completed risks and mitigation strategies report.

    Activities

    3.1 Build mitigation strategies.

    3.2 Identify key service requests.

    3.3 Build workflows.

    Outputs

    Defined roles and responsibilities

    Assigned decision rights

    List of staffing gaps

    4 Build the Roadmap

    The Purpose

    Build a timeline of major milestones.

    Plan and prioritize projects to bridge gaps.

    Build a communication plan.

    Review Office 365 strategy and roadmap.

    Key Benefits Achieved

    Milestone roadmap.

    Critical path of milestone actions.

    Communication plan.

    Executive report.

    Activities

    4.1 Outline major milestones.

    4.2 Finalize roadmap.

    4.3 Build and refine the communication plan.

    Outputs

    Roadmap plotted projects, decisions, mitigations, and user engagements

    Finalized roadmap across timeline

    Communication and training plan

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}563|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Organizations are unaware of the capabilities of web analytics tools and unsure how to leverage these new technologies to enhance their web experience.
    • Traditional solutions offer only information and data about the activity on the website. It is difficult for organizations to understand the customer motivations and behavioral patterns using the data.
    • In addition, there is an overwhelming number of vendors offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.

    Our Advice

    Critical Insight

    • Understanding organizational goals and business objectives is essential in effectively leveraging web analytics.
    • It is easy to get lost in a sea of expensive web analytical tools. Choosing tools that align with the business objectives will keep the costs of customer acquisition and retention to a minimum.
    • Beyond selection and implementation, leveraging web analytic tools requires commitment from the organization to continuously monitor key KPIs to ensure good customer web experience.

    Impact and Result

    • Understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help understand user behavior.
    • Discover top vendors in the market space and some of the top-level features they offer.
    • Understand how to use the metrics to gather critical insights about the website’s use and key initiatives for successful implementation.

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Research & Tools

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard – A deck outlining the importance of web analytic tools and how they can be leveraged to meet your business needs.

    This research offers insight into web analytic tools, key trends in the market space, and an introduction to advanced web analytics techniques. Follow our five-step initiative to successfully select and implement web analytics tools and identify which baseline metrics to measure and continuously monitor for best results.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard
    [infographic]

    Further reading

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    Web analytics tools are the gateway to understanding customer behavior.

    EXECUTIVE BRIEF

    Analyst Perspective

    In today’s world, users want to consume concise content and information quickly. Websites have a limited time to prove their usefulness to a new user. Content needs to be as few clicks away from the user as possible. Analyzing user behavior using advanced analytics techniques can help website designers better understand their audience.

    Organizations need to implement sophisticated analytics tools to track user data from their website. However, simply extracting data is not enough to understand the user motivation. A successful implementation of a web analytics tool will comprise both understanding what a customer does on the website and why the customer does what they do.

    This research will introduce some fundamental and advanced analytics tools and provide insight into some of the vendors in the market space.

    Photo of Sai Krishna Rajaramagopalan, Research Specialist, Applications − Enterprise Applications, Info-Tech Research Group. Sai Krishna Rajaramagopalan
    Research Specialist, Applications − Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Web analytics solutions have emerged as applications that provide extensive information and data about users visiting your webpage. However, many organizations are unaware of the capabilities of these tools and unsure how to leverage these new technologies to enhance user experience.
    Common Obstacles
    • Traditional solutions offer information and data about customers’ activity on the website but no insight into their motivations and behavioral patterns.
    • In addition, an overwhelming number of vendors are offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.
    Info-Tech’s Approach
    • This research is aimed to help you understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help you understand user behavior. Discover top vendors in the market space and some of the high-level features offered.
    • This research also explains techniques and metrics to gather critical insights about your website’s use and will aid in understanding users’ motivations and patterns and better predict their behavior on the website.

    Info-Tech Insight

    It is easy to get lost in a sea of expensive web analytics tools. Choose tools that align with your business objectives to keep the costs of customer acquisition and retention to a minimum.

    Ensure the success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    Web Analytics Introduction

    Understand traditional and advanced tools and their capabilities.

    Understanding web analytics

    • Web analytics is the branch of analytics that deals with the collection, reporting, and analysis of data generated by users visiting and interacting with a website.
    • The purpose of web analytics is to measure user behavior, optimize the website’s user experience and flow, and gain insights that help meet business objectives like increasing conversions and sales.
    • Web analytics allows you to see how your website is performing and how people are acting while on your website. What’s important is what you can do with this knowledge.
    • Data collected through web analytics may include traffic sources, referring sites, page views, paths taken, and conversion rates. The compiled data often forms a part of customer relationship management analytics to facilitate and streamline better business decisions.
    • Having strong web analytics is important in understanding customer behavior and fine-tuning marketing and product development approaches accordingly.
    Example of a web analytics dashboard.

    Why you should leverage web analytics

    Leveraging web analytics allows organizations to better understand their customers and achieve their business goals.

    The global web analytics market size is projected to reach US$5,156.3 million by 2026, from US$2,564 million in 2019, at a CAGR of 10.4% during 2021-2026. (Source: 360 Research Reports, 2021) Of the top 1 million websites with the highest traffic, there are over 3 million analytics technologies used. Google Analytics has the highest market share, with 50.3%. (Source: “Top 1 Million Sites,” BuiltWith, 2022)
    Of the 200 million active websites, 57.3% employ some form of web analytics tool. This trend is expected to grow as more sophisticated tools are readily available at a cheaper cost. (Source: “On the Entire Internet,” BuiltWith, 2022; Siteefy, 2022) A three-month study by Contentsquare showed a 6.9% increase in traffic, 11.8% increase in page views, 12.4% increase in transactions, and 3.6% increase in conversion rates through leveraging web analytics. (Source: Mordor Intelligence, 2022)

    Case Study

    Logo for Ryanair.
    INDUSTRY
    Aviation
    SOURCE
    AT Internet
    Web analytics

    Ryanair is a low-fare airline in Europe that receives nearly all of its bookings via its website. Unhappy with its current web analytics platform, which was difficult to understand and use, Ryanair was looking for a solution that could adapt to its requirements and provide continuous support and long-term collaboration.

    Ryanair chose AT Internet for its intuitive user interface that could effectively and easily manage all the online activity. AT was the ideal partner to work closely with the airline to strengthen strategic decision making over the long term, increase conversions in an increasingly competitive market, and increase transactions on the website.

    Results

    By using AT Internet Web Analytics to improve email campaigns and understand the behavior of website visitors, Ryanair was able to triple click-through rates, increase visitor traffic by 16%, and decrease bounce rate by 18%.

    Arrows denoting increases or decreases in certain metrics: '3x increase in click-through rates', '16% increase in visitor traffic', '18% decrease in bounce rate'.

    Use traditional web analytics tools to understand your consumer

    What does the customer do?
    • Traditional web analytics allows organizations to understand what is happening on their website and what customers are doing. These tools deliver hard data to measure the performance of a website. Some of the data measured through traditional web analytics are:
    • Visit count: The number of visits received by a webpage.
    • Bounce rate: The percentage of visitors that leave the website after only viewing the first page compared to total visitors.
    • Referrer: The previous website that sent the user traffic to a specific website.
    • CTA clicks: The number of times a user clicks on a call to action (CTA) button.
    • Conversion rate: Proportion of users that reach the final outcome of the website.
    Example of a traditional web analytics dashboard.

    Use advanced web analytics techniques to understand your consumer

    Why does the customer do what they do?
    • Traditional web analytic tools fail to explain the motivation of users. Advanced analytic techniques help organizations understand user behavior and measure user satisfaction. The techniques help answer questions like: Why did a user come to a webpage? Why did they leave? Did they find what they were looking for? Some of the advanced tools include:
    • Heatmapping: A visual representation of where the users click, scroll, and move on a webpage.
    • Recordings: A recording of the mouse movement and clicks for the entire duration of a user’s visit.
    • Feedback forms and surveys: Voice of the customer tools allowing users to give direct feedback about websites.
    • Funnel exploration: The ability to visualize the steps users take to complete tasks on your site or app.
    Example of an advanced web analytics dashboard.

    Apply industry-leading techniques to leverage web analytics

    Heatmapping
    • Heatmaps are used to visualize where users move their mouse, click, and scroll in a webpage.
    • Website heatmaps use a warm-to-cold color scheme to indicate user activity, with the warmest color indicating the highest visitor engagement and the coolest indicating the lowest visitor engagement.
    • Organizations can use this tool to evaluate the elements of the website that attract users and identify which sections require improvement to increase user engagement.
    • Website designers can make changes and compare the difference in user interaction to measure the effectiveness of the changes.
    • Scrollmaps help designers understand what the most popular scroll-depth of your webpage is – and that’s usually a prime spot for an important call to action.
    Example of a website with heatmapping overlaid.
    (Source: An example of a heatmap layered with a scrollmap from Crazy Egg, 2020)

    Apply industry-leading techniques to leverage web analytics

    Funneling

    • Funnels are graphical representations of a customer’s journey while navigating through the website.
    • Funnels help organizations identify which webpage users land on and where users drop off.
    • Organizations can capture every user step to find the unique challenges between entry and completion. Identifying what friction stands between browsing product grids and completing a transaction allows web designers to then eliminate it.
    • Designers can use A/B testing to experiment with different design philosophies to compare conversion statistics.
    • Funneling can be expanded to cross-channel analytics by incorporating referral data, cookies, and social media analytics.
    Example of a bar chart created through funneling.

    Apply industry-leading techniques to leverage web analytics

    Session recordings

    • Session recordings are playbacks of users’ interaction with the website on a single session. User interaction can vary between mouse clicks, keyboard input, and mouse scroll.
    • Recordings help organizations understand user motivation and help identify why users undertake certain tasks or actions on the webpage.
    • Playbacks can also be used to see if users are confused anywhere between the landing page and final transaction phase. This way, playbacks further help ensure visitors complete the funneling seamlessly.
    Example of a session recording featuring a line created by the mouse's journey.

    Apply industry-leading techniques to leverage web analytics

    Feedback and microsurveys

    • Feedback can be received directly from end users to help organizations improve the website.
    • Receiving feedback from users can be difficult, since not every user is willing to spend time to submit constructive and detailed feedback. Microsurveys are an excellent alternative.
    • Users can submit short feedback forms consisting of a single line or emojis or thumbs up or down.
    • Users can directly highlight sections of the page about which to submit feedback. This allows designers to quickly pinpoint areas for improvement. Additionally, web designers can play back recordings when feedback is submitted to get a clear idea about the challenges users face.
    Example of a website with a microsurvey in the corner.

    Market Overview

    Choose vendors and tools that best match your business needs.

    Top-level traditional features

    Feature Name

    Description

    Visitor Count Tracking Counts the number of visits received by a website or webpage.
    Geographic Analytics Uses location information to enable the organization to provide location-based services for various demographics.
    Conversion Tracking Measures the proportion of users that complete a certain task compared to total number of users.
    Device and Browser Analytics Captures and summarizes device and browser information.
    Bounce and Exit Tracking Calculates exit rate and bounce rate on a webpage.
    CTA Tracking Measures the number of times users click on a call to action (CTA) button.
    Audience Demographics Captures, analyzes, and displays customer demographic/firmographic data from different channels.
    Aggregate Traffic Reporting Works backward from a conversion or other key event to analyze the differences, trends, or patterns in the paths users took to get there.
    Social Media Analytics Captures information on social signals from popular services (Twitter, Facebook, LinkedIn, etc.).

    Top-level advanced features

    Feature Name

    Description

    HeatmappingShows where users have clicked on a page and how far they have scrolled down a page or displays the results of eye-tracking tests through the graphical representation of heatmaps.
    Funnel ExplorationVisualizes the steps users take to complete tasks on your site or app.
    A/B TestingEnables you to test the success of various website features.
    Customer Journey ModellingEffectively models and displays customer behaviors or journeys through multiple channels and touchpoints.
    Audience SegmentationCreates and analyzes discrete customer audience segments based on user-defined criteria or variables.
    Feedback and SurveysEnables users to give feedback and share their satisfaction and experience with website designers.
    Paid Search IntegrationIntegrates with popular search advertising services (i.e. AdWords) and can make predictive recommendations around areas like keywords.
    Search Engine OptimizationProvides targeted recommendations for improving and optimizing a page for organic search rankings (i.e. via A/B testing or multivariate testing).
    Session RecordingRecords playbacks of users scrolling, moving, u-turning, and rage clicking on your site.

    Evaluate software category leaders using SoftwareReviews’ vendor rankings and awards

    Logo for SoftwareReviews.
    Sample of SoftwareReviews' The Data Quadrant. The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Sample of SoftwareReviews' The Emotional Footprint. The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    Logo for SoftwareReviews.
    Fact-based reviews of business software from IT professionals. Top-tier data quality backed by a rigorous quality assurance process. CLICK HERE to ACCESS

    Comprehensive software reviews
    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Product and category reports with state-of-the-art data visualization. User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Top vendors in the web analytics space

    Logo for Google Analytics. Google Analytics provides comprehensive traditional analytics tools, free of charge, to understand the customer journey and improve marketing ROI. Twenty-four percent of all web analytical tools used on the internet are provided by Google analytics.
    Logo for Hotjar. Hotjar is a behavior analytics and product experience insights service that helps you empathize with and understand your users through their feedback via tools like heatmaps, session recordings, and surveys. Hotjar complements the data and insights you get from traditional web analytics tools like Google Analytics.
    Logo for Crazy Egg. Crazy Egg is a website analytics tool that helps you optimize your site to make it more user-friendly, more engaging, and more conversion-oriented. It does this through heatmaps and A/B testing, which allow you to see how people are interacting with your site.
    Logo for Amplitude Analytics. Amplitude Analytics provides intelligent insight into customer behavior. It offers basic functionalities like measuring conversion rate and engagement metrics and also provides more advanced tools like customer journey maps and predictive analytics capabilities through AI.

    Case Study

    Logo for Miller & Smith.
    INDUSTRY
    Real Estate
    SOURCE
    Crazy Egg

    Heatmaps and playback recordings

    Challenge

    Miller & Smith had just redesigned their website, but the organization wanted to make sure it was user-friendly as well as visually appealing. They needed an analytics platform that could provide information about where visitors were coming from and measure the effectiveness of the marketing campaigns.

    Solution

    Miller & Smith turned to Crazy Egg to obtain visual insights and track user behavior. They used heatmaps and playback recordings to see user activity within webpages and pinpoint any issues with user interface. In just a few weeks, Miller & Smith gained valuable data to work with: the session recordings helped them understand how users were navigating the site, and the heatmaps allowed them to see where users were clicking – and what they were skipping.

    Results

    Detailed reports generated by the solution allowed Miller & Smith team to convince key stakeholders and implement the changes easily. They were able to pinpoint what changes needed to be made and why these changes would improve their experience.

    Within few weeks, the bounce rate improved by 7.5% and goal conversion increased by 8.5% over a similar period the previous year.

    Operationalizing Web Analytics Tools

    Execute initiatives for successful implementation.

    Ensure success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    1.1 Understand your organization’s goals

    30 minutes

    Output: Organization’s goal list

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key organizational goals for both the short term and the long term.
    2. Arrange the goals in descending order of priority.

    Example table of goals ranked by priority and labeled short or long term.

    1.2 Align business objectives with organizational goals

    30 minutes

    Output: Business objectives

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key business objectives that help attain organization goals.
    2. Match each business objective with the corresponding organizational goals it helps achieve.
    3. Arrange the objectives in descending order of priority.

    Example table of business objectives ranked by priority and which organization goal they're linked to.

    Establish baseline metrics

    Baseline metrics will be improved through:

    1. Efficiently using website elements and CTA button placement
    2. Reducing friction between the landing page and end point
    3. Leveraging direct feedback from users to continuously improve customer experience

    1.3 Establish baseline metrics that you intend to improve via your web analytics tools

    30 minutes

    Example table with metrics, each with a current state and goal state.

    Accelerate your software selection project

    Vendor selection projects often demand extensive and unnecessary documentation.

    Software Selection Insight

    Balance the effort-to-information ratio required for a business impact assessment to keep stakeholders engaged. Use documentation that captures the key data points and critical requirements without taking days to complete. Stakeholders are more receptive to formal selection processes that are friction free.

    The Software Selection Workbook

    Work through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering.

    Sample of the Software Selection Workbook deliverable.

    The Vendor Evaluation Workbook

    Consolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists.

    Sample of the Vendor Evaluation Workbook deliverable.

    The Guide to Software Selection: A Business Stakeholder Manual

    Quickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders.

    Sample of the Guide to Software Selection: A Business Stakeholder Manual deliverable.

    Revisit the metrics you identified and revise your goals

    Track the post-deployment results, compare the metrics, and set new targets for the next fiscal year.

    Example table of 'Baseline Website Performance Metrics' with the column 'Revised Target' highlighted.

    Related Info-Tech Research

    Stock image of two people going over a contract. Modernize Your Corporate Website to Drive Business Value

    Drive higher user satisfaction and value through UX-driven websites.

    Stock image of a person using the cloud on their smartphone. Select and Implement a Web Experience Management Solution

    Your website is your company’s face to the world: select a best-of-breed platform to ensure you make a rock-star impression with your prospects and customers!

    Stock image of people studying analytics. Create an Effective Web Redesign Strategy

    Ninety percent of web redesign projects, executed without an effective strategy, fail to accomplish their goals.

    Bibliography

    "11 Essential Website Data Factors and What They Mean." CivicPlus, n.d. Accessed 26 July 2022.

    “Analytics Usage Distribution in the Top 1 Million Sites.” BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    "Analytics Usage Distribution on the Entire Internet." BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    Bell, Erica. “How Miller and Smith Used Crazy Egg to Create an Actionable Plan to Improve Website Usability.” Crazy Egg, n.d. Accessed 26 July 2022.

    Brannon, Jordan. "User Behavior Analytics | Enhance The Customer Journey." Coalition Technologies, 8 Nov 2021. Accessed 26 July 2022.

    Cardona, Mercedes. "7 Consumer Trends That Will Define The Digital Economy In 2021." Adobe Blog, 7 Dec 2020. Accessed 26 July 2022.

    “The Finer Points.“ Analytics Features. Google Marketing Platform, 2022. Accessed 26 July 2022.

    Fitzgerald, Anna. "A Beginner’s Guide to Web Analytics." HubSpot, 21 Sept 2022. Accessed 26 July 2022.

    "Form Abandonment: How to Avoid It and Increase Your Conversion Rates." Fullstory Blog, 7 April 2022. Accessed 26 July 2022.

    Fries, Dan. "Plug Sales Funnel Gaps by Identifying and Tracking Micro-Conversions." Clicky Blog, 9 Dec 2019. Accessed 7 July 2022.

    "Funnel Metrics in Saas: What to Track and How to Improve Them?" Userpilot Blog, 23 May 2022. Accessed 26 July 2022.

    Garg, Neha. "Digital Experimentation: 3 Key Steps to Building a Culture of Testing." Contentsquare, 21 June 2021. Accessed 26 July 2022.

    “Global Web Analytics Market Size, Status and Forecast 2021-2027.” 360 Research Reports, 25 Jan. 2021. Web.

    Hamilton, Stephanie. "5 Components of Successful Web Analytics." The Daily Egg, 2011. Accessed 26 July 2022.

    "Hammond, Patrick. "Step-by-Step Guide to Cohort Analysis & Reducing Churn Rate." Amplitude, 15 July 2022. Accessed 26 July 2022.

    Hawes, Carry. "What Is Session Replay? Discover User Pain Points With Session Recordings." Dynatrace, 20 Dec 2021. Accessed 26 July 2022.

    Huss, Nick. “How Many Websites Are There in the World?” Siteefy, 8 Oct. 2022. Web.

    Nelson, Hunter. "Establish Web Analytics and Conversion Tracking Foundations Using the Google Marketing Platform.” Tortoise & Hare Software, 29 Oct 2022. Accessed 26 July 2022.

    "Product Analytics Vs Product Experience Insights: What’s the Difference?" Hotjar, 14 Sept 2021. Accessed 26 July 2022.

    “Record and watch everything your visitors do." Inspectlet, n.d. Accessed 26 July 2022.

    “Ryanair: Using Web Analytics to Manage the Site’s Performance More Effectively and Improve Profitability." AT Internet, 1 April 2020. Accessed 26 July 2022.

    Sibor, Vojtech. "Introducing Cross-Platform Analytics.” Smartlook Blog, 5 Nov 2022. Accessed 26 July 2022.

    "Visualize Visitor Journeys Through Funnels.” VWO, n.d. Accessed 26 July 2022.

    "Web Analytics Market Share – Growth, Trends, COVID-19 Impact, and Forecasts (2022-2027)." Mordor Intelligence, 2022. Accessed 26 July 2022.

    “What is the Best Heatmap Tool for Real Results?” Crazy Egg, 27 April 2020. Web.

    "What Is Visitor Behavior Analysis?" VWO, 2022. Accessed 26 July 2022.

    Zheng, Jack G., and Svetlana Peltsverger. “Web Analytics Overview.” IGI Global, 2015. Accessed 26 July 2022.

    Optimize the Mentoring Program to Build a High-Performing Learning Organization

    • Buy Link or Shortcode: {j2store}596|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Employee Development
    • Parent Category Link: /train-and-develop
    • Many organizations have introduced mentoring programs without clearly defining and communicating the purpose and goals around having a program; they simply jumped on the mentoring bandwagon.
    • As a result, these programs have little impact. They don’t add value for mentors, mentees, or the organization.
    • It can be difficult to design a program that is well-suited to your organization, will be adopted by employees, and will drive the results you are looking for.
    • In particular, it is difficult to successfully match mentors and mentees so both derive maximum value from the endeavor.

    Our Advice

    Critical Insight

    • As workforce composition shifts, there is a need for mentoring programs to move beyond the traditional senior–junior format option; organizational culture and goals will dictate the best approach.
    • An organization’s mentoring program doesn’t need to be restricted to one format; individual preferences and goals should also factor in. Be open to choosing format on a case-by-case basis.
    • Be sure to gain upper management buy-in and support early to ensure mentoring becomes a valued part of your organization.
    • Ensure that goal setting, communication, ongoing support for participants, and evaluation all play a role in your mentoring program.

    Impact and Result

    • Mentoring can have a significant positive impact on mentor, mentee, and organization.
    • Mentees gain guidance and advice on their career path and skill development. Mentors often experience re-engagement with their job and the satisfaction of helping another person.
    • Mentoring participants benefit from obtaining different perspectives of both the business and work-related problems. Participation in a mentoring program has been linked to greater access to promotions, pay raises, and increased job satisfaction.
    • Mentoring can have a number of positive outcomes for the organization, including breaking down silos, transferring institutional knowledge, accelerating leadership skills, fostering open communication and dialogue, and resolving conflict.

    Optimize the Mentoring Program to Build a High-Performing Learning Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align the mentoring program with the organizational culture and goals

    Build a best-fit program that creates a learning culture.

    • Storyboard: Optimize the Mentoring Program to Build a High Performing Learning Organization

    2. Assess the organizational culture and current mentoring program

    Align mentoring practices with culture to improve the appropriateness and effectiveness of the program.

    • Mentoring Program Diagnostic

    3. Align mentoring practices with culture to improve the appropriateness and effectiveness of the program.

    Track project progress and have all program details defined in a central location.

    • Mentoring Project Plan Template
    • Peer Mentoring Guidelines
    • Mentoring Program Guidelines

    4. Gather feedback from the mentoring program participants

    Evaluate the success of the program.

    • Mentoring Project Feedback Surveys Template

    5. Get mentoring agreements in place

    Improve your mentoring capabilities.

    • Mentee Preparation Checklist
    • Mentoring Agreement Template
    [infographic]

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    • Buy Link or Shortcode: {j2store}367|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,465 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Processes pertaining to managing the application are inconsistent and do not drive excellence.
    • There is a lack of interdepartmental collaboration between different teams pertaining to the application.
    • There are no formalized roles and responsibilities for governance and support around enterprise applications.

    Our Advice

    Critical Insight

    • Scale the Center of Excellence (CoE) based on business needs. There is flexibility in how extensively the CoE methodology is applied and rigidity in how consistently it should be used.
    • The CoE is a refinery. It takes raw inputs from the business and produces an enhanced product, removing waste and isolating it from re-entering day-to-day operations.
    • Excellence is about people as much as it is about process. Documented best practices should include competencies, key resources, and identified champions to advocate the CoE practice.

    Impact and Result

    • Formalize roles and responsibilities for all application initiatives.
    • Develop a standard process of governance and oversight surrounding the application.
    • Develop a comprehensive support network that consists of IT, the business, and external stakeholders to address issues and problem areas surrounding the application.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a Center of Excellence for your enterprise application, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a vision for the CoE

    Understand the importance of developing an enterprise application CoE, define its scope, and identify key stakeholders.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 1: Create a Vision for the Center of Excellence
    • Enterprise Application Center of Excellence Project Charter

    2. Design the CoE future state

    Gather high-level requirements to determine the ideal future state.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 2: Design the Center of Excellence Future State
    • Center of Excellence Refinery Model Template

    3. Develop a CoE roadmap

    Assess the required capabilities to reach the ideal state CoE.

    • Maximize the Benefits from Enterprise Applications with a Center of Excellence – Phase 3: Develop a Center of Excellence Roadmap
    • Center of Excellence Exceptions Report
    • Track and Measure Benefits Tool
    • Enterprise Application Center of Excellence Stakeholder Presentation Template
    [infographic]

    Workshop: Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Vision for the CoE

    The Purpose

    Understand the importance of developing a CoE for enterprise applications.

    Determine how to best align the CoE mandate with business objectives.

    Complete a CoE project charter to gain buy-in, build a project team, and track project success. 

    Key Benefits Achieved

    Key stakeholders identified.

    Project team created with defined roles and responsibilities.

    Project charter finalized to gain buy-in.

    Activities

    1.1 Evaluate business needs and priorities.

    1.2 Identify key stakeholders and the project team.

    1.3 Align CoE with business priorities.

    1.4 Map current state CoE.

    Outputs

    Project vision

    Defined roles and responsibilities

    Strategic alignment of CoE and the business

    CoE current state schematic

    2 Design the CoE Future State

    The Purpose

    Gain a thorough understanding of pains related to the lack of application governance.

    Identify and recycle existing CoE practices.

    Visualize the CoE enhancement process.

    Visualize your ideal state CoE. 

    Key Benefits Achieved

    Requirements to strengthen the case for the enterprise application CoE.

    CoE value-add refinery.

    Future potential of the CoE.

    Activities

    2.1 Gather requirements.

    2.2 Map the CoE enhancement process.

    2.3 Sketch future state CoE.

    Outputs

    Classified pains, opportunities, and existing practices

    CoE refinery model

    Future state CoE sketch

    3 Develop a CoE Roadmap

    The Purpose

    Assess required capabilities and resourcing.

    List and prioritize CoE initiatives.

    Track and monitor CoE performance. 

    Key Benefits Achieved

    Next steps for the enterprise application CoE.

    CoE resourcing plan.

    CoE benefits realization tracking.

    Activities

    3.1 Build CoE capabilities.

    3.2 Identify risks and mitigation efforts.

    3.3 Prioritize and track CoE initiatives.

    3.4 Finalize stakeholder presentation.

    Outputs

    CoE potential capabilities

    Risk management plan

    CoE initiatives roadmap

    CoE stakeholder presentation

    Evaluate Your Vendor Account Team to Optimize Vendor Relations

    • Buy Link or Shortcode: {j2store}222|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Understand how important your account is to the vendor and how it is classified.
    • Understand how informed the account team is about your company and your industry.
    • Understand how long the team has been with the vendor. Have they been around long enough to have developed a “brand” or trust within their organization?
    • Understand and manage the relationships and influence the account team has within your organization to maintain control of the relationship.

    Our Advice

    Critical Insight

    Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.

    Impact and Result

    Understanding your vendor team’s background, experience, and strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.

    Evaluate Your Vendor Account Team to Optimize Vendor Relations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate Your Vendor Account Team to Optimize Vendor Relations Deck – Understand the value of knowing your account team’s influence in their organization, and yours, to drive results.

    Learn how to best qualify that you have the right team for your business needs, using the accompanying tools to measure and monitor success throughout the relationship.

    • Evaluate Your Vendor Account Team to Optimize Vendor Relations Storyboard

    2. Vendor Rules of Engagement Template – Use this template to create a vendor rules of engagement document for inclusion in your company website, RFPs, and contracts.

    The Vendor Rules of Engagement template will help you develop your written expectations for the vendor for how they will interact with your business and stakeholders.

    • Vendor Rules of Engagement

    3. Evalu-Rate Your Account Team – Use this tool to develop criteria to evaluate your account team and gain feedback from your stakeholders.

    Evaluate your vendor account teams using this template to gather stakeholder feedback on vendor performance.

    • Evalu-Rate Your Account Team
    [infographic]

    Further reading

    Evaluate Your Vendor Account Team to Optimize Vendor Relations

    Understand the value of knowing your account team’s influence in their organization, and yours, to drive results.

    Analyst Perspective

    Having the wrong account team has consequences for your business.

    IT professionals interact with vendor account teams on a regular basis. You may not give it much thought, but do you have a good understanding of your rep’s ability to support/service your account, in the manner you expect, for the best possible outcome? The consequences to your business of an inappropriately assigned and poorly trained account team can have a disastrous impact on your relationship with the vendor, your business, and your budget. Doing the appropriate due diligence with your account team is as important as the due diligence you should put into the vendor. And, of course, ongoing management of the account team relationship is vital. Here we will share how best to qualify that you have the right team for your business needs as well as how to measure and monitor success throughout the relationship.

    Photo of Donna Glidden, Research Director, Vendor Management, Info-Tech Research Group.

    Donna Glidden
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Understand how important your account is to the vendor and how it is classified.
    • Understand how informed the account team is about your company and your industry.
    • Understand how long the team has been with the vendor. Have they been around long enough to have developed a “brand” or trust within their organization?
    • Understand and manage the relationships and influence the account team has within your organization to maintain control of the relationship.
    Common Obstacles
    • The vendor account team “came with the deal.”
    • The vendor account team has limited training and experience.
    • The vendor account team has close relationships within your organization outside of Procurement.
    • Managing your organization’s vendors is ad hoc and there is no formalized process for vendors to follow.
    • Your market position with the vendor is not optimal.
    Info-Tech’s Approach
    • Establish a repeatable, consistent vendor management process that focuses on the account team to maintain control of the relationship and drive the results you need.
    • Create a questionnaire for gaining stakeholder feedback to evaluate the account team on a regular basis.
    • Consider adding a vendor rules of engagement exhibit to your contracts and RFXs.

    Info-Tech Insight

    Understanding your vendor team’s background, their experience, and their strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.

    Blueprint benefits

    IT Benefits

    • Clear lines of communication
    • Correct focus on the specific needs of IT
    • More accurate project scoping
    • Less time wasted

    Mutual IT and
    Business Benefits

    • Reduced time to implement
    • Improved alignment between IT & business
    • Improved vendor performance
    • Improved vendor relations

    Business Benefits

    • Clear relationship guidelines based on mutual understanding
    • Improved communications between the parties
    • Mutual understanding of roles/goals
    • Measurable relationship criteria

    Insight Summary

    Overarching insight

    Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.

    Introductory/RFP phase
    • Track vendor contacts with your organization.
    • Qualify the account team as you would the vendor:
      • Background
      • Client experience
    • Consider including vendor rules of engagement as part of your RFP process.
    • How does the vendor team classify your potential account?
    Contract phase
    • Set expectations with the account team for the ongoing relationship.
    • Include a vendor rules of engagement exhibit in the contract.
    • Depending on your classification of the vendor, establish appropriate account team deliverables, meetings, etc.
    Vendor management phase
    • “Evalu-rate” your account team by using a stakeholder questionnaire to gain measurable feedback.
    • Identify the desired improvements in communications and service delivery.
    • Use positive reinforcements that result in positive behavior.
    Tactical insight

    Don’t forget to look at your organization’s role in how well the account team is able to perform to your expectations.

    Tactical insight

    Measure to manage – what are the predetermined criteria that you will measure the account team’s success against?

    Lack of adequate sales training and experience can have a negative impact on the reps’ ability to support your needs adequately

    • According to Forbes (2012), 55% of salespeople lack basic sales skills.
    • 58% of buyers report that sales reps are unable to answer their questions effectively.
    • According to a recent survey, 84% of all sales training is lost after 90 days. This is due to the lack of information retention among sales personnel.
    • 82% of B2B decision-makers think sales reps are unprepared.
    • At least 50% of prospects are not a good fit for the product or service that vendors are selling (Sales Insights Lab).
    • It takes ten months or more for a new sales rep to be fully productive.

    (Source: Spotio)

    Info-Tech Insight

    Remember to examine the inadequacies of vendor training as part of the root cause of why the account team may lack substance.

    Why it matters

    1.8 years

    is the average tenure for top ten tech companies

    2.6 years is the average experience required to hire.

    2.4 years is the average account executive tenure.

    44% of reps plan to leave their job within two years.

    The higher the average contract value, the longer the tenure.

    More-experienced account reps tend to stay longer.

    (Source: Xactly, 2021)
    Image of two lightbulbs labeled 'skill training' with multiple other buzzwords on the glass.

    Info-Tech Insight

    You are always going to be engaged in training your rep, so be prepared.

    Before you get started…

    • Take an inward look at how your company engages with vendors overall:
      • Do you have a standard protocol for how initial vendor inquiries are handled (emails, phone calls, meeting invitations)?
      • Do you have a standard protocol for introductory vendor meetings?
      • Are vendors provided the appropriate level of access to stakeholders/management?
      • Are you prompt in your communications with vendors?
      • What is the quality of the data provided to vendors? Do they need to reach out repeatedly for more/better data?
      • How well are you able to forecast your needs?
      • Is your Accounts Payable team responsive to vendor inquiries?
      • Are Procurement and stakeholders on the same page regarding the handling of vendors?
    • While you may not have a formal vendor management initiative in place, try to understand how important each of your vendors are to your organization, especially before you issue an RFP, so you can set the right expectations with potential vendor teams.
    • Classify vendors as strategic, operational, tactical, or commodity.
      • This will help you focus your time appropriately and establish the right meeting cadence according to the vendor’s place in your business.
      • See Info-Tech’s research on vendor classification.
    When you formalize your expectations regarding vendor contact with your organization and create structure around it, vendors will take notice.

    Consider a standard intake process for fielding vendor inquiries and responding to requests for meetings to save yourself the headaches that come with trying to keep up with them.

    Stakeholder teams, IT, and Procurement need to be on the same page in this regard to avoid missteps in the important introductory phase of dealing with vendors and the resulting confusion on the part of vendor account teams when they get mixed messages and feel “passed around.”

    1. Introductory Phase

    If vendors know you have no process to track their activities, they’ll call who they want when they want, and the likelihood of them having more information about your business than you about theirs is significant.

    Vendor contacts are made in several ways:

    • Cold calls
    • Emails
    • Website
    • Conferences
    • Social introductions

    Things to consider:

    • Consider having a link on your company website to your Sourcing & Procurement team, including:
      • An email address for vendor inquiries.
      • Instructions to vendors on how to engage with you and what information they should provide.
      • A link to your Vendor Rules of Engagement.
    • Track vendor inquiries so you have a list of potential respondents to future RFPs.
    • Work with stakeholders and gain their buy-in on how vendor inquiries are to be routed and handled internally.
    Not every vendor contact will result in an “engagement” such as invitation to an RFP or a contract for business. As such, we recommend that you set up an intake process to track/manage supplier inquiries so that when you are ready to engage, the vendor teams will be set up to work according to your expectations.

    2. RFP/Contract Phase

    What are your ongoing expectations for the account team?
    • Understand how your business will be qualified by the vendor. Where you fit in the market space regarding spend, industry, size of your business, etc., determines what account team(s) you will have access to.
    • Add account team–specific questions to your RFP(s) to gain an understanding of their capabilities and experience up front.
    • How have you classified the vendor/solution? Strategic, tactical, operational, or commodity?
      • Depending on the classification/criticality (See Info-Tech’s Vendor Classification Tool) of the vendor, set the appropriate expectation for vendor review meetings, e.g. weekly, monthly, quarterly, annually.
      • Set the expectation that their support of your account will be regularly measured/monitored by your organization.
      • Consider including a set of vendor rules of engagement in your RFPs and contracts so vendors will know up front what your expectations are for how to engage with Procurement and stakeholders.
    Stock image of smiling coworkers.

    3. Ongoing Vendor Management

    Even if you don’t have a vendor management initiative in place, consider these steps to manage both new and legacy vendor relationships:
    • Don’t wait until there is an issue to engage the account team. Develop an open, honest relationship with vendors and get to know their key players.
    • Seek regular feedback from stakeholders on both parties’ performance against the agreement, based on agreed-upon criteria.
    • Measure vendor performance using the Evalu-Rate Your Account Team tool included with this research.
    • Based on vendor criticality, set a regular cadence of vendor meetings to discuss stakeholder feedback, both positive feedback as well as areas needing improvement and next steps, if applicable.
    Stock image of smiling coworkers.

    Info-Tech Insight

    What your account team doesn’t say is equally important as what they do say. For example, an account rep with high influence says, “I can get that for you” vs. “I'll get back to you.” Pay attention to the level of detail in their responses to you – it references how well they are networked within their own organization.

    How effective is your rep?

    The Poser
    • Talks so much they forget to listen
    • Needs to rely on the “experts”
    • Considers everyone a prospect
    Icons relating to the surrounding rep categories. Ideal Team Player
    • Practices active listening
    • Understands the product they are selling
    • Asks great questions
    • Is truthful
    • Approaches sales as a service to others
    The Bulldozer
    • Unable to ask the right questions
    • If push comes to shove, they keep pushing until you push back
    • Has a sense of entitlement
    • Lacks genuine social empathy
    Skillful Politician
    • Focuses on the product instead of people
    • Goes by gut feel
    • Fears rejection and can’t roll with the punches

    Characteristics of account reps

    Effective
    • Is truthful
    • Asks great questions
    • Practices active listening
    • Is likeable and trustworthy
    • Exhibits emotional intelligence
    • Is relatable and knowledgeable
    • Has excellent interpersonal skills
    • Has a commitment to personal growth
    • Approaches sales as a service to others
    • Understands the product they are selling
    • Builds authentic connections with clients
    • Is optimistic and has energy, drive, and confidence
    • Makes an emotional connection to whatever they are selling
    • Has the ability to put themselves in the position of the client
    • Builds trust by asking the right questions; listens and provides appropriate solutions without overpromising and underdelivering
    Ineffective
    • Goes by gut feel
    • Has a sense of entitlement
    • Lacks genuine social empathy.
    • Considers everyone a prospect
    • Is unable to ask the right questions.
    • Is not really into sales – it’s “just a job”
    • Focuses on the product instead of people
    • Loves to talk so much they forget to listen
    • Fears rejection and can’t roll with the punches
    • If push comes to shove, they keep pushing until you push back
    • Is clueless about their product and needs to rely on the “experts”

    How to support an effective rep

    • Consider being a reference account.
    • Say thank you as a simple way to boost morale and encourage continued positive behavior.
    • If you can, provide opportunities to increase business with the vendor – that is the ultimate thanks.
    • Continue to support open, honest communication between the vendor and your team.
    • Letters or emails of recognition to the vendor team’s management have the potential to boost the rep’s image within their own organization and shine a spotlight on your organization as a good customer.
    • Supplier awards for exemplary service and support may be awarded as part of a more formal vendor management initiative.
    • Refer to the characteristics of an effective rep – which ones best represent your account team?
    A little recognition goes a long way in reinforcing a positive vendor relationship.

    Info-Tech Insight

    Don’t forget to put the relationship in vendor relationship management – give a simple “Thank you for your support” to the account team from executive management.

    How to support an ineffective rep

    An ineffective rep can take your time and attention away from more important activities.
    • Understand what role, if any, you and/or your stakeholders may play in the rep’s lack of performance by determining the root cause:
      • Unrealistic expectations
      • Unclear and incomplete instructions
      • Lack of follow through by your stakeholders to provide necessary information
      • Disconnects between Sourcing/Procurement/IT that lead to poor communication with the vendor team (lack of vendor management)
    • Schedule more frequent meetings with the team to address the issues and measure progress.
    • Be open to listening to your rep(s) and ask them what they need from you in order to be effective in supporting your account.
    • Be sure to document in writing each instance where the rep has underperformed and include the vendor team’s leadership on all communications and meetings.
    • Refer to the characteristics of an ineffective rep – which ones best describe your ineffective vendor rep?
    “Addressing poor performance is an important aspect of supplier management, but prevention is even more so.” (Logistics Bureau)

    Introductory questions to ask vendor reps

    • What is the vendor team’s background, particularly in the industry they are representing? How did they get to where they are?
      • Have they been around long enough to have developed credibility throughout their organization?
      • Do they have client references they are willing to share?
    • How long have they been in this position with the vendor?
      • Remember, the average rep has less than 24 months of experience.
      • If they lack depth of experience, are they trainable?
    • How long have they been in the industry?
      • Longevity and experience matters.
    • What is their best customer experience?
      • What are they most proud of from an account rep perspective?
    • What is their most challenging customer experience?
      • What is their biggest weakness?
    • How are their relationships with their delivery and support teams?
      • Can they get the job done for you by effectively working their internal relationships?
    • What are their goals with this account?
      • Besides selling a lot.
    • What relationships do they have within your organization?
      • Are they better situated within your organization than you are?
    Qualify the account team as you would the vendor – get to know their background and history.

    Vendor rules of engagement

    Articulate your vendor expectations in writing

    Clearly document your expectations via formal rules of engagement for vendor teams in order to outline how they are expected to interact with your business and stakeholders. This can have a positive impact on your vendor and stakeholder relationships and enable you to gain control of:

    • Onsite visits and meetings.
    • Submission of proposals, quotes, contracts.
    • Communication between vendors, stakeholders and Procurement.
    • Expectations for ongoing relationship management.

    Include the rules in your RFXs and contracts to formalize your expectations.

    See the Vendor Rules of Engagement template included with this research.

    Download the Vendor Rules of Engagement template

    Sample of the Vendor Rules of Engagement template.

    Evalu-rate your vendor account team

    Measure stakeholder feedback to ensure your account team is on target to meet your needs. Sample of the Evalu-Rate Your Account Team tool.

    Download the Evalu-Rate Your Account Team tool

    • Use a measurable, repeatable process for evaluations.
    • Include feedback from key stakeholders engaged in the relationship.
    • Keep the feedback fact based and have backup.

    Final thoughts: Do’s and don’ts

    DO

    • Be friendly, approachable.
    • Manage the process by which vendors contact your organization – take control!
    • Understand your market position when sourcing goods/services to establish how much leverage you have with vendors.
    • Set vendor meetings according to their criticality to your business.
    • Evaluate your account teams to understand their strengths/weaknesses.
    • Gain stakeholder buy-in to your vendor processes.

    DON'T

    • Don’t be “friends.”
    • Don’t criticize in public.
    • Don’t needlessly escalate.
    • Don’t let the process of vendors communicating with your stakeholders “just happen.”
    • Don’t accept poor performance or attitude.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, Guided Implementation, or workshop, your team should have a comprehensive, well-defined, end-to-end approach to evaluating and managing your account team. Leveraging Info-Tech’s industry-proven tools and templates provides your organization with an effective approach to establishing, maintaining, and evaluating your vendor account team; improving your vendor and stakeholder communications; and maintaining control of the client/vendor relationship.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your vendor account team evaluation process.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Bibliography

    “14 Essential Qualities of a Good Salesperson.” Forbes, 5 Oct. 2021. Accessed 11 March 2022.

    “149 Eye-Opening Sales Stats to Consider.” Spotio, 30 Oct. 2018. Accessed 11 March 2022.

    “35 Sales Representative Interview Questions and Answers.” Indeed, 29 Oct. 2021. Accessed 8 March 2022.

    “8 Intelligent Questions for Evaluating Your Sales Reps Performance” Inc., 16 Aug. 2016. Accessed 9 March 2022.

    Altschuler, Max. “Reality Check: You’re Probably A Bad Salesperson If You Possess Any Of These 11 Qualities.” Sales Hacker, 9 Jan. 2018. Accessed 4 May 2022.

    Bertuzzi, Matt. “Account Executive Data Points in the SaaS Marketplace.” Treeline, April 12, 2017. Accessed 9 March 2022. “Appreciation Letter to Vendor – Example, Sample & Writing Tips.” Letters.org, 10 Jan. 2020. Web.

    D’Entremont, Lauren. “Are Your Sales Reps Sabotaging Your Customer Success Without Realizing It?” Proposify, 4 Dec. 2018. Accessed 7 March 2022.

    Freedman, Max. “14 Important Traits of Successful Salespeople.” Business News Daily, 14 April 2022. Accessed 10 April 2022.

    Hansen, Drew. “6 Tips For Hiring Your Next Sales All-Star.” Forbes, 16 Oct. 2012. Web.

    Hulland, Ryan. “Getting Along with Your Vendors.” MonMan, 12 March 2014. Accessed 9 March 2022.

    Lawrence, Jess. “Talking to Vendors: 10 quick tips for getting it right.” Turbine, 30 Oct. 2018. Accessed 11 March 2022.

    Lucero, Karrie. “Sales Turnover Statistics You Need To Know.” Xactly, 24 Aug. 2021. Accessed 9 March 2022.

    Noyes, Jesse. “4 Qualities to Look For in Your Supplier Sales Representative.” QSR, Nov. 2017. Accessed 9 March 2022.

    O’Byrne, Rob. “How To Address Chronic Poor Supplier Performance.” Logistics Bureau, 26 July 2016. Accessed 4 May 2022.

    O'Brien, Jonathan. Supplier Relationship Management: Unlocking the Hidden Value in Your Supply Base. Kogan Page, 2014.

    Short, Alex. “Three Things You Should Consider to Become A Customer of Choice.” Vizibl, 29 Oct. 2021. Web.

    Wayshak, Marc. “18 New Sales Statistics for 2022 from Our Groundbreaking Study!” Sales Insights Lab, 28 March 2022. Web.

    “What Does a Good Customer Experience Look Like In Technology?” Virtual Systems, 23 June 2021. Accessed 10 March 2022.

    Adapt Your Onboarding Process to a Virtual Environment

    • Buy Link or Shortcode: {j2store}577|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • For many, the WFH arrangement will be temporary, however, the uncertainty around the length of the pandemic makes it hard for organizations to plan long term.
    • As onboarding plans traditionally carry a six- to twelve-month outlook, the uncertainty around how long employees will be working remotely makes it challenging to determine how much of the current onboarding program needs to change. In addition, introducing new technologies to a remote workforce and planning training on how to access and effectively use these technologies is difficult.

    Our Advice

    Critical Insight

    • The COVID-19 pandemic has led to a virtual environment many organizations were not prepared for.
    • Focusing on critical parts of the onboarding process and leveraging current technology allows organizations to quickly adapt to the uncertainty and constant change.

    Impact and Result

    • Organizations need to assess their existing onboarding process and identify the parts that are critical.
    • Using the technology currently available, organizations must adapt onboarding to a virtual environment.
    • Develop a plan to re-assess and update the onboarding program according to the duration of the situation.

    Adapt Your Onboarding Process to a Virtual Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess current onboarding processes

    Map the current onboarding process and identify the challenges to a virtual approach.

    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Virtual Onboarding Workbook
    • Process Mapping Guide

    2. Modify onboarding activities

    Determine how existing onboarding activities can be modified for a virtual environment.

    • Virtual Onboarding Ideas Catalog
    • Performance Management for Emergency Work-From-Home

    3. Launch the virtual onboarding process and plan to re-assess

    Finalize the virtual onboarding process and create an action plan. Continue to re-assess and iterate over time.

    • Virtual Onboarding Guide for HR
    • Virtual Onboarding Guide for Managers
    • HR Action and Communication Plan
    • Virtual Onboarding Schedule
    [infographic]

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    • Buy Link or Shortcode: {j2store}472|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
    • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
    • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

    Our Advice

    Critical Insight

    Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

    Impact and Result

    • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
    • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

    What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

    • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
    [infographic]

    Further reading

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    Don't revolve around a legacy design; choose a network design that evolves with the organization.

    Analyst Perspective

    Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

    Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

    An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

    Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

    This is a picture of Nitin Mukesh

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

    The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

    A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

    Common Obstacles

    The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

    Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

    Info-Tech's Approach

    Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

    Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Insight Summary

    Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

    Your challenge

    Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

    Finding the right cloud networking infrastructure for:

    • Management efficiencies
    • Network-level isolation of resources
    • Access to shared services

    Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

    Mesh network topology

    A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

    In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

    While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

    Mesh Network on AWS

    This is an image of a Mesh Network on AWS

    Source: AWS, 2018

    Constraints

    The disadvantages of peering VPCs into a mesh quickly arise with:

    • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
    • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
    • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
    • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
    Number of virtual networks 10 20 50 100
    Peering links required
    [(n-1)*n]/2
    45 190 1225 4950

    Proportional relationship of virtual networks to required peering links in a mesh topology

    Case study

    INDUSTRY: Blockchain
    SOURCE: Microsoft

    An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

    The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

    This is an image of the connections involved in a mesh network with four participants.

    Source: Microsoft, 2017

    Hub and spoke network topology

    In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

    Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

    A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

    Hub and Spoke Network on AWS

    This is an image of the Hub and Spoke Network on AWS

    What hub and spoke networks do better

    1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
    2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
    3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
    4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
    5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
    6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

    Hub and spoke constraints

    While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

    Point-to-point peering

    The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

    Global access speeds with a monolithic design

    With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

    Costs for a resilient design

    Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

    Leverage the hub and spoke strategy for:

    Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

    Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

    Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

    Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

    Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

    Hub and spoke – mesh hybrid

    The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

    However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

    Where it can be useful:

    An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

    An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

    Hub and spoke – mesh hybrid network on AWS

    This is an image of the Hub and spoke – mesh hybrid network on AWS

    Why mesh can still be useful

    Benefits Of Mesh

    Use Cases For Mesh

    Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

    Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

    Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

    Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

    Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

    Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

    Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

    Designing for governance vs. flexibility in hub and spoke

    Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

    The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

    This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

    The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

    Designing for governance vs. flexibility in hub and spoke

    If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

    • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
    • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
    • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
    • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
    • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

    Optimal placement of services between the hub and spoke

    Shared services and vendor management

    Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

    Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

    Network egress and interaction

    Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

    For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

    Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

    A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

    Security

    While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

    Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

    Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

    Cloud metering

    The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

    For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

    Don't get stuck with your on-prem network design. Design for the cloud.

    1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
    2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
    3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
    4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
    5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

    Cloud network design strategy

    This is an image of the framework for developing a Cloud Network Design Strategy.

    Bibliography

    Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
    Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
    "What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
    Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

    Manage Your Chromebooks and MacBooks

    • Buy Link or Shortcode: {j2store}167|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices

    Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    • If you have modernized your end-user computing strategy, you may have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks may be ideal as a low-cost interface into DaaS for your employees.
    • Managing Chromebooks can be particularly challenging as they grow in popularity in the education sector.

    Our Advice

    Critical Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Impact and Result

    • Many solutions are available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don’t purchase capabilities that you may never use.
    • Use the associated Endpoint Management Selection Tool spreadsheet to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    Manage Your Chromebooks and MacBooks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Your Chromebooks and MacBooks deck – MacBooks and Chromebooks are growing in popularity in enterprise and education environments, and now you have to manage them.

    Explore options, guidance and some best practices related to the management of Chromebooks and MacBooks in the enterprise environment and educational institutions. Our guidance will help you understand features and options available in a variety of solutions. We also provide guidance on selecting the best endpoint management solution for your own environment.

    • Manage Your Chromebooks and MacBooks Storyboard

    2. Endpoint Management Selection Tool – Select the best endpoint management tool for your environment. Build a table to compare endpoint management offerings in relation to the features and options desired by your organization.

    This tool will help you determine the features and options you want or need in an endpoint management solution.

    • Endpoint Management Selection Tool
    [infographic]

    Further reading

    Manage Your Chromebooks and MacBooks

    Financial constraints, strategy, and your user base dictate the need for Chromebooks and MacBooks – now you have to manage them in your environment.

    Analyst Perspective

    Managing MacBooks and Chromebooks is similar to managing Windows devices in many ways and different in others. The tools have many common features, yet they struggle to achieve the same goals.

    Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.

    That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.

    Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.

    This is a picture of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You modernized your end-user computing strategy and now have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks would be ideal as a low-cost interface into DaaS for your employees.
    • You are responsible for the management of all the new Chromebooks in your educational district.
    • Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    Common Obstacles

    • Endpoint management solutions typically do a great job at managing one category of devices, like Windows or MacBooks, but they struggle to fully manage alternative endpoints.
    • Multiple solutions to manage multiple devices will result in multiple dashboards. A single view would be better.
    • One solution may not fit all, but multiple solutions is not desirable either, especially if you have Windows devices, MacBooks, and Chromebooks.

    Info-Tech's Approach

    • Use the tools at your disposal first – don't needlessly spend money if you don't have to. Many solutions can already manage other types of devices to some degree.
    • Use the integration capabilities of endpoint management tools. Many of them can integrate with each other to give you a single interface to manage multiple types of devices while taking advantage of additional functionality.
    • Don't purchase capabilities you will never use. Using 80% of a less expensive tool is economically smarter than using 10% of a more expensive tool.

    Info-Tech Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Insight Summary

    Insight 1

    Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.

    Insight 2

    The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.

    Insight 3

    Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.

    Insight 4

    Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.

    Insight 5

    Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.

    Chromebooks

    Chromebooks had a respectable share of the education market before 2020, but the COVID-19 pandemic turbocharged the penetration of Chromebooks in the education industry.

    Chromebooks are also catching the attention of some decision makers in the enterprise environment.

    "In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    "Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
    – Android Police

    "Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
    – Geekwire

    "In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    Managing Chromebooks

    Start with the Google Admin Console (GAC)

    GAC is necessary to initially manage Chrome OS devices.

    GAC gives you a centralized console that will allow you to:

    • Create organizational units
    • Add your Chromebook devices
    • Add users
    • Assign users to devices
    • Create groups
    • Create and assign policies
    • Plus more

    GAC can facilitate device management with features such as:

    • Control admin permissions
    • Encryption and update settings
    • App deployment, screen timeout settings
    • Perform a device wipe if required
    • Audit user activity on a device
    • Plus more

    Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?

    GAC lets you administer users and devices with a similar approach.

    Managing Chromebooks

    Use Active Directory to manage Chromebooks.

    • Enable Active Directory (AD) management from within GAC and you will be able to integrate your Chromebook devices with your AD environment.
    • Devices will be visible in both the GAC and AD environment.
    • Use Windows Group Policy to manage devices and to push policies to users and devices.
    • Users can use their AD username and password to sign into Chromebook devices.
    • GAC can still be used for devices that are not synced with AD.

    Chromebooks can also be managed through these approved partners:

    • Cisco Meraki
    • Citrix XenMobile
    • IBM MaaS360
    • ManageEngine Mobile Device Manager Plus
    • VMware Workspace ONE

    Source: Google

    You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.

    If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.

    Microsoft still has the market share when it comes to device sales, and many administrators are already familiar with Microsoft's Active Directory. Google took advantage of that familiarity when it designed the Google Admin Console structure for users, groups, and organizational units.

    Chromebook Deployment

    Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.

    Enrolling Chromebooks comes down to one of two approaches:

    1. Manually enrolling one device at a time
      • Users can assist by entering some identifying details during the enrollment if permitted.
      • Some third-party solutions exist, such as USB drives to reduce repetitive keystrokes or hubs to facilitate manually enrolling multiple Chromebooks simultaneously.
    2. Google's Chrome Enterprise Upgrade or the Chrome Education Upgrade
      • This allows you to let your users enroll devices after they accept the end-user license agreement.
      • You can take advantage of Google's vendor partner program and use a zero-touch deployment method where the Chromebook devices automatically receive the assigned policies, apps, and settings as soon as the device is powered on and an authorized user signs in.
      • The Enterprise Upgrade and the Education Upgrade do come with an annual cost per device, which is currently less than US$50.
      • The Enterprise and Education Upgrades come with other features as well, such as enhanced security.

    Chromebooks are automatically assigned to the top-level organizational unit (OU) when enrolled. Devices can be manually moved to another OU, but admins can also create enrollment policies to place newly enrolled devices in a specific OU or have the device locate itself in the same OU as the user.

    Chromebooks in Education

    GAC is also used with Education-licensed devices

    Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)

    • Groups, policies, administrative controls, app deployment and management, adding devices and users, creating organizational units, and more features are all available to Education Admins to use.

    Education device policies and settings tend to focus more on protecting the students with controls such as:

    • Disable incognito mode
    • Disable location tracking
    • Disable external storage devices
    • Browser based protections such as Safe Search or Safe Browsing
    • URL blocking
    • Video input disable for websites
    • App installation prevention, auto re-install, and app blocking
    • Forced re-enrollment to your domain after a device is wiped
    • Disable Guest Mode
    • Restrict who can sign in
    • Audit user activity on a device

    When a student takes home a Chromebook assigned to them, that Chromebook may be the only computer in the household. Administrative polices and settings must take into account the fact that the device may have multiple users accessing many different sites and applications when the device is outside of the school environment.

    Chromebook Management Extended

    An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.

    These solutions assist or augment Chromebook management with features such as:

    • Ability to sync with Google Admin Console
    • Ability to sync with student information systems, such as PowerSchool
    • Financial management, purchase details, and chargeback
    • Asset lifecycle management
    • 1:1 Chromebook distribution management
    • Repair programs and repair process management
    • Check-out/loan program management
    • Device distribution/allocation management, including barcode reader integration
    • Simple learning material distribution to the classroom for teachers
    • Facilitate GAC bulk operations
    • Manage inventory of non-IT assets such as projectors, TVs, and other educational assets
    • Plus more

    "There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
    – VIZOR

    MacBooks

    • MacBooks are gaining popularity in the Enterprise world.
    • Some admins claim MacBooks are less expensive in the long run over Windows-based PCs.
    • Users claim less issues when using a MacBook, and overall, companies report increased retention rates when users are using MacBooks.

    "Macs now make up 23% of endpoints in enterprises."
    – ComputerWeekly.com

    "When given the choice, no less than 72% of employees choose Macs over PCs."
    – "5 Reasons Mac is a must," Jamf

    "IBM says it is 3X more expensive to manage PCs than Macs."
    – Computerworld

    "74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
    – "Global Survey: Mac in the Enterprise," Jamf

    "When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
    – "5 Reasons Mac is a must," Jamf

    Managing MacBooks

    Can your existing UEM keep up?

    Many Windows unified endpoint management (UEM) tools can manage MacBooks, but most companies choose to use a dedicated MacBook management tool.

    • UEM tools that are primarily Windows focused do not typically go deep enough into the management capabilities of non-Windows devices.
    • Admins have noted limitations when it comes to using Windows UEM tools, and reasons they prefer a dedicated MacBook management solution include:
      • Easier to use
      • Faster response times when deploying settings and policies
      • Better control over notification settings and lock screen settings.
      • Easier Apple Business Manager (ABM) integration and provisioning.
    • Note that not every UEM will have the same limitations or advantages. Functionality is different between vendor products.

    Info-Tech Insight

    Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.

    Admins tend to agree that a Windows UEM is best for Windows while an Apple-based UEM is best for Apple devices.

    Managing MacBooks

    The market for "MacBook-first" management solutions includes a variety of players of varying ages such as:

    • Jamf
    • Kandji
    • Mosyle
    • SimpleMDM
    • Others

    MacBook-focused management tools can provide features such as:

    • Encryption and update settings
    • App deployment and lifecycle management
    • Remote device wipe, scan, shutdown, restart, and lock
    • Zero touch deployment and support
    • Location tracking
    • Browser content filtering
    • Enable, hide/block, or disable built-in features
    • Configure Wi-Fi, VPN, and certificate-based settings
    • Centralized dashboard with device and app listings as well as individual details
    • Data restrictions
    • Plus more

    Unified endpoint management (UEM) solutions that can provide MacBook management to some degree include (but are not limited to):

    • Intune
    • Ivanti
    • Endpoint Central
    • WorkspaceOne

    Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.

    Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.

    Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
    Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
    – "Microsoft Intune and Jamf Pro," Jamf

    Endpoint Management Selection Tool
    Activity

    There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.

    Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. List out the desired features you want in an endpoint solution for your devices and record those features in the first column. Use the features provided, or add your own and edit or delete the existing ones if necessary.
    2. List your selected endpoint management solution vendors in each of the columns in place of "Vendor 1," "Vendor 2," etc.
    3. Fill out the spreadsheet by changing the corresponding desired feature cell under each vendor to a "yes" or "no" based on your findings while investigating each vendor solution.
    4. When you have finished your investigation, review your spreadsheet to compare the various offerings and pros and cons of each vendor.
    5. Select your endpoint management solution.

    Endpoint Management Selection Tool

    In the first column, list out the desired features you want in an endpoint solution for your devices. Use the features provided if desired, or add your own and edit or delete the existing ones if necessary. As you look into various endpoint management solution vendors, list them in the columns in place of "Vendor 1," "Vendor 2," etc. Use the "Desired Feature" list as a checklist and change the values to "yes" or "no" in the corresponding box under the vendors' names. When complete, you will be able to look at all the features and compare vendors in a single table.

    Desired Feature Vendor 1 Vendor 2 Vendor 3
    Organizational unit creation Yes No Yes
    Group creation Yes Yes Yes
    Ability to assign users to devices No Yes Yes
    Control of administrative permissions Yes Yes Yes
    Conditional access No Yes Yes
    Security policies enforced Yes No Yes
    Asset management No Yes No
    Single sign-on Yes Yes Yes
    Auto-deployment No Yes No
    Repair lifecycle tracking No Yes No
    Application deployment Yes Yes No
    Device tracking Yes Yes Yes
    Ability to enable encryption Yes No Yes
    Device wipe Yes No Yes
    Ability to enable/disable device tracking No No Yes
    User activity audit No No No

    Related Info-Tech Research

    this is a screenshot from Info-Tech's Modernize and Transform Your End-User Computing Strategy.

    Modernize and Transform Your End-User Computing Strategy
    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
    Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.

    Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
    Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.

    Bibliography

    Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
    Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
    Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
    Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
    Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
    "Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
    "How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
    "Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
    Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
    Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.

    Build a Reporting and Analytics Strategy

    • Buy Link or Shortcode: {j2store}128|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $49,748 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • In respect to business intelligence (BI) matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and analytics strategy and is not a quick solution or a guarantee for long-term success.

    Our Advice

    Critical Insight

    • The BI strategy drives data warehouse and integration strategies and the data needed to support business decisions.
    • The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Impact and Result

    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • BI & analytics informs data warehouse and integration layers for required content, latency, and quality.

    Build a Reporting and Analytics Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create or refresh the BI Strategy and review Info-Tech’s approach to developing a BI strategy that meets business needs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the business context and BI landscape

    Lay the foundation for the BI strategy by detailing key business information and analyzing current BI usage.

    • Build a Reporting and Analytics Strategy – Phase 1: Understand the Business Context and BI Landscape
    • BI Strategy and Roadmap Template
    • BI End-User Satisfaction Survey Framework

    2. Evaluate the current BI practice

    Assess the maturity level of the current BI practice and envision a future state.

    • Build a Reporting and Analytics Strategy – Phase 2: Evaluate the Current BI Practice
    • BI Practice Assessment Tool

    3. Create a BI roadmap for continuous improvement

    Create BI-focused initiatives to build an improvement roadmap.

    • Build a Reporting and Analytics Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement
    • BI Initiatives and Roadmap Tool
    • BI Strategy and Roadmap Executive Presentation Template
    [infographic]

    Workshop: Build a Reporting and Analytics Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Vision and Understand the Current BI Landscape

    The Purpose

    Document overall business vision, mission, and key objectives; assemble project team.

    Collect in-depth information around current BI usage and BI user perception.

    Create requirements gathering principles and gather requirements for a BI platform.

    Key Benefits Achieved

    Increased IT–business alignment by using the business context as the project starting point

    Identified project sponsor and project team

    Detailed understanding of trends in BI usage and BI perception of consumers

    Refreshed requirements for a BI solution

    Activities

    1.1 Gather key business information (overall mission, goals, objectives, drivers).

    1.2 Establish a high-level ROI.

    1.3 Identify ideal candidates for carrying out a BI project.

    1.4 Undertake BI usage analyses, BI user perception survey, and a BI artifact inventory.

    1.5 Develop requirements gathering principles and approaches.

    1.6 Gather and organize BI requirements

    Outputs

    Articulated business context that will guide BI strategy development

    ROI for refreshing the BI strategy

    BI project team

    Comprehensive summary of current BI usage that has quantitative and qualitative perspectives

    BI requirements are confirmed

    2 Evaluate Current BI Maturity and Identify the BI Patterns for the Future State

    The Purpose

    Define current maturity level of BI practice.

    Envision the future state of your BI practice and identify desired BI patterns.

    Key Benefits Achieved

    Know the correct migration method for Exchange Online.

    Prepare user profiles for the rest of the Office 365 implementation.

    Activities

    2.1 Perform BI SWOT analyses.

    2.2 Assess current state of the BI practice and review results.

    2.3 Create guiding principles for the future BI practice.

    2.4 Identify desired BI patterns and the associated BI functionalities/requirements.

    2.5 Define the future state of the BI practice.

    2.6 Establish the critical success factors for the future BI, identify potential risks, and create a mitigation plan.

    Outputs

    Exchange migration strategy

    Current state of BI practice is documented from multiple perspectives

    Guiding principles for future BI practice are established, along with the desired BI patterns linked to functional requirements

    Future BI practice is defined

    Critical success factors, potential risks, and a risk mitigation plan are defined

    3 Build Improvement Initiatives and Create a BI Development Roadmap

    The Purpose

    Build overall BI improvement initiatives and create a BI improvement roadmap.

    Identify supplementary initiatives for enhancing your BI program.

    Key Benefits Achieved

    Defined roadmap composed of robust improvement initiatives

    Activities

    3.1 Create BI improvement initiatives based on outputs from phase 1 and 2 activities. Build an improvement roadmap.

    3.2 Build an improvement roadmap.

    3.3 Create an Excel governance policy.

    3.4 Create a plan for a BI ambassador network.

    Outputs

    Comprehensive BI initiatives placed on an improvement roadmap

    Excel governance policy is created

    Internal BI ambassadors are identified

    Further reading

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Terminology

    As the reporting and analytics space matured over the last decade, software suppliers used different terminology to differentiate their products from others’. This caused a great deal of confusion within the business communities.

    Following are two definitions of the term Business Intelligence:

    Business intelligence (BI) leverages software and services to transform data into actionable insights that inform an organization’s strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with detailed intelligence about the state of the business.

    The term business intelligence often also refers to a range of tools that provide quick, easy-to-digest access to insights about an organization's current state, based on available data.

    CIO Magazine

    Business intelligence (BI) comprises the strategies and technologies used by enterprises for the data analysis of business information. BI technologies provide historical, current, and predictive views of business operations.

    Common functions of business intelligence technologies include reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics, and prescriptive analytics.

    Wikipedia

    This blueprint will use the terms “BI,” “BI and Analytics,” and “Reporting and Analytics” interchangeably in different contexts, but always in compliance to the above definitions.

    ANALYST PERSPECTIVE

    A fresh analytics & reporting strategy enables new BI opportunities.

    We need data to inform the business of past and current performance and to support strategic decisions. But we can also drown in a flood of data. Without a clear strategy for business intelligence, a promising new solution will produce only noise.

    BI and Analytics teams must provide the right quantitative and qualitative insights for the business to base their decisions on.

    Your Business Intelligence and Analytics strategy must support the organization’s strategy. Your strategy for BI & Analytics provides direction and requirements for data warehousing and data integration, and further paves the way for predictive analytics, big data analytics, market/industry intelligence, and social network analytics.

    Dirk Coetsee,

    Director, Data and Analytics Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • A CIO or Business Unit (BU) Leader looking to improve reporting and analytics, reduce time to information, and embrace fact-based decision making with analytics, reporting, and business intelligence (BI).
    • Application Directors experiencing poor results from an initial BI tool deployment who are looking to improve the outcome.

    This Research Will Also Assist:

    • Project Managers and Business Analysts assigned to a BI project team to collect and analyze requirements.
    • Business units that have their own BI platforms and would like to partner with IT to take their BI to an enterprise level.

    This Research Will Help You:

    • Align your reporting and analytics strategy with the business’ strategic objectives before you rebuild or buy your Business Intelligence platform.
    • Identify reporting and analytics objectives to inform the data warehouse and integration requirements gathering process.
    • Avoid common pitfalls that derail BI and analytic deployments and lower their adoption.
    • Identify Business Intelligence gaps prior to deployment and incorporate remedies within your plans.

    This Research Will Help Them:

    • Recruit the right resources for the program.
    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • Assess BI maturity and plan for target state.
    • Develop a BI strategy and roadmap.
    • Track the success of the BI initiative.

    Executive summary

    Situation:

    BI drives a new reality. Uber is the world’s largest taxi company and they own no vehicles; Alibaba is the world’s most valuable retailer and they have no inventory; Airbnb is the world’s largest accommodation provider and they own no real estate. How did they disrupt their markets and get past business entry barriers? A deep understanding of their market through impeccable business intelligence!

    Complication:

    • In respect to BI matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and Analytics strategy and is not a quick solution or a guarantee for long term success.

    Resolution:

    • Drive strategy development by establishing the business context upfront in order to align business intelligence providers with the most important needs of their BI consumers and the strategic priorities of the organization.
    • Revamp or create a BI strategy to update your BI program to make it fit for purpose.
    • Understand your existing BI baggage – e.g. your existing BI program, the artifacts generated from the program, and the users it supports. Those will inform the creation of the strategy and roadmap.
    • Assess current BI maturity and determine your future state BI maturity.
    • BI needs governance to ensure consistent planning, communication, and execution of the BI strategy.
    • Create a network of BI ambassadors across the organization to promote BI.
    • Plan for the future to ensure that required data will be available when the organization needs it.

    Info-Tech Insight

    1. Put the “B” back in BI. Don’t have IT doing BI for IT’s sake; ensure the voice and needs of the business are the primary drivers of your strategy.
    2. The BI strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    3. Go beyond the platform. The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Metrics to track BI & Analytical program progress

    Goals for BI:

    • Understand business context and needs. Identify business processes that can leverage BI.
    • Define the Reporting & Analytics Roadmap. Develop data initiatives, and create a strategy and roadmap for Business Intelligence.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking the BI Program

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Your Enterprise BI and Analytics Strategy is driven by your organization’s Vision and Corporate Strategy

    Formulating an Enterprise Reporting and Analytics Strategy requires the business vision and strategies to first be substantiated. Any optimization to the Data Warehouse, Integration and Source layer is in turn driven by the Enterprise Reporting and Analytics Strategy

    Flow chart showing 'Business Vision Strategies'

    The current state of your Integration and Warehouse platforms determine what data can be utilized for BI and Analytics

    Where we are, and how we got here

    How we got here

    • In the beginning was BI 1.0. Business intelligence began as an IT-driven centralized solution that was highly governed. Business users were typically the consumers of reports and dashboards created by IT, an analytics-trained minority, upon request.
    • In the last five to ten years, we have seen a fundamental shift in the business intelligence and analytics market, moving away from such large-scale, centralized IT-driven solutions focused on basic reporting and administration, towards more advanced user-friendly data discovery and visualization platforms. This has come to be known as BI 2.0.
    • Many incumbent market leaders were disrupted by the demand for more user-friendly business intelligence solutions, allowing “pure-play” BI software vendors to carve out a niche and rapidly expand into more enterprise environments.
    • BI-on-the-cloud has established itself as a solid alternative to in-house implementation and operation.

    Where we are now

    • BI 3.0 has arrived. This involves the democratization of data and analytics and a predominantly app-centric approach to BI, identifiable by an anywhere, anytime, and device-or-platform-independent collaborative methodology. Social workgroups and self-guided content creation, delivery, analysis, and management is prominent.
    • Where the need for reporting and dashboards remains, we’re seeing data discovery platforms fulfilling the needs of non-technical business users by providing easy-to-use interactive solutions to increase adoption across enterprises.
    • With more end users demanding access to data and the tools to extract business insights, IT is looking to meet these needs while continuing to maintain governance and administration over a much larger base of users. The race for governed data discovery is heated and will be a market differentiator.
    • The next kid on the block is Artificial Intelligence that put further demands on data quality and availability.

    RICOH Canada used this methodology to develop their BI strategy in consultation with their business stakeholders

    CASE STUDY

    Industry: Manufacturing and Retail

    Source: RICOH

    Ricoh Canada transforms the way people work with breakthrough technologies that help businesses innovate and grow. Its focus has always been to envision what the future will look like so that it can help its customers prepare for success. Ricoh empowers digital workplaces with a broad portfolio of services, solutions, and technologies – helping customers remove obstacles to sustained growth by optimizing the flow of information and automating antiquated processes to increase workplace productivity. In their commitment towards a customer-centric approach, Ricoh Canada recognized that BI and analytics can be used to inform business leaders in making strategic decisions.

    Enterprise BI and analytics Initiative

    Ricoh Canada enrolled in the ITRG Reporting & Analytics strategy workshop with the aim to create a BI strategy that will allow the business to harvest it strengths and build for the future. The workshop acted as a forum for the different business units to communicate, share ideas, and hear from each other what their pains are and what should be done to provide a full customer 360 view.

    Results

    “This workshop allowed us to collectively identify the various stakeholders and their unique requirements. This is a key factor in the development of an effective BI Analytics tool.” David Farrar

    The Customer 360 Initiative included the following components

    The Customer 360 Initiative includes the components shown in the image

    Improve BI Adoption Rates

    Graph showing Product Adoption Rates

    Sisense

    Reasons for low BI adoption

    • Employees that never used BI tools are slow to adopt new technology.
    • Lack of trust in data leads to lack of trust in the insights.
    • Complex data structures deter usage due to long learning curves and contained nuances.
    • Difficult to translate business requirements into tool linguistics due to lack of training or technical ineptness.
    • Business has not taken ownership of data, which affects access to data.

    How to foster BI adoption

    • Senior management proclaim data as a strategic asset and involved in the promotion of BI
    • Role Requirement that any business decision should be backed up by analytics
    • Communication of internal BI use case studies and successes
    • Exceptional data lineage to act as proof for the numbers
    • A Business Data glossary with clearly defined business terms. Use the Business Data Glossary in conjunction with data lineage and semantic layers to ensure that businesses are clearly defined and traced to sources.
    • Training in business to take ownership of data from inception to analytics.

    Why bother with analytics?

    In today’s ever-changing and global environment, organizations of every size need to effectively leverage their data assets to facilitate three key business drivers: customer intimacy, product/service innovation, and operational excellence. Plus, they need to manage their operational risk efficiently.

    Investing in a comprehensive business intelligence strategy allows for a multidimensional view of your organization’s data assets that can be operationalized to create a competitive edge:

    Historical Data

    Without a BI strategy, creating meaningful reports for business users that highlight trends in past performance and draw relationships between different data sources becomes a more complex task. Also, the ever growing need to identify and assess risks in new ways is driving many companies to BI.

    Data Democracy

    The core purpose of BI is to provide the right data, to the right users, at the right time, and in a format that is easily consumable and actionable. In developing a BI strategy, remember the driver for managed cross-functional access to data assets and features such as interactive dashboards, mobile BI, and self-service BI.

    Predictive and Big Data Analytics

    As the volume, variety, and velocity of data increases rapidly, businesses will need a strategy to outline how they plan to consume the new data in a manner that does not overwhelm their current capabilities and aligns with their desired future state. This same strategy further provides a foundation upon which organizations can transition from ad hoc reporting to using data assets in a codified BI platform for decision support.

    Business intelligence serves as the layer that translates data, information, and organizational knowledge into insights

    As executive decision making shifts to more fact-based, data-driven thinking, there is an urgent need for data assets to be organized and presented in a manner that enables immediate action.

    Typically, business decisions are based on a mix of intuition, opinion, emotion, organizational culture, and data. Though business users may be aware of its potential value in driving operational change, data is often viewed as inaccessible.

    Business intelligence bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed decision making.

    Most organizations realize that they need a BI strategy; it’s no longer a nice-to-have, it’s a must-have.

    – Albert Hui, Principal, Data Economist

    A triangle grapg depicting the layers of business itelligence

    Business intelligence and business analytics: what is the difference and should you care

    Ask 100 people and you will get 100 answers. We like the prevailing view that BI looks at today and backward for improving who we are, while BA is forward-looking to support change decisions.

    The image depicts a chart flowing from Time Past to Future. Business Intelligence joins with Business Analytics over the Present
    • Business intelligence is concerned with looking at present and historical data.
    • Use this data to create reports/dashboards to inform a wide variety of information consumers of the past and current state of affairs.
    • Almost all organizations, regardless of size and maturity, use some level of BI even if it’s just very basic reporting.
    • Business analytics, on the other hand, is a forward-facing use of data, concerned with the present to the future.
    • Analytics uses data to both describe the present, and more importantly, predict the future, enabling strategic business decisions.
    • Although adoption is rapidly increasing, many organizations still do not utilize any advanced analytics in their environment.

    However, establishing a strong business intelligence program is a necessary precursor to an organization’s development of its business analytics capabilities.

    Organizations that successfully grow their BI capabilities are reaping the rewards

    Evidence is piling up: if planned well, BI contributes to the organization’s bottom line.

    It’s expected that there will be nearly 45 billion connected devices and a 42% increase in data volume each year posing a high business opportunity for the BI market (BERoE, 2020).

    The global business intelligence market size to grow from US$23.1 billion in 2020 to US$33.3 billion by 2025, at a compound annual growth rate (CAGR) of 7.6% (Global News Wire, 2020)

    In the coming years, 69% of companies plan on increasing their cloud business intelligence usage (BARC Research and Eckerson Group Study, 2017).

    Call to Action

    Small organizations of up to 100 employees had the highest rate of business intelligence penetration last year (Forbes, 2018).

    Graph depicting business value from 0 months to more than 24 months

    Source: IBM Business Value, 2015

    For the New England Patriots, establishing a greater level of customer intimacy was driven by a tactical analytics initiative

    CASE STUDY

    Industry: Professional Sports

    Source Target Marketing

    Problem

    Despite continued success as a franchise with a loyal fan base, the New England Patriots experienced one of their lowest season ticket renewal rates in over a decade for the 2009 season. Given the numerous email addresses that potential and current season-ticket holders used to engage with the organization, it was difficult for Kraft Sports Group to define how to effectively reach customers.

    Turning to a Tactical Analytics Approach

    Kraft Sports Group turned to the customer data that it had been collecting since 2007 and chose to leverage analytics in order to glean insight into season ticket holder behavior. By monitoring and reporting on customer activity online and in attendance at games, Kraft Sports Group was able to establish that customer engagement improved when communication from the organization was specifically tailored to customer preferences and historical behavior.

    Results

    By operationalizing their data assets with the help of analytics, the Patriots were able to achieve a record 97% renewal rate for the 2010 season. KSG was able to take their customer engagement to the next level and proactively look for signs of attrition in season-ticket renewals.

    We're very analytically focused and I consider us to be the voice of the customer within the organization… Ultimately, we should know when renewal might not happen and be able to market and communicate to change that behavior.

    – Jessica Gelman,

    VP Customer Marketing and Strategy, Kraft Sports Group

    A large percentage of all BI projects fail to meet the organization’s needs; avoid falling victim to common pitfalls

    Tool Usage Pitfalls

    • Business units are overwhelmed with the amount and type of data presented.
    • Poor data quality erodes trust, resulting in a decline in usage.
    • Analysis performed for the sake of analysis and doesn’t focus on obtaining relevant business-driven insights.

    Selection Pitfalls

    • Inadequate requirements gathering.
    • No business involvement in the selection process.
    • User experience is not considered.
    • Focus is on license fees and not total cost.

    Implementation Pitfalls

    • Absence of upfront planning
    • Lack of change management to facilitate adoption of the new platform
    • No quick wins that establish the value of the project early on
    • Inadequate initial or ongoing training

    Strategic Pitfalls

    • Poor alignment of BI goals with organization goals
    • Absence of CSFs/KPIs that can measure the qualitative and quantitative success of the project
    • No executive support during or after the project

    BI pitfalls are lurking around every corner, but a comprehensive strategy drafted upfront can help your organization overcome these obstacles. Info-Tech’s approach to BI has involvement from the business units built right into the process from the start and it equips IT to interact with key stakeholders early and often.

    Only 62% of Big Data and AI projects in 2019 provided measurable results.

    Source: NewVantage Partners LLC

    Business and IT have different priorities for a BI tool

    Business executives look for:

    • Ease of use
    • Speed and agility
    • Clear and concise information
    • Sustainability

    IT professionals are concerned about:

    • Solid security
    • Access controls on data
    • Compliance with regulations
    • Ease of integration

    Info-Tech Insight

    Combining these priorities will lead to better tool selection and more synergy.

    Elizabeth Mazenko

    The top-down BI Opportunity Analysis is a tool for senior executives to discover where Business Intelligence can provide value

    The image is of a top-down BI Opportunity Analysis.

    Example: Uncover BI opportunities with an opportunity analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams (2016)

    Bridge the gap between business drivers and business intelligence features with a three-tiered framework

    Info-Tech’s approach to formulating a fit-for-purpose BI strategy is focused on making the link between factors that are the most important to the business users and the ways that BI providers can enable those consumers.

    Drivers to Establish Competitive Advantage

    • Operational Excellence
    • Client Intimacy
    • Innovation

    BI and Analytics Spectrum

    • Strategic Analytics
    • Tactical Analytics
    • Operational Analytics

    Info-Tech’s BI Patterns

    • Delivery
    • User Experience
    • Deep Analytics
    • Supporting

    This is the content for Layout H3 Tag

    Though business intelligence is primarily thought of as enabling executives, a comprehensive BI strategy involves a spectrum of analytics that can provide data-driven insight to all levels of an organization.

    Recommended

    Strategic Analytics

    • Typically focused on predictive modeling
    • Leverages data integrated from multiple sources (structured through unstructured)
    • Assists in identifying trends that may shift organizational focus and direction
    • Sample objectives:
      • Drive market share growth
      • Identify new markets, products, services, locations, and acquisitions
      • Build wider and deeper customer relationships earning more wallet share and keeping more customers

    Tactical Analytics

    • Often considered Response Analytics and used to react to situations that arise, or opportunities at a department level.
    • Sample objectives:
      • Staff productivity or cost analysis
      • Heuristics/algorithms for better risk management
      • Product bundling and packaging
      • Customer satisfaction response techniques

    Operational Analytics

    • Analytics that drive business process improvement whether internal, with external partners, or customers.
    • Sample objectives:
      • Process step elimination
      • Best opportunities for automation

    Business Intelligence Terminology

    Styles of BI New age BI New age data Functional Analytics Tools
    Reporting Agile BI Social Media data Performance management analytics Scorecarding dashboarding
    Ad hoc query SaaS BI Unstructured data Financial analytics Query & reporting
    Parameterized queries Pervasive BI Mobile data Supply chain analytics Statistics & data mining
    OLAP Cognitive Business Big data Customer analytics OLAP cubes
    Advanced analytics Self service analytics Sensor data Operations analytics ETL
    Cognitive business techniques Real-time Analytics Machine data HR Analytics Master data management
    Scorecards & dashboards Mobile Reporting & Analytics “fill in the blanks” analytics Data Governance

    Williams (2016)

    "BI can be confusing and overwhelming…"

    – Dirk Coetsee,

    Research Director,

    Info-Tech Research Group

    Business intelligence lies in the Information Dimensions layer of Info-Tech’s Data Management Framework

    The interactions between the information dimensions and overlying data management enablers such as data governance, data architecture, and data quality underscore the importance of building a robust process surrounding the other data practices in order to fully leverage your BI platform.

    Within this framework BI and analytics are grouped as one lens through which data assets at the business information level can be viewed.

    The image is the Information Dimensions layer of Info-Tech’s Data Management Framework

    Use Info-Tech’s three-phase approach to a Reporting & Analytics strategy and roadmap development

    Project Insight

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to effectively enable business decision making. Develop a reporting and analytics strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current reporting and analytical capabilities.

    Phase 1: Understand the Business Context and BI Landscape Phase 2: Evaluate Your Current BI Practice Phase 3: Create a BI Roadmap for Continuous Improvement
    1.1 Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    2.1 Assess Your Current BI Maturity
    • BI Practice Assessment
    • Summary of Current State
    3.1 Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • RACI
    • BI Strategy and Roadmap
    1.2 Assess Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    2.2 Envision BI Future State
    • BI Style Requirements
    • BI Practice Assessment
    3.2 Plan for Continuous Improvement
    • Excel/Access Governance Policy
    • BI Ambassador Network Draft
    1.3 Develop BI Solution Requirements
    • Requirements Gathering Principles
    • Overall BI Requirements

    Stand on the shoulders of Information Management giants

    As part of our research process, we leveraged the frameworks of COBIT5, Mike 2.0, and DAMA DMBOK2. Contextualizing business intelligence within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas.

    The DMBOK2 Data Management framework by the Data Asset Management Association (DAMA) provided a starting point for our classification of the components in our IM framework.

    Mike 2.0 is a data management framework that helped guide the development of our framework through its core solutions and composite solutions.

    The Cobit 5 framework and its business enablers were used as a starting point for assessing the performance capabilities of the different components of information management, including business intelligence.

    Info-Tech has a series of deliverables to facilitate the evolution of your BI strategy

    BI Strategy Roadmap Template

    BI Practice Assessment Tool

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Executive Presentation Template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Reporting and Analytics Strategy – Project Overview

    1. Understand the Business Context and BI Landscape 2. Evaluate the Current BI Practice 3. Create a BI Roadmap for Continuous Improvement
    Best-Practice Toolkit

    1.1 Document overall business vision, mission, industry drivers, and key objectives; assemble a project team

    1.2 Collect in-depth information around current BI usage and BI user perception

    1.3 Create requirements gathering principles and gather requirements for a BI platform

    2.1 Define current maturity level of BI practice

    2.2 Envision the future state of your BI practice and identify desired BI patterns

    3.1 Build overall BI improvement initiatives and create a BI improvement roadmap

    3.2 Identify supplementary initiatives for enhancing your BI program

    Guided Implementations
    • Discuss Info-Tech’s approach for using business information to drive BI strategy formation
    • Review business context and discuss approaches for conducting BI usage and user analyses
    • Discuss strategies for BI requirements gathering
    • Discuss BI maturity model
    • Review practice capability gaps and discuss potential BI patterns for future state
    • Discuss initiative building
    • Review completed roadmap and next steps
    Onsite Workshop Module 1:

    Establish Business Vision and Understand the Current BI Landscape

    Module 2:

    Evaluate Current BI Maturity Identify the BI Patterns for the Future State

    Module 3:

    Build Improvement Initiatives and Create a BI Development Roadmap

    Phase 1 Outcome:
    • Business context
    • Project team
    • BI usage information, user perception, and new BI requirements
    Phase 2 Outcome:
    • Current and future state assessment
    • Identified BI patterns
    Phase 3 Outcome:
    • BI improvement strategy and initiative roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Understand Business Context and Structure the Project

    1.1 Make the case for a BI strategy refresh.

    1.2 Understand business context.

    1.3 Determine high-level ROI.

    1.4 Structure the BI strategy refresh project.

    Understand Existing BI and Revisit Requirements

    2.1 Understand the usage of your existing BI.

    2.2 Gather perception of the current BI users.

    2.3 Document existing information artifacts.

    2.4 Develop a requirements gathering framework.

    2.5 Gather requirements.

    Revisit Requirements and Current Practice Assessment

    3.1 Gather requirements.

    3.2 Determine BI Maturity Level.

    3.3 Perform a SWOT for your existing BI program.

    3.4 Develop a current state summary.

    Roadmap Develop and Plan for Continuous Improvements

    5.1 Develop BI strategy.

    5.2 Develop a roadmap for the strategy.

    5.3 Plan for continuous improvement opportunities.

    5.4 Develop a re-strategy plan.

    Deliverables
    1. Business and BI Vision, Goals, Key Drivers
    2. Business Case Presentation
    3. High-Level ROI
    4. Project RACI
    1. BI Perception Survey
    2. BI Requirements Gathering Framework
    3. BI User Stories and Requirements
    1. BI User Stories and Requirements
    2. BI SWOT for your Current BI Program
    3. BI Maturity Level
    4. Current State Summary
    1. BI Strategy
    2. Roadmap accompanying the strategy with timeline
    3. A plan for improving BI
    4. Strategy plan

    Phase 2

    Understand the Business Context and BI Landscape

    Build a Reporting and Analytics Strategy

    Phase 1 overview

    Detailed Overview

    Step 1: Establish the business context in terms of business vision, mission, objectives, industry drivers, and business processes that can leverage Business Intelligence

    Step 2: Understand your BI Landscape

    Step 3: Understand business needs

    Outcomes

    • Clearly articulated high-level mission, vision, and key drivers from the business, as well as objectives related to business intelligence.
    • In-depth documentation regarding your organization’s BI usage, user perception, and outputs.
    • Consolidated list of requirements, existing and desired, that will direct the deployment of your BI solution.

    Benefits

    • Align business context and drivers with IT plans for BI and Analytics improvement.
    • Understand your current BI ecosystem’s performance.

    Understand your business context and BI landscape

    Phase 1 Overarching Insight

    The closer you align your new BI platform to real business interests, the stronger the buy-in, realized value, and groundswell of enthusiastic adoption will be. Get this phase right to realize a high ROI on your investment in the people, processes, and technology that will be your next generation BI platform.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Track these metrics to measure your progress through Phase 1

    Goals for Phase 1:

    • Understand the business context. Determine if BI can be used to improve business outcomes by identifying benefits, costs, opportunities, and gaps.
    • Understand your existing BI. Plan your next generation BI based on a solid understanding of your existing BI.
    • Identify business needs. Determine the business processes that can leverage BI and Analytics.

    Info-Tech’s Suggested Metrics for Tracking Phase 1 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Monetary ROI
    • Quality of the ROI
    • # of user cases, benefits, and costs quantified
    Derive the number of the use cases, benefits, and costs in the scoping. Ask business SMEs to verify the quality. High-quality ROI studies are created for at least three use cases
    Response Rate of the BI Perception Survey Sourced from your survey delivery system Aim for 40% response rate
    # of BI Reworks Sourced from your project management system Reduction of 10% in BI reworks

    Intangible Metrics:

    1. Executives’ understanding of the BI program and what BI can do for the organization.
    2. Improved trust between IT and the business by re-opening the dialogue.
    3. Closer alignment with the organization strategy and business plan leading to higher value delivered.
    4. Increased business engagement and input into the Analytics strategy.

    Use advisory support to accelerate your completion of Phase 1 activities

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Understand the Business Context and BI Landscape

    Proposed Time to Completion: 2-4 weeks

    Step 1.0: Assemble Your Project Team

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s viewpoint and definitions of business intelligence.
    • Discuss the project sponsorship, ideal team members and compositions.

    Then complete these activities…

    • Identify a project sponsor and the project team members.

    Step 1.1: Understand Your Business Context

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s approach to BI strategy development around using business information as the key driver.

    Then complete these activities…

    • Detail the business context (vision, mission, goals, objectives, etc.).
    • Establish business–IT alignment for your BI strategy by detailing the business context.

    Step 1.2: Establish the Current BI Landscape

    Review findings with analyst:

    • Review the business context outputs from Step 1.1 activities.
    • Review Info-Tech’s approach for documenting your current BI landscape.
    • Review the findings of your BI landscape.

    Then complete these activities…

    • Gather information on current BI usage and perform a BI artifact inventory.
    • Construct and conduct a user perception survey.

    With these tools & templates:

    BI Strategy and Roadmap Template

    Step 1.0

    Assemble the Project Team

    Select a BI project sponsor

    Info-Tech recommends you select a senior executive with close ties to BI be the sponsor for this project (e.g. CDO, CFO or CMO). To maximize the chance of success, Info-Tech recommends you start with the CDO, CMO, CFO, or a business unit (BU) leader who represents strategic enterprise portfolios.

    Initial Sponsor

    CFO or Chief Risk Officer (CRO)

    • The CFO is responsible for key business metrics and cost control. BI is on the CFO’s radar as it can be used for both cost optimization and elimination of low-value activity costs.
    • The CRO is tasked with the need to identify, address, and when possible, exploit risk for business security and benefit.
    • Both of these roles are good initial sponsors but aren’t ideal for the long term.

    CDO or a Business Unit (BU) Leader

    • The CDO (Chief Data Officer) is responsible for enterprise-wide governance and utilization of information as an asset via data processing, analysis, data mining, information trading, and other means, and is the ideal sponsor.
    • BU leaders who represent a growth engine for a company look for ways to mine BI to help set direction.

    Ultimate Sponsor

    CEO

    • As a the primary driver of enterprise-wide strategy, the CEO is the ideal evangelist and project sponsor for your BI strategy.
    • Establishing a CEO–CIO partnership helps elevate IT to the level of a strategic partner, as opposed to the traditional view that IT’s only job is to “keep the lights on.”
    • An endorsement from the CEO may make other C-level executives more inclined to work with IT and have their business unit be the starting point for growing a BI program organically.

    "In the energy sector, achieving production KPIs are the key to financial success. The CFO is motivated to work with IT to create BI applications that drive higher revenue, identify operational bottlenecks, and maintain gross margin."

    – Yogi Schulz, Partner, Corvelle Consulting

    Select a BI project team

    Create a project team with the right skills, experience, and perspectives to develop a comprehensive strategy aligned to business needs.

    You may need to involve external experts as well as individuals within the organization who have the needed skills.

    A detailed understanding of what to look for in potential candidates is essential before moving forward with your BI project.

    Leverage several of Info-Tech’s Job Description Templates to aid in the process of selecting the right people to involve in constructing your BI strategy.

    Roles to Consider

    Business Stakeholders

    Business Intelligence Specialist

    Business Analyst

    Data Mining Specialist

    Data Warehouse Architect

    Enterprise Data Architect

    Data Steward

    "In developing the ideal BI team, your key person to have is a strong data architect, but you also need buy-in from the highest levels of the organization. Buy-in from different levels of the organization are indicators of success more than anything else."

    – Rob Anderson, Database Administrator and BI Manager, IT Research and Advisory Firm

    Create a RACI matrix to clearly define the roles and responsibilities for the parties involved

    A common project management pitfall for any endeavour is unclear definition of responsibilities amongst the individuals involved.

    As a business intelligence project requires a significant amount of back and forth between business and IT – bridged by the BI Steering Committee – clear guidelines at the project outset with a RACI chart provide a basic framework for assigning tasks and lines of communication for the later stages.

    Responsible Accountable Consulted Informed

    Obtaining Buy-in Project Charter Requirements Design Development Program Creation
    BI Steering Committee A C I I I C
    Project Sponsor - C I I I C
    Project Manager - R A I I C
    VP of BI R I I I I A
    CIO A I I I I R
    Business Analyst I I R C C C
    Solution Architect - - C A C C
    Data Architect - - C A C C
    BI Developer - - C C R C
    Data Steward - - C R C C
    Business SME C C C C C C

    Note: This RACI is an example of how role expectations would be broken down across the different steps of the project. Develop your own RACI based on project scope and participants.

    STEP 1.1

    Understand Your Business Context and Structure the Project

    Establish business–IT alignment for your BI strategy by detailing the business context

    Step Objectives

    • Engage the business units to find out where users need BI enablement.
    • Ideate preliminary points for improvement that will further business goals and calculate their value.

    Step Activities

    1.1.1 Craft the vision and mission statements for the Analytics program using the vision, mission, and strategies of your organization as basis.

    1.1.2 Articulate program goals and objectives

    1.1.3 Determine business differentiators and key drivers

    1.1.4 Brainstorm BI-specific constraints and improvement objectives

    Outcomes

    • Clearly articulated business context that will provide a starting point for formulating a BI strategy
    • High-level improvement objectives and ROI for the overall project
    • Vision, mission, and objectives of the analytics program

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    • Project Manager
    • Project Team
    • Relevant Business Stakeholders and Subject Matter Experts

    Transform the way the business makes decisions

    Your BI strategy should enable the business to make fast, effective, and comprehensive decisions.

    Fast Effective Comprehensive
    Reduce time spent on decision-making by designing a BI strategy around information needs of key decision makers. Make the right data available to key decision makers. Make strategic high-value, impactful decisions as well as operational decisions.

    "We can improve BI environments in several ways. First, we can improve the speed with which we create BI objects by insisting that the environments are designed with flexibility and adaptability in mind. Second, we can produce higher quality deliverables by ensuring that IT collaborate with the business on every deliverable. Finally, we can reduce the costs of BI by giving access to the environment to knowledgeable business users and encouraging a self-service function."

    – Claudia Imhoff, Founder, Boulder BI Brain Trust, Intelligent Solutions Inc.

    Assess needs of various stakeholders using personas

    User groups/user personas

    Different users have different consumption and usage patterns. Categorize users into user groups and visualize the usage patterns. The user groups are the connection between the BI capabilities and the users.

    User groups Mindset Usage Pattern Requirements
    Front-line workers Get my job done; perform my job quickly. Reports (standard reports, prompted reports, etc.) Examples:
    • Report bursting
    • Prompted reports
    Analysts I have some ideas; I need data to validate and support my ideas. Dashboards, self-service BI, forecasting/budgeting, collaboration Examples:
    • Self-service datasets
    • Data mashup capability
    Management I need a big-picture view and yet I need to play around with the data to find trends to drive my business. Dashboards, scorecards, mobile BI, forecasting/budgeting Examples:
    • Multi-tab dashboards
    • Scorecard capability
    Data scientists I need to combine existing data, as well as external or new, unexplored data sources and types to find nuggets in the data. Data mashup, connections to data sources Examples:
    • Connectivity to big data
    • Social media analyses

    The pains of inadequate BI are felt across the entire organization – and land squarely on the shoulders of the CIO

    Organization:

    • Insufficient information to make decisions.
    • Unable to measure internal performance.
    • Losses incurred from bad decisions or delayed decisions.
    • Canned reports fail to uncover key insights.
    • Multiple versions of information exist in silos.

    IT Department

    • End users are completely dependent on IT for reports.
    • Ad hoc BI requests take time away from core duties.
    • Spreadsheet-driven BI is overly manual.
    • Business losing trust in IT.

    CIO

    • Under great pressure and has a strong desire to improve BI.
    • Ad hoc BI requests are consuming IT resources and funds.
    • My organization finds value in using data and having decision support to make informed decisions.

    The overarching question that needs to be continually asked to create an effective BI strategy is:

    How do I create an environment that makes information accessible and consumable to users, and facilitates a collaborative dialogue between the business and IT?

    Pre-requisites for success

    Prerequisite #1: Secure Executive Sponsorship

    Sponsorship of BI that is outside of IT and at the highest levels of the organization is essential to the success of your BI strategy. Without it, there is a high chance that your BI program will fail. Note that it may not be an epic fail, but it is a subtle drying out in many cases.

    Prerequisite #2: Understand Business Context

    Providing the right tools for business decision making doesn’t need to be a guessing game if the business context is laid as the project foundation and the most pressing decisions serve as starting points. And business is engaged in formulating and executing the strategy.

    Prerequisite #3: Deliver insights that lead to action

    Start with understanding the business processes and where analytics can improve outcomes. “Think business backwards, not data forward.” (McKinsey)

    11 reasons BI projects fail

    Lack of Executive support

    Old Technology

    Lack of business support

    Too many KPIs

    No methodology for gathering requirements

    Overly long project timeframes

    Bad user experience

    Lack of user adoption

    Bad data

    Lack of proper human resources

    No upfront definition of true ROI

    Mico Yuk, 2019

    Make it clear to the business that IT is committed to building and supporting a BI platform that is intimately tied to enabling changing business objectives.

    Leverage Info-Tech’s BI Strategy and Roadmap Template to accelerate BI planning

    How to accelerate BI planning using the template

    1. Prepopulated text that you can use for your strategy formulation:
    2. Prepopulated text that can be used for your strategy formulation
    3. Sample bullet points that you can pick and choose from:
    4. Sample bullet points to pick and choose from

    Document the BI program planning in Info-Tech’s

    BI Strategy and Roadmap Template.

    Activity: Describe your organization’s vision and mission

    1.1.1

    30-40 minutes

    Compelling vision and mission statements will help guide your internal members toward your company’s target state. These will drive your business intelligence strategy.

    1. Your vision clearly represents where your organization aspires to be in the future and aligns the entire organization. Write down a future-looking, inspirational, and realizable vision in one concise statement. Consider:
    • “Five years from now, our business will be _______.”
    • What do we want to do tomorrow? For whom? What is the benefit?
  • Your mission tells why your organization currently exists and clearly expresses how it will achieve your vision for the future. Write down a mission statement in one clear and concise paragraph consisting of, at most, five sentences. Consider:
    • Why does the business exist? What problems does it solve? Who are its customers?
    • How does the business accomplish strategic tasks or reach its target?
  • Reconvene stakeholders to share ideas and develop one concise vision statement and mission statement. Focus on clarity and message over wording.
  • Input

    • Business vision and mission statements

    Output

    • Alignment and understanding on business vision

    Materials

    Participants

    • BI project lead
    • Executive business stakeholders

    Info-Tech Insight

    Adjust your statements until you feel that you can elicit a firm understanding of both your vision and mission in three minutes or less.

    Formulating an Enterprise BI and Analytics Strategy: Top-down BI Opportunity analysis

    Top-down BI Opportunity analysis

    Example of deriving BI opportunities using BI Opportunity Analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams 2016

    Get your organization buzzing about BI – leverage Info-Tech’s Executive Brief as an internal marketing tool

    Two key tasks of a project sponsor are to:

    1. Evangelize the realizable benefits of investing in a business intelligence strategy.
    2. Help to shift the corporate culture to one that places emphasis on data-driven insight.

    Arm your project sponsor with our Executive Brief for this blueprint as a quick way to convey the value of this project to potential stakeholders.

    Bolster this presentation by adding use cases and metrics that are most relevant to your organization.

    Develop a business framework

    Identifying organizational goals and how data can support those goals is key to creating a successful BI & Analytical strategy. Rounding out the business model with technology drivers, environmental factors (as described in previous steps), and internal barriers and enablers creates a holistic view of Business Intelligence within the context of the organization as a whole.

    Through business engagement and contribution, the following holistic model can be created to understand the needs of the business.

    business framework holistic model

    Activity: Describe the Industry Drivers and Organization strategy to mitigate the risk

    1.1.2

    30-45 minutes

    Industry drivers are external influencers that has an effect on a business such as economic conditions, competitor actions, trade relations, climate etc. These drivers can differ significantly by industry and even organizations within the same industry.

    1. List the industry drivers that influences your organization:
    • Public sentiment in regards to energy source
    • Rising cost of raw materials due to increase demand
  • List the company strategies, goals, objectives to counteract the external influencers:
    • Change production process to become more energy efficient
    • Win at customer service
  • Identify the value disciplines :
    • Strategic cost management
    • Operational Excellence
  • List the core process that implements the value disciplines :
    • Purchasing
    • Sales
  • Identify the BI Opportunities:
    • Cost and financial analysis
    • Customer service analysis

    Input

    • Industry drivers

    Output

    • BI Opportunities that business can leverage

    Materials

    • Industry driver section in the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive business stakeholders

    Understand BI and analytics drivers and organizational objectives

    Environmental Factors Organizational Goals Business Needs Technology Drivers
    Definition External considerations are factors taking place outside the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. Organizational drivers can be thought of as business-level metrics. These are tangible benefits the business can measure, such as customer retention, operation excellence, and/or financial performance. A requirement that specifies the behavior and the functions of a system. Technology drivers are technological changes that have created the need for a new BI solution. Many organizations turn to technology systems to help them obtain a competitive edge.
    Examples
    • Economy and politics
    • Laws and regulations
    • Competitive influencers
    • Time to market
    • Quality
    • Delivery reliability
    • Audit tracking
    • Authorization levels
    • Business rules
    • Deployment in the cloud
    • Integration
    • Reporting capabilities

    Activity: Discuss BI/Analytics drivers and organizational objectives

    1.1.3

    30-45 minutes

    1. Use the industry drivers and business goals identified in activity 1.1.2 as a starting point.
    2. Understand how the company runs today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Take into account External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.
    External Considerations Organizational Drivers Technology Considerations Functional Requirements
    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Identify challenges and barriers to the BI project

    There are several factors that may stifle the success of a BI implementation. Scan the current environment to identify internal barriers and challenges to identify potential challenges so you can meet them head-on.

    Common Internal Barriers

    Management Support
    Organizational Culture
    Organizational Structure
    IT Readiness
    Definition The degree of management understanding and acceptance towards BI solutions. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new BI solution.
    Questions
    • Is a BI project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Reliance on consultants

    Activity: Discuss BI/Analytics challenges and pain points

    1.1.4

    30-45 minutes

    1. Identify challenges with the process identified in step 1.1.2.
    2. Brainstorm potential barriers to successful BI implementation and adoption. Use a whiteboard and marker to capture key findings.
    3. Consider Functional Gaps, Technical Gaps, Process Gaps, and Barriers to BI Success.
    Functional Gaps Technical Gaps Process Gaps Barriers to Success
    • No online purchase order requisition
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Activity: Discuss opportunities and benefits

    1.1.5

    30-45 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful BI implementation and adoption. Use a whiteboard and markers to capture key findings.
    3. Consider Business Benefits, IT Benefits, Organizational Benefits, and Enablers of BI success.
    Business Benefits IT Benefits Organizational Benefits Enablers of Success
    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change management
    • Training
    • Alignment to strategic objectives

    Your organization’s framework for Business Intelligence Strategy

    Blank organization framework for Business Intelligence Strategy

    Example: Business Framework for Data & Analytics Strategy

    The following diagram represents [Client]’s business model for BI and data. This holistic view of [Client]’s current environment serves as the basis for the generation of the business-aligned Data & Analytics Strategy.

    The image is an example of Business Framework for Data & Analytics Strategy.

    Info-Tech recommends balancing a top-down approach with bottom up for building your BI strateg

    Taking a top-down approach will ensure senior management’s involvement and support throughout the project. This ensures that the most critical decisions are supported by the right data/information, aligning the entire organization with the BI strategy. Furthermore, the gains from BI will be much more significant and visible to the rest of the organization.

    Two charts showing the top-down and bottom-up approach.

    Far too often, organizations taking a bottom-up approach to BI will fail to generate sufficient buy-in and awareness from senior management. Not only does a lack of senior involvement result in lower adoption from the tactical and operational levels, but more importantly, it also means that the strategic decision makers aren’t taking advantage of BI.

    Estimate the ROI of your BI and analytics strategy to secure executive support

    The value of creating a new strategy – or revamping an existing one – needs to be conveyed effectively to a high-level stakeholder, ideally a C-level executive. That executive buy-in is more likely to be acquired when effort has been made to determine the return on investment for the overall initiative.

    1. Business Impacts
      New revenue
      Cost savings
      Time to market
      Internal Benefits
      Productivity gain
      Process optimization
      Investment
      People – employees’ time, external resources
      Data – cost for new datasets
      Technology – cost for new technologies
    2. QuantifyCan you put a number or a percentage to the impacts and benefits? QuantifyCan you estimate the investments you need to put in?
    3. TranslateTranslate the quantities into dollar value
    4. The image depicts an equation for ROI estimate

    Example

    One percent increase in revenue; three more employees $225,000/yr, $150,000/yr 50%

    Activity: Establish a high-level ROI as part of an overall use case for developing a fit-for-purpose BI strategy

    1.1.6

    1.5 hours

    Communicating an ROI that is impactful and reasonable is essential for locking in executive-level support for any initiative. Use this activity as an initial touchpoint to bring business and IT perspectives as part of building a robust business case for developing your BI strategy.

    1. Revisit the business context detailed in the previous sections of this phase. Use priority objectives to identify use case(s), ideally where there are easily defined revenue generators/cost reductions (e.g. streamlining the process of mailing physical marketing materials to customers).
    2. Assign research tasks around establishing concrete numbers and dollar values.
    • Have a subject matter expert weigh in to validate your figures.
    • When calculating ROI, consider how you might leverage BI to create opportunities for upsell, cross-sell, or increased customer retention.
  • Reconvene the stakeholder group and discuss your findings.
    • This is the point where expectation management is important. Separate the need-to-haves from the nice-to-haves.

    Emphasize that ROI is not fully realized after the first implementation, but comes as the platform is built upon iteratively and in an integrated fashion to mature capabilities over time.

    Input

    • Vision statement
    • Mission statement

    Output

    • Business differentiators and key drivers

    Materials

    • Benefit Cost Analysis section of the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive IT & business stakeholders

    An effective BI strategy positions business intelligence in the larger data lifecycle

    In an effort to keep users satisfied, many organizations rush into implementing a BI platform and generating reports for their business users. BI is, first and foremost, a presentation layer; there are several stages in the data lifecycle where the data that BI visualizes can be compromised.

    Without paying the appropriate amount of attention to the underlying data architecture and application integration, even the most sophisticated BI platforms will fall short of providing business users with a holistic view of company information.

    Example

    In moving away from single application-level reporting, a strategy around data integration practices and technology is necessary before the resultant data can be passed to the BI platform for additional analyses and visualization.

    BI doesn’t exist in a vacuum – develop an awareness of other key data management practices

    As business intelligence is primarily a presentation layer that allows business users to visualize data and turn information into actionable decisions, there are a number of data management practices that precede BI in the flow of data.

    Data Warehousing

    The data warehouse structures source data in a manner that is more operationally focused. The Reporting & Analytics Strategy must inform the warehouse strategy on data needs and building a data warehouse to meet those needs.

    Data Integration, MDM & RDM

    The data warehouse is built from different sources that must be integrated and normalized to enable Business Intelligence. The Info-Tech integration and MDM blueprints will guide with their implementation.

    Data Quality

    A major roadblock to building an effective BI solution is a lack of accurate, timely, consistent, and relevant data. Use Info-Tech’s blueprint to refine your approach to data quality management.

    Data quality, poor integration/P2P integration, poor data architecture are the primary barriers to truly leveraging BI, and a lot of companies haven’t gotten better in these areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Building consensus around data definitions across business units is a critical step in carrying out a BI strategy

    Business intelligence is heavily reliant on the ability of an organization to mesh data from different sources together and create a holistic and accurate source of truth for users.

    Useful analytics cannot be conducted if your business units define key business terms differently.

    Example

    Finance may label customers as those who have transactional records with the organization, but Marketing includes leads who have not yet had any transactions as customers. Neglecting to note these seemingly small discrepancies in data definition will undermine efforts to combine data assets from traditionally siloed functional units.

    In the stages prior to implementing any kind of BI platform, a top priority should be establishing common definitions for key business terms (customers, products, accounts, prospects, contacts, product groups, etc.).

    As a preliminary step, document different definitions for the same business terms so that business users are aware of these differences before attempting to combine data to create custom reports.

    Self-Assessment

    Do you have common definitions of business terms?

    • If not, identify common business terms.
    • At the very least, document different definitions of the same business terms so the corporate can compare and contrast them.

    STEP 1.2

    Assess the Current BI Landscape

    Establish an in-depth understanding of your current BI landscape

    Step Objectives

    • Inventory and assess the state of your current BI landscape
    • Document the artifacts of your BI environment

    Step Activities

    1.2.1 Analyze the usage levels of your current BI programs/platform

    1.2.2 Perform a survey to gather user perception of your current BI environment

    1.2.3 Take an inventory of your current BI artifacts

    Outcomes

    • Summarize the qualitative and quantitative performance of your existing BI environment
    • Understand the outputs coming from your BI sources

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Understand your current BI landscape before you rationalize

    Relying too heavily on technology as the sole way to solve BI problems results in a more complex environment that will ultimately frustrate business users. Take the time to thoroughly assess the current state of your business intelligence landscape using a qualitative (user perception) and quantitative (usage statistics) approach. The insights and gaps identified in this step will serve as building blocks for strategy and roadmap development in later phases.

    Phase 1

    Current State Summary of BI Landscape

    1.2.1 1.2.2 1.2.3 1.2.4
    Usage Insights Perception Insights BI Inventory Insights Requirements Insights

    PHASE 2

    Strategy and Roadmap Formulation

    Gather usage insights to pinpoint the hot spots for BI usage amongst your users

    Usage data reflects the consumption patterns of end users. By reviewing usage data, you can identify aspects of your BI program that are popular and those that are underutilized. It may present some opportunities for trimming some of the underutilized content.

    Benefits of analyzing usage data:

    • Usage is a proxy for popularity and usability of the BI artifacts. The popular content should be kept and improved in your next generation BI.
    • Usage information provides insight on what, when, where, and how much users are consuming BI artifacts.
    • Unlike methods such as user interviews and focus groups, usage information is fact based and is not subject to peer pressure or “toning down.”

    Sample Sources of Usage Data:

    1. Usage reports from your BI platform Many BI platforms have out-of-the-box usage reports that log and summarize usage data. This is your ideal source for usage data.
    2. Administrator console in your BI platformBI platforms usually have an administrator console that allows BI administrators to configure settings and to monitor activities that include usage. You may obtain some usage data in the console. Note that the usage data is usually real-time in nature, and you may not have access to a historical view of the BI usage.

    Info-Tech Insight

    Don’t forget some of the power users. They may perform analytics by accessing datasets directly or with the help of a query tool (even straight SQL statements). Their usage information is important. The next generation BI should provide consumption options for them.

    Accelerate the process of gathering user feedback with Info-Tech’s Application Portfolio Assessment (APA)

    In an environment where multiple BI tools are being used, discovering what works for users and what doesn’t is an important first step to rationalizing the BI landscape.

    Info-Tech’s Application Portfolio Assessment allows you to create a custom survey based on your current applications, generate a custom report that will help you visualize user satisfaction levels, and pinpoint areas for improvement.

    Activity: Review and analyze usage data

    1.2.1

    2 hours

    This activity helps you to locate usage data in your existing environment. It also helps you to review and analyze usage data to come up with a few findings.

    1. Get to the usage source. You may obtain usage data from one of the below options. Usage reports are your ideal choice, followed by some alternative options:
    2. a. Administrator console – limited to real-time or daily usage data. You may need to track usage data over for several days to identify patterns.

      b. Info-Tech’s Application Portfolio Assessment (APA).

      c. Other – be creative. Some may use an IT usage monitoring system or web analytics to track time users spent on the BI portal.

    3. Develop categories for classifying the different sources of usage data in your current BI environment. Use the following table as starting point for creating these groups:

    This is the content for Layout H4 Tag

    By Frequency Real Time Daily Weekly Yearly
    By Presentation Format Report Dashboard Alert Scorecard
    By Delivery Web portal Excel PDF Mobile application

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Activity: Review and analyze usage (cont.)

    1.2.1

    2 hours

    3. Sort your collection of BI artifacts by usage. Discuss some of the reasons why some content is popular whereas some has no usage at all.

    Popular BI Artifacts – Discuss improvements, opportunities and new artifacts

    Unpopular BI Artifacts – Discuss retirement, improvements, and realigning information needs

    4. Summarize your findings in the Usage Insights section of the BI Strategy and Roadmap Template.

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Gather perception to understand the existing BI users

    In 1.2.1, we gathered the statistics for BI usage; it’s the hard data telling who uses what. However, it does not tell you the rationale, or the why, behind the usage. Gathering user perception and having conversations with your BI consumers is the key to bridging the gap.

    User Perception Survey

    Helps you to:

    1. Get general insights on user perception
    2. Narrow down to selected areas

    User Interviews

    Perception can be gathered by user interviews and surveys. Conducting user interviews takes time so it is a good practice to get some primary insights via survey before doing in-depth interviews in selected areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Define problem statements to create proof-of-concept initiatives

    Info-Tech’s Four Column Model of Data Flow

    Find a data-related problem or opportunity

    Ask open-ended discovery questions about stakeholder fears, hopes, and frustrations to identify a data-related problem that is clear, contained, and fixable. This is then to be written as a problem/opportunity statement.

    1. Fear: What is the number one risk you need to alleviate?
    2. Hope: What is the number one opportunity you wish to realize?
    3. Frustration: What is the number one annoying pet peeve you wish to scratch?
    4. Next, gather information to support a problem/opportunity statement:

    5. What are your challenges in performing the activity or process today?
    6. What does amazing look like if we solve this perfectly?
    7. What other business activities/processes will be impacted/improved if we solve this?
    8. What compliance/regulatory/policy concerns do we need to consider in any solution?
    9. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?
    10. What are the steps in the process/activity?
    11. What are the applications/systems used at each step and from step to step?
    12. What data elements are created, used, and/or transformed at each step?

    Leverage Info-Tech’s BI survey framework to initiate a 360° perception survey

    Info-Tech has developed a BI survey framework to help existing BI practices gather user perception via survey. The framework is built upon best practices developed by McLean & Company.

    1. Communicate the survey
    2. Create a survey
    3. Conduct the survey
    4. Collect and clean survey data
    5. Analyze survey data
    6. Conduct follow-up interviews
    7. Identify and prioritize improvement initiatives

    The survey takes a comprehensive approach by examining your existing BI practices through the following lenses:

    360° Perception

    Demographics Who are the users? From which department?
    Usage How is the current BI being used?
    People Web portal
    Process How good is your BI team from a user perspective?
    Data How good is the BI data in terms of quality and usability?
    Technology How good are your existing BI/reporting tools?
    Textual Feedback The sky’s the limit. Tell us your comments and ideas via open-ended questions.

    Use Info-Tech’s BI End-User Satisfaction Survey Framework to develop a comprehensive BI survey tailored to your organization.

    Activity: Develop a plan to gather user perception of your current BI program

    1.2.2

    2 hours

    This activity helps you to plan for a BI perception survey and subsequent interviews.

    1. Proper communication while conducting surveys helps to boost response rate. The project team should have a meeting with business executives to decide:
    • The survey goals
    • Which areas to cover
    • Which trends and hypotheses you want to confirm
    • Which pre-, during, and post-survey communications should be sent out
  • Have the project team create the first draft of the survey for subsequent review by select business stakeholders. Several iterations may be needed before finalizing.
  • In planning for the conclusion of the survey, the project team should engage a data analyst to:
    1. Organize the data in a useful format
    2. Clean up the survey data when there are gaps
    3. Summarize the data into a presentable/distributable format

    Collectively, the project team and the BI consuming departments should review the presentation and discuss these items:

    Misalignment

    Opportunities

    Inefficiencies

    Trends

    Need detailed interviews?

    INPUT

    • Usage information and analyses

    OUTPUT

    • User-perception survey

    Materials

    • Perception Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM
    • Business SMEs

    Create a comprehensive inventory of your BI artifacts

    Taking an inventory of your BI artifacts allows you to understand what deliverables have been developed over the years. Inventory taking should go beyond the BI content. You may want to include additional information products such as Excel spreadsheets, reports that are coming out of an Access database, and reports that are generated from front-end applications (e.g. Salesforce).

    1. Existing Reports from BI platform

    2. If you are currently using a BI platform, you have some BI artifacts (reports, scorecards, dashboards) that are developed within the platform itself.

    • BI Usage Reports (refer to step 2.1) – if you are getting a comprehensive BI usage reports for all your BI artifacts, there is your inventory report too.
    • BI Inventory Reports – Your BI platform may provide out-of-the-box inventory reports. You can use them as your inventory.
    • If the above options are not feasible, you may need to manually create the BI inventory. You may build that from some of your existing BI documentations to save time.
  • Excel and Access

    • Work with the business units to identify if Excel and Access are used to generate reports.
  • Application Reports

    • Data applications such as Salesforce, CRM, and ERP often provide reports as an out-of-the-box feature.
    • Those reports only include data within their respective applications. However, this may present opportunities for integrating application data with additional data sources.

    Activity: Inventory your BI artifacts

    1.2.3

    2+ hours

    This activity helps you to inventory your BI information artifacts and other related information artifacts.

    1. Define the scope of your inventory. Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpret your Inventory

    Duplicated reports/ dashboards Similar reports/ dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data Classify artifacts by BI Type

    INPUT

    • Current BI artifacts and documents
    • BI Type classification

    OUTPUT

    • Summary of BI artifacts

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    Project sponsor

    1.2.4

    2+ hours

    This activity helps you to inventory your BI by report type.

    1. Classify BI artifacts by type. Use the BI Type tool to classify Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpretation of your Inventory

    Duplicated reports/dashboards Similar reports/dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data

    INPUT

    • The BI Type as used by different business units
    • Business BI requirements

    OUTPUT

    • Summary of BI type usage across the organization

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    STEP 1.3

    Undergo BI Requirements Gathering

    Perform requirements gathering for revamping your BI environment

    Step Objectives

    • Create principles that will direct effective requirements gathering
    • Create a list of existing and desired BI requirements

    Step Activities

    1.3.1 Create requirements gathering principles

    1.3.2 Gather appropriate requirements

    1.3.3 Organize and consolidate the outputs of requirements gathering activities

    Outcomes

    • Requirements gathering principles that are flexible and repeatable
    • List of BI requirements

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Business Users

    Don’t let your new BI platform become a victim of poor requirements gathering

    The challenges in requirements management often have underlying causes; find and eliminate the root causes rather than focusing on the symptoms.

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality and are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • Teams are frustrated within IT and the business.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been, and continues to be, the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle to clear when it is time to optimize the requirements gathering process.

    Define the attributes of a good requirement to help shape your requirements gathering principles

    A good requirement has the following attributes:

    Verifiable It is stated in a way that can be tested.
    Unambiguous It is free of subjective terms and can only be interpreted in one way.
    Complete It contains all relevant information.
    Consistent It does not conflict with other requirements.
    Achievable It is possible to accomplish given the budgetary and technological constraints.
    Traceable It can be tracked from inception to testing.
    Unitary It addresses only one thing and cannot be deconstructed into multiple requirements.
    Accurate It is based on proven facts and correct information.

    Other Considerations

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need.

    Activity: Define requirements gathering principles

    1.3.1

    1 hour

    1. Invite representatives from the project management office, project management team, and BA team, as well as some key business stakeholders.
    2. Use the sample categories and principles in the table below as starting points for creating your own requirements gathering principles.
    3. Document the requirements gathering principles in the BI Strategy and Roadmap Template.
    4. Communicate the requirements gathering principles to the affected BI stakeholders.

    Sample Principles to Start With

    Effectiveness Face-to-face interviews are preferred over phone interviews.
    Alignment Clarify any misalignments, even the tiniest ones.
    Validation Rephrase requirements at the end to validate requirements.
    Ideation Use drawings and charts to explain ideas.
    Demonstration Make use of Joint Application Development (JAD) sessions.

    INPUT

    • Existing requirement principles (if any)

    OUTPUT

    • Requirements gathering principles that can be revisited and reused

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA Team
    • PM
    • Business stakeholders
    • PMO

    Info-Tech Insight

    Turn requirements gathering principles into house rules. The house rules should be available in every single requirements gathering session and the participants should revisit them when there are disagreements, confusion, or silence.

    Right-size your approach to BI requirements management

    Info-Tech suggests four requirements management approaches based on project complexity and business significance. BI projects usually require the Strategic Approach in requirements management.

    Requirements Management Process Explanations

    Approach Definition Recommended Strategy
    Strategic Approach High business significance and high project complexity merits a significant investment of time and resources in requirements gathering. Treat the requirements gathering phase as a project within a project. A large amount of time should be dedicated to elicitation, business process mapping, and solution design.
    Fundamental Approach High business significance and low project complexity merits a heavy emphasis on the elicitation phase to ensure that the project bases are covered and business value is realized. Look to achieve quick wins and try to survey a broad cross-section of stakeholders during elicitation and validation. The elicitation phase should be highly iterative. Do not over-complicate the analysis and validation of a straightforward project.
    Calculated Approach Low business significance and high project complexity merits a heavy emphasis on the analysis and validation phases to ensure that the solution meets the needs of users. Allocate a significant amount of time to business process modeling, requirements categorization, prioritization, and solution modeling.
    Elementary Approach Low business significance and low project complexity does not merit a high amount of rigor for requirements gathering. Do not rush or skip steps, but aim to be efficient. Focus on basic elicitation techniques (e.g. unstructured interviews, open-ended surveys) and consider capturing requirements as user stories. Focus on efficiency to prevent project delays and avoid squandering resources.

    Vary the modes used in eliciting requirements from your user base

    Requirements Gathering Modes

    Info-Tech has identified four effective requirements gathering modes. During the requirements gathering process, you may need to switch between the four gathering modes to establish a thorough understanding of the information needs.

    Dream Mode

    • Mentality: Let users’ imaginations go wild. The sky’s the limit.
    • How it works: Ask users to dream up the ideal future state and ask how analytics can support those dreams.
    • Limitations: Not all dreams can be fulfilled. A variety of constraints (budget, personnel, technical skills) may prevent the dreams from becoming reality.

    Pain Mode

    • Mentality: Users are currently experiencing pains related to information needs.
    • How it works: Vent the pains. Allow end users to share their information pains, ask them how their pains can be relieved, then convert those pains to requirements.
    • Limitations: Users are limited by the current situation and aren’t looking to innovate.

    Decode Mode

    • Mentality: Read the hidden messages from users. Speculate as to what the users really want.
    • How it works: Decode the underlying messages. Be innovative to develop hypotheses and then validate with the users.
    • Limitations: Speculations and hypothesis could be invalid. They may direct the users into some pre-determined directions.

    Profile Mode

    • Mentality: “I think you may want XYZ because you fall into that profile.”
    • How it works: The information user may fall into some existing user group profile or their information needs may be similar to some existing users.
    • Limitations: This mode doesn’t address very specific needs.

    Supplement BI requirements with user stories and prototyping to ensure BI is fit for purpose

    BI is a continually evolving program. BI artifacts that were developed in the past may not be relevant to the business anymore due to changes in the business and information usage. Revamping your BI program entails revisiting some of the BI requirements and/or gathering new BI requirements.

    Three-Step Process for Gathering Requirements

    Requirements User Stories Rapid Prototyping
    Gather requirements. Most importantly, understand the business needs and wants. Leverage user stories to organize and make sense of the requirements. Use a prototype to confirm requirements and show the initial draft to end users.

    Pain Mode: “I can’t access and manipulate data on my own...”

    Decode Mode: Dig deeper: could this hint at a self-service use case?

    Dream Mode: E.g. a sandbox area where I can play around with clean, integrated, well-represented data.

    Profile Mode: E.g. another marketing analyst is currently using something similar.

    ExampleMary has a spreadmart that keeps track of all campaigns. Maintaining and executing that spreadmart is time consuming.

    Mary is asking for a mash-up data set that she can pivot on her own…

    Upon reviewing the data and the prototype, Mary decided to use a heat map and included two more data points – tenure and lifetime value.

    Identify which BI styles best meet user requirements

    A spectrum of Business Intelligence solutions styles are available. Use Info-Tech’s BI Styles Tool to assess which business stakeholder will be best served by which style.

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as on-line analytical processing): Flexible tool-based, user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics. 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods and historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future. 5 3 5

    Activity: Gather BI requirements

    1.3.2

    2-6 hours

    Using the approaches discussed on previous slides, start a dialogue with business users to confirm existing requirements and develop new ones.

    1. Invite business stakeholders to a requirements gathering session.
    2. For existing BI artifacts – Invite existing users of those artifacts.

      For new BI development – Invite stakeholders at the executive level to understand the business operation and their needs and wants. This is especially important if their department is new to BI.

    3. Discuss the business requirements. Systematically switch between the four requirements gathering modes to get a holistic view of the requirements.
    4. Once requirements are gathered, organize them to tell a story. A story usually has these components:
    The Setting The Characters The Venues The Activities The Future
    Example Customers are asking for a bundle discount. CMO and the marketing analysts want to… …the information should be available in the portal, mobile, and Excel. …information is then used in the bi-weekly pricing meeting to discuss… …bundle information should contain historical data in a graphical format to help executives.

    INPUT

    • Existing documentations on BI artifacts

    OUTPUT

    • Preliminary, uncategorized list of BI requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA team
    • Business stakeholders
    • Business SMEs
    • BI developers

    Clarify consumer needs by categorizing BI requirements

    Requirements are too broad in some situations and too detailed in others. In the previous step we developed user stories to provide context. Now you need to define requirement categories and gather detailed requirements.

    Considerations for Requirement Categories

    Category Subcategory Sample Requirements
    Data Granularity Individual transaction
    Transformation Transform activation date to YYYY-MM format
    Selection Criteria Client type: consumer. Exclude SMB and business clients. US only. Recent three years
    Fields Required Consumer band, Region, Submarket…
    Functionality Filters Filters required on the dashboard: date range filter, region filter…
    Drill Down Path Drill down from a summary report to individual transactions
    Analysis Required Cross-tab, time series, pie chart
    Visual Requirements Mock-up See attached drawing
    Section The dashboard will be presented using three sections
    Conditional Formatting Below-average numbers are highlighted
    Security Mobile The dashboard needs to be accessed from mobile devices
    Role Regional managers will get a subset of the dashboard according to the region
    Users John, Mary, Tom, Bob, and Dave
    Export Dashboard data cannot be exported into PDF, text, or Excel formats
    Performance Speed A BI artifact must be loaded in three seconds
    Latency Two seconds response time when a filter is changed
    Capacity Be able to serve 50 concurrent users with the performance expected
    Control Governance Govern by the corporate BI standards
    Regulations Meet HIPPA requirements
    Compliance Meet ISO requirements

    Prioritize requirements to assist with solution modeling

    Prioritization ensures that the development team focuses on the right requirements.

    The MoSCoW Model of Prioritization

    Must Have Requirements that mustbe implemented for the solution to be considered successful.
    Should Have Requirements that are high priority and should be included in the solution if possible.
    Could Have Requirements that are desirable but not necessary and could be included if resources are available.
    Won't Have Requirements that won’t be in the next release but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure that efforts are targeted towards the proper requirements and the plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    Activity: Finalize the list of BI requirements

    1.3.3

    1-4 hours

    Requirement Category Framework

    Category Subcategory
    Data Granularity
    Transformation
    Selection Criteria
    Fields Required
    Functionality Filters
    Drill Down Path
    Analysis Required
    Visual Requirements Mock-up
    Section
    Conditional Formatting
    Security Mobile
    Role
    Users
    Export
    Performance Speed
    Latency
    Capacity
    Control Governance
    Regulations
    Compliance

    Create requirement buckets and classify requirements.

    1. Define requirement categories according to the framework.
    2. Review the user story and requirements you collected in Step 1.3.2. Classify the requirements within requirement categories.
    3. Review the preliminary list of categorized requirements and look for gaps in this detailed view. You may need to gather additional requirements to fill the gaps.
    4. Prioritize the requirements according to the MoSCoW framework.
    5. Document your final list of requirements in the BI Strategy and Roadmap Template.

    INPUT

    • Existing requirements and new requirements from step 1.3.2

    OUTPUT

    • Prioritized and categorized requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Business stakeholders
    • PMO

    Translate your findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    As you progress through each phase, document findings and ideas as they arise. At phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translating findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 1 findings, ideas, and action items

    1.3.4

    1-2 hours

    1. Reconvene as a group to review findings, ideas, and actions harvested in Phase 1. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 1

      Sample Phase 1 Findings Found two business objectives that are not supported by BI/analytics
      Some executives still think BI is reporting
      Some confusion around operational reporting and BI
      Data quality plays a big role in BI
      Many executives are not sure about the BI ROI or asking for one
    4. Select the top findings and document them in the “Other Phase 1 Findings” section of the BI Strategy and Roadmap Template. The findings will be used again in Phase 3.

    INPUT

    • Phase 1 activities
    • Business context (vision, mission, goals, etc.

    OUTPUT

    • Other Phase 1 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1-1.1.5

    Establish the business context

    To begin the workshop, your project team will be taken through a series of activities to establish the overall business vision, mission, objectives, goals, and key drivers. This information will serve as the foundation for discerning how the revamped BI strategy needs to enable business users.

    1.2.1- 1.2.3

    Create a comprehensive documentation of your current BI environment

    Our analysts will take your project team through a series of activities that will facilitate an assessment of current BI usage and artifacts, and help you design an end-user interview survey to elicit context around BI usage patterns.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts

    1.3.1-1.3.3

    Establish new BI requirements

    Our analysts will guide your project team through frameworks for eliciting and organizing requirements from business users, and then use those frameworks in exercises to gather some actual requirements from business stakeholders.

    Phase 2

    Evaluate Your Current BI Practice

    Build a Reporting and Analytics Strategy

    Revisit project metrics to track phase progress

    Goals for Phase 2:

    • Assess your current BI practice. Determine the maturity of your current BI practice from different viewpoints.
    • Develop your BI target state. Plan your next generation BI with Info-Tech’s BI patterns and best practices.
    • Safeguard your target state. Avoid BI pitfalls by proactively monitoring BI risks.

    Info-Tech’s Suggested Metrics for Tracking Phase 2 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    # of groups participated in the current state assessment The number of groups joined the current assessment using Info-Tech’s BI Practice Assessment Tool Varies; the tool can accommodate up to five groups
    # of risks mitigated Derive from your risk register At least two to five risks will be identified and mitigated

    Intangible Metrics:

    • Prototyping approach allows the BI group to understand more about business requirements, and in the meantime, allows the business to understand how to partner with the BI group.
    • The BI group and the business have more confidence in the BI program as risks are monitored and mitigated on an ad hoc basis.

    Evaluate your current BI practice

    Phase 2 Overarching Insight

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment, and data management, data quality, and related data practices must be strong. Otherwise, the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 2 overview

    Detailed Overview

    Step 1: Assess Your Current BI Practice

    Step 2: Envision a Future State for Your BI Practice

    Outcomes

    • A comprehensive assessment of current BI practice maturity and capabilities.
    • Articulation of your future BI practice.
    • Improvement objectives and activities for developing your current BI program.

    Benefits

    • Identification of clear gaps in BI practice maturity.
    • A current state assessment that includes the perspectives of both BI providers and consumers to highlight alignment and/or discrepancies.
    • A future state is defined to provide a benchmark for your BI program.
    • Gaps between the future and current states are identified; recommendations for the gaps are defined.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Evaluate Your Current BI Practice

    Proposed Time to Completion: 1-2 weeks

    Step 2.1: Assess Your Current BI Practice

    Start with an analyst kick-off call:

    • Detail the benefits of conducting multidimensional assessments that involve BI providers as well as consumers.
    • Review Info-Tech’s BI Maturity Model.

    Then complete these activities…

    • SWOT analyses
    • Identification of BI maturity level through a current state assessment

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Step 2.2: Envision a Future State for Your BI Practice

    Review findings with an analyst:

    • Discuss overall maturity gaps and patterns in BI perception amongst different units of your organization.
    • Discuss how to translate activity findings into robust initiatives, defining critical success factors for BI development and risk mitigation.

    Then complete these activities…

    • Identify your desired BI patterns and functionalities.
    • Complete a target state assessment for your BI practice.
    • Review capability practice gaps and phase-level metrics.

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Phase 2 Results & Insights:

    • A comprehensive assessment of the organization’s current BI practice capabilities and gaps
    • Visualization of BI perception from a variety of business users as well as IT
    • A list of tasks and initiatives for constructing a strategic BI improvement roadmap

    STEP 2.1

    Assess the Current State of Your BI Practice

    Assess your organization’s current BI capabilities

    Step Objectives

    • Understand the definitions and roles of each component of BI.
    • Contextualize BI components to your organization’s environment and current practices.

    Step Activities

    2.1.1 Perform multidimensional SWOT analyses

    2.1.2 Assess current BI and analytical capabilities, Document challenges, constraints, opportunities

    2.1.3 Review the results of your current state assessment

    Outcomes

    • Holistic perspective of current BI strengths and weaknesses according to BI users and providers
    • Current maturity in BI and related data management practices

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Gather multiple BI perspectives with comprehensive SWOT analyses

    SWOT analysis is an effective tool that helps establish a high-level context for where your practice stands, where it can improve, and the factors that will influence development.

    Strengths

    Best practices, what is working well

    Weaknesses

    Inefficiencies, errors, gaps, shortcomings

    Opportunities

    Review internal and external drivers

    Threats

    Market trends, disruptive forces

    While SWOT is not a new concept, you can add value to SWOT by:

    • Conducting a multi-dimensional SWOT to diversify perspectives – involve the existing BI team, BI management, business executives and other business users.
    • SWOT analyses traditionally provide a retrospective view of your environment. Add a future-looking element by creating improvement tasks/activities at the same time as you detail historical and current performance.

    Info-Tech Insight

    Consider a SWOT with two formats: a private SWOT worksheet and a public SWOT session. Participants will be providing suggestions anonymously while solicited suggestions will be discussed in the public SWOT session to further the discussion.

    Activity: Perform a SWOT analysis in groups to get a holistic view

    2.1.1

    1-2 hours

    This activity will take your project team through a holistic SWOT analysis to gather a variety of stakeholder perception of the current BI practice.

    1. Identify individuals to involve in the SWOT activity. Aim for a diverse pool of participants that are part of the BI practice in different capacities and roles. Solution architects, application managers, business analysts, and business functional unit leaders are a good starting point.
    2. Review the findings summary from Phase 1. You may opt to facilitate this activity with insights from the business context. Each group will be performing the SWOT individually.
    3. The group results will be collected and consolidated to pinpoint common ideas and opinions. Individual group results should be represented by a different color. The core program team will be reviewing the consolidated result as a group.
    4. Document the results of these SWOT activities in the appropriate section of the BI Strategy and Roadmap Template.

    SWOT

    Group 1 Provider Group E.g. The BI Team

    Group 2 Consumer Group E.g. Business End Users

    INPUT

    • IT and business stakeholder perception

    OUTPUT

    • Multi-faceted SWOT analyses
    • Potential BI improvement activities/objectives

    Materials

    • SWOT Analysis section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals in the enterprise (variable)

    Your organization’s BI maturity is determined by several factors and the degree of immersion into your enterprise

    BI Maturity Level

    A way to categorize your analytics maturity to understand where you are currently and what next steps would be best to increase your BI maturity.

    There are several factors used to determine BI maturity:

    Buy-in and Data Culture

    Determines if there is enterprise-wide buy-in for developing business intelligence and if a data-driven culture exists.

    Business–IT Alignment

    Examines if current BI and analytics operations are appropriately enabling the business objectives.

    Governance Structure

    Focuses on whether or not there is adequate governance in place to provide guidance and structure for BI activities.

    Organization Structure and Talent

    Pertains to how BI operations are distributed across the overall organizational structure and the capabilities of the individuals involved.

    Process

    Reviews analytics-related processes and policies and how they are created and enforced throughout the organization.

    Data

    Deals with analytical data in terms of the level of integration, data quality, and usability.

    Technology

    Explores the opportunities in building a fit-for-purpose analytics platform and consolidation opportunities.

    Evaluate Your Current BI Practice with the CMMI model

    To assess BI, Info-Tech uses the CMMI model for rating capabilities in each of the function areas on a scale of 1-5. (“0” and “0.5” values are used for non-existent or emerging capabilities.)

    The image shows an example of a CMMI model

    Use Info-Tech’s BI Maturity Model as a guide for identifying your current analytics competence

    Leverage a BI strategy to revamp your BI program to strive for a high analytics maturity level. In the future you should be doing more than just traditional BI. You will perform self-service BI, predictive analytics, and data science.

    Ad Hoc Developing Defined Managed Trend Setting
    Questions What’s wrong? What happened? What is happening? What happened, is happening, and will happen? What if? So what?
    Scope One business problem at a time One particular functional area Multiple functional areas Multiple functional areas in an integrated fashion Internal plus internet scale data
    Toolset Excel, Access, primitive query tools Reporting tools or BI BI BI, business analytics tools Plus predictive platforms, data science tools
    Delivery Model IT delivers ad hoc reports IT delivers BI reports IT delivers BI reports and some self-service BI Self-service BI and report creation at the business units Plus predictive models and data science projects
    Mindset Firefighting using data Manage using data Analyze using data; shared tooling Data is an asset, shared data Data driven
    BI Org. Structure Data analysts in IT BI BI program BI CoE Data Innovation CoE

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI current state

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analysis of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Conduct a current state assessment of your BI practice maturity

    2.1.2

    2-3 hours

    Use the BI Practice Assessment Tool to establish a baseline for your current BI capabilities and maturity.

    1. Navigate to Tab 2. Current State Assessment in the BI Practice Assessment Tool and complete the current state assessment together or in small groups. If running a series of assessments, do not star or scratch every time. Use the previous group’s results to start the conversation with the users.
    2. Info-Tech suggests the following groups participate in the completion of the assessment to holistically assess BI and to uncover misalignment:

      Providers Consumers
      CIO & BI Management BI Work Groups (developers, analysts, modelers) Business Unit #1 Business Unit #2 Business Unit #3
    3. For each assessment question, answer the current level of maturity in terms of:
      1. Initial/Ad hoc – the starting point for use of a new or undocumented repeat process
      2. Developing – the process is documented such that it is repeatable
      3. Defined – the process is defined/confirmed as a standard business process
      4. Managed and Measurable – the process is quantitatively managed in accordance with agreed-upon metrics.
      5. Optimized – the process includes process optimization/improvement.

    INPUT

    • Observations of current maturity

    OUTPUT

    • Comprehensive current state assessment

    Materials

    • BI Practice Assessment Tool
    • Current State Assessment section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals as suggested by the assessment tool

    Info-Tech Insight

    Discuss the rationale for your answers as a group. Document the comments and observations as they may be helpful in formulating the final strategy and roadmap.

    Activity: Review and analyze the results of the current state assessment

    2.1.3

    2-3 hours

    1. Navigate to Tab 3. Current State Results in the BI Practice Assessment Tool and review the findings:

    The tool provides a brief synopsis of your current BI state. Review the details of your maturity level and see where this description fits your organization and where there may be some discrepancies. Add additional comments to your current state summary in the BI Strategy and Roadmap Document.

    In addition to reviewing the attributes of your maturity level, consider the following:

    1. What are the knowns – The knowns confirm your understanding on the current landscape.
  • What are the unknowns – The unknowns show you the blind spots. They are very important to give you an alternative view of the your current state. The group should discuss those blind spots and determine what to do with them.
  • Activity: Review and analyze the results of the current state assessment (cont.)

    2.1.3

    2-3 hours

    2. Tab 3 will also visualize a breakdown of your maturity by BI practice dimension. Use this graphic as a preliminary method to identify where your organization is excelling and where it may need improvement.

    Better Practices

    Consider: What have you done in the areas where you perform well?

    Candidates for Improvement

    Consider: What can you do to improve these areas? What are potential barriers to improvement?

    STEP 2.2

    Envision a Future State for Your Organization’s BI Practice

    Detail the capabilities of your next generation BI practice

    Step Objectives

    • Create guiding principles that will shape your organization’s ideal BI program.
    • Pinpoint where your organization needs to improve across several BI practice dimensions.
    • Develop approaches to remedy current impediments to BI evolution.
    • Step Activities

      2.2.1 Define guiding principles for the future state

      2.2.2 Define the target state of your BI practice

      2.2.3 Confirm requirements for BI Styles by management group

      2.2.4 Analyze gaps in your BI practice and generate improvement activities and objectives

      2.2.5 Define the critical success factors for future BI

      2.2.6 Identify potential risks for your future state and create a mitigation plan

    Outcomes

    • Defined landscape for future BI capabilities, including desired BI functionalities.
    • Identification of crucial gaps and improvement points to include in a BI roadmap.
    • Updated BI Styles Usage sheet.

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Define guiding principles to drive your future state envisioning

    Envisioning a BI future state is essentially architecting the future for your BI program. It is very similar to enterprise architecture (EA). Guiding principles are widely used in enterprise architecture. This best practice should also be used in BI envisioning.

    Benefits of Guiding Principles in a BI Context

    • BI planning involves a number of business units. Defining high-level future state principles helps to establish a common ground for those different business units.
    • Ensure the next generation BI aligns with the corporate enterprise architecture and data architecture principles.
    • Provide high-level guidance without depicting detailed solutioning by leaving room for innovation.

    Sample Principles for BI Future State

    1. BI should be fit for purpose. BI is a business technology that helps business users.
    2. Business–IT collaboration should be encouraged to ensure deliverables are relevant to the business.
    3. Focus on continuous improvement on data quality.
    4. Explore opportunities to onboard and integrate new datasets to create a holistic view of your data.
    5. Organize and present data in an easy-to-consume, easy-to-digest fashion.
    6. BI should be accessible to everything, as soon as they have a business case.
    7. Do not train just on using the platform. Train on the underlying data and business model as well.
    8. Develop a training platform where trainees can play around with the data without worrying about messing it up.

    Activity: Define future state guiding principles for your BI practice

    2.2.1

    1-2 hours

    Guiding principles are broad statements that are fundamental to how your organization will go about its activities. Use this as an opportunity to gather relevant stakeholders and solidify how your BI practice should perform moving forward.

    1. To ensure holistic and comprehensive future state principles, invite participants from the business, the data management team, and the enterprise architecture team. If you do not have an enterprise architecture practice, invite people that are involved in building the enterprise architecture. Five to ten people is ideal.
    2. BI Future State

      Awareness Buy-in Business-IT Alignment Governance Org. Structure; People Process; Policies; Standards Data Technology
    3. Once the group has some high-level ideas on what the future state looks like, brainstorm guiding principles that will facilitate the achievement of the future state (see above).
    4. Document the future state principles in the Future State Principles for BI section of the BI Strategy and Roadmap Template

    INPUT

    • Existing enterprise architecture guiding principles
    • High-level concept of future state BI

    OUTPUT

    • Guiding principles for prospective BI practice

    Materials

    • Future State Principles section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives
    • The EA group

    Leverage prototypes to facilitate a continuous dialogue with end users en route to creating the final deliverable

    At the end of the day, BI makes data and information available to the business communities. It has to be fit for purpose and relevant to the business. Prototypes are an effective way to ensure relevant deliverables are provided to the necessary users. Prototyping makes your future state a lot closer and a lot more business friendly.

    Simple Prototypes

    • Simple paper-based, whiteboard-based prototypes with same notes.
    • The most basic communication tool that facilitates the exchange of ideas.
    • Often used in Joint Application Development (JAD) sessions.
    • Improve business and IT collaboration.
    • Can be used to amend requirements documents.

    Discussion Possibilities

    • Initial ideation at the beginning
    • Align everyone on the same page
    • Explain complex ideas/layouts
    • Improve collaboration

    Elaborated Prototypes

    • Demonstrates the possibilities of BI in a risk-free environment.
    • Creates initial business value with your new BI platform.
    • Validates the benefits of BI to the organization.
    • Generates interest and support for BI from senior management.
    • Prepares BI team for the eventual enterprise-wide deployment.

    Discussion Possibilities

    • Validate and refine requirements
    • Fail fast, succeed fast
    • Acts as checkpoints
    • Proxy for the final working deliverable

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI target state and visualize capability gaps

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Document essential findings in Info-Tech’s BI Strategy and Roadmap Template.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analyses of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Define the target state for your BI practice

    2.2.2

    2 hours

    This exercise takes your team through establishing the future maturity of your BI practice across several dimensions.

    1. Envisioning of the future state will involve input from the business side as well as the IT department.
    2. The business and IT groups should get together separately and determine the target state maturity of each of the BI practice components:

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Define the target state for your BI practice (cont.)

    2.2.2

    2 hours

    2. The target state levels from the two groups will be averaged in the column “Target State Level.” The assessment tool will automatically calculate the gaps between future state value and the current state maturity determined in Step 2.1. Significant gaps in practice maturity will be highlighted in red; smaller or non-existent gaps will appear green.

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool with Gap highlighted.

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Revisit the BI Style Analysis sheet to define new report and analytical requirements by C-Level

    2.2.3

    1-2 hours

    The information needs for each executive is unique to their requirements and management style. During this exercise you will determine the reporting and analytical needs for an executive in regards to content, presentation and cadence and then select the BI style that suite them best.

    1. To ensure a holistic and comprehensive need assessment, invite participants from the business and BI team. Discuss what data the executive currently use to base decisions on and explore how the different BI styles may assist. Sample reports or mock-ups can be used for this purpose.
    2. Document the type of report and required content using the BI Style Tool.
    3. The BI Style Tool will then guide the BI team in the type of reporting to develop and the level of Self-Service BI that is required. The tool can also be used for product selection.

    INPUT

    • Information requirements for C-Level Executives

    OUTPUT

    • BI style(s) that are appropriate for an executive’s needs

    Materials

    • BI Style Usage sheet from BI Strategy and Roadmap Template
    • Sample Reports

    Participants

    • Business representatives
    • BI representatives

    Visualization tools facilitate a more comprehensive understanding of gaps in your existing BI practice

    Having completed both current and target state assessments, the BI Practice Assessment Tool allows you to compare the results from multiple angles.

    At a higher level, you can look at your maturity level:

    At a detailed level, you can drill down to the dimensional level and item level.

    The image is a screenshots from Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    At a detailed level, you can drill down to the dimensional level and item level.

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities

    2.2.4

    2 hours

    This interpretation exercise helps you to make sense of the BI practice assessment results to provide valuable inputs for subsequent strategy and roadmap formulation.

    1. IT management and the BI team should be involved in this exercise. Business SMEs should be consulted frequently to obtain clarifications on what their ideal future state entails.
    2. Begin this exercise by reviewing the heat map and identifying:

    • Areas with very large gaps
    • Areas with small gaps

    Areas with large gaps

    Consider: Is the target state feasible and achievable? What are ways we can improve incrementally in this area? What is the priority for addressing this gap?

    Areas with small/no gaps

    Consider: Can we learn from those areas? Are we setting the bar too low for our capabilities?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    2. Discuss the differences in the current and target state maturity level descriptions. Questions to ask include:

    • What are the prerequisites before we can begin to build the future state?
    • Is the organization ready for that future state? If not, how do we set expectations and vision for the future state?
    • Do we have the necessary competencies, time, and support to achieve our BI vision?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    3. Have the same group members reconvene and discuss the recommendations at the BI practice dimension level on Tab 5. of the BI Practice Assessment Tool. These recommendations can be used as improvement actions or translated into objectives for building your BI capabilities.

    Example

    The heat map displayed the largest gap between target state and current state in the technology dimension. The detailed drill-down chart will further illustrate which aspect(s) of the technology dimension is/are showing the most room for improvement in order to better direct your objective and initiative creation.

    The image is of an example and recommendations.

    Considerations:

    • What dimension parameters have the largest gaps? And why?
    • Is there a different set of expectations for the future state?

    Define critical success factors to direct your future state

    Critical success factors (CSFs) are the essential factors or elements required for ensuring the success of your BI program. They are used to inform organizations with things they should focus on to be successful.

    Common Provider (IT Department) CSFs

    • BI governance structure and organization is created.
    • Training is provided for the BI users and the BI team.
    • BI standards are in place.
    • BI artifacts rely on quality data.
    • Data is organized and presented in a usable fashion.
    • A hybrid BI delivery model is established.
    • BI on BI; a measuring plan has to be in place.

    Common Consumer (Business) CSFs

    • Measurable business results have been improved.
    • Business targets met/exceeded.
    • Growth plans accelerated.
    • World-class training to empower BI users.
    • Continuous promotion of a data-driven culture.
    • IT–business partnership is established.
    • Collaborative requirements gathering processes.
    • Different BI use cases are supported.

    …a data culture is essential to the success of analytics. Being involved in a lot of Bay Area start-ups has shown me that those entrepreneurs that are born with the data DNA, adopt the data culture and BI naturally. Other companies should learn from these start-ups and grow the data culture to ensure BI adoption.

    – Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP

    Activity: Define provider and consumer critical success factors for your future BI capabilities

    2.2.5

    2 hours

    Create critical success factors that are important to both BI providers and BI consumers.

    1. Divide relevant stakeholders into two groups:
    2. BI Provider (aka IT) BI Consumer (aka Business)
    3. Write two headings on the board: Objective and Critical Success Factors. Write down each of the objectives created in Phase 1.
    4. Divide the group into small teams and assign each team an objective. For each objective, ask the following question:
    5. What needs to be put in place to ensure that this objective is achieved?

      The answer to the question is your candidate CSF. Write CSFs on sticky notes and stick them by the relevant objective.

    6. Rationalize and consolidate CSFs. Evaluate the list of candidate CSFs to find the essential elements for achieving success.
    7. For each CSF, identify at least one key performance indicator that will serve as an appropriate metric for tracking achievement.

    As you evaluate candidate CSFs, you may uncover new objectives for achieving your future state BI.

    INPUT

    • Business objectives

    OUTPUT

    • A list of critical success factors mapped to business objectives

    Materials

    • Whiteboard and colored sticky notes
    • CSFs for the Future State section of the BI Strategy and Roadmap Template

    Participants

    • Business and IT representatives
    • CIO
    • Head of BI

    Round out your strategy for BI growth by evaluating risks and developing mitigation plans

    A risk matrix is a useful tool that allows you to track risks on two dimensions: probability and impact. Use this matrix to help organize and prioritize risk, as well as develop mitigation strategies and contingency plans appropriately.

    Example of a risk matrix using colour coding

    Info-Tech Insight

    Tackling risk mitigation is essentially purchasing insurance. You cannot insure everything – focus your investments on mitigating risks with a reasonably high impact and high probability.

    Be aware of some common barriers that arise in the process of implementing a BI strategy

    These are some of the most common BI risks based on Info-Tech’s research:

    Low Impact Medium Impact High Impact
    High Probability
    • Users revert back to Microsoft Excel to analyze data.
    • BI solution does not satisfy the business need.
    • BI tools become out of sync with new strategic direction.
    • Poor documentation creates confusion and reduces user adoption.
    • Fail to address data issues: quality, integration, definition.
    • Inadequate communication with stakeholders throughout the project.
    • Users find the BI tool interface too confusing.
    Medium Probability
    • Fail to define and monitor KPIs.
    • Poor training results in low user adoption.
    • Organization culture is resistant to the change.
    • Lack of support from the sponsors.
    • No governance over BI.
    • Poor training results in misinformed users.
    Low Probability
    • Business units independently invest in BI as silos.

    Activity: Identify potential risks for your future state and create a mitigation plan

    2.2.6

    1 hour

    As part of developing your improvement actions, use this activity to brainstorm some high-level plans for mitigating risks associated with those actions.

    Example:

    Users find the BI tool interface too confusing.

    1. Use the probability-impact matrix to identify risks systematically. Collectively vote on the probability and impact for each risk.
    2. Risk mitigation. Risk can be mitigated by three approaches:
    3. A. Reducing its probability

      B. Reducing its impact

      C. Reducing both

      Option A: Brainstorm ways to reduce risk probability

      E.g. The probability of the above risk may be reduced by user training. With training, the probability of confused end users will be reduced.

      Option B: Brainstorm ways to reduce risk impact

      E.g. The impact can be reduced by ensuring having two end users validate each other’s reports before making a major decision.

    4. Document your high-level mitigation strategies in the BI Strategy and Roadmap Template.

    INPUT

    • Step 2.2 outputs

    OUTPUT

    • High-level risk mitigation plans

    Materials

    • Risks and Mitigation section of the BI Strategy and Roadmap Template

    Participants

    • BI sponsor
    • CIO
    • Head of BI

    Translate your findings and ideas into actions that will be integrated into the BI strategy and roadmap

    As you progress through each phase, document findings and ideas as they arise. By phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translated findings and ideas into actions that will be integrated into the BI strategy and roadmap.

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 2 findings, ideas, and action items

    2.2.7

    1-2 hours

    1. Reconvene as a group to review the findings, ideas, and actions harvested in Phase 2. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 2

      Sample Phase 2 Findings Found a gap between the business expectation and the existing BI content they are getting.
      Our current maturity level is “Level 2 – Operational.” Almost everyone thinks we should be at least “Level 3 – Tactical” with some level 4 elements.
      Found an error in a sales report. A quick fix is identified.
      The current BI program is not able to keep up with the demand.
    4. Select the top items and document the findings in the BI Strategy Roadmap Template. The findings will be used to build a Roadmap in Phase 3.

    INPUT

    • Phase 2 activities

    OUTPUT

    • Other Phase 2 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1

    Determine your current BI maturity level

    The analyst will take your project team through Info-Tech’s BI Practice Assessment Tool, which collects perspectives from BI consumer and provider groups on multiple facets of your BI practice in order to establish a current maturity level.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    2.2.1

    Define guiding principles for your target BI state

    Using enterprise architecture principles as a starting point, our analyst will facilitate exercises to help your team establish high-level standards for your future BI practice.

    2.2.2-2.2.3

    Establish your desired BI patterns and matching functionalities

    In developing your BI practice, your project team will have to decide what BI-specific capabilities are most important to your organization. Our analyst will take your team through several BI patterns that Info-Tech has identified and discuss how to bridge the gap between these patterns, linking them to specific functional requirements in a BI solution.

    2.2.4-2.2.5

    Analyze the gaps in your BI practice capabilities

    Our analyst will guide your project team through a number of visualizations and explanations produced by our assessment tool in order to pinpoint the problem areas and generate improvement ideas.

    Phase 3

    Create a BI Roadmap for Continuous Improvement

    Build a Reporting and Analytics Strategy

    Create a BI roadmap for continuous improvement

    Phase 3 Overarching Insight

    The benefit of creating a comprehensive and actionable roadmap is twofold: not only does it keep BI providers accountable and focused on creating incremental improvement, but a roadmap helps to build momentum around the overall project, provides a continuous delivery of success stories, and garners grassroots-level support throughout the organization for BI as a key strategic imperative.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 3 overview

    Detailed Overview

    Step 1: Establish Your BI Initiative Roadmap

    Step 2: Identify Opportunities to Enhance Your BI Practice

    Step 3: Create Analytics Strategy

    Step 4: Define CSF and metrics to monitor success of BI and analytics

    Outcomes

    • Consolidate business intelligence improvement objectives into robust initiatives.
    • Prioritize improvement initiatives by cost, effort, and urgency.
    • Create a one-year, two-year, or three-year timeline for completion of your BI improvement initiatives.
    • Identify supplementary programs that will facilitate the smooth execution of road-mapped initiatives.

    Benefits

    • Clear characterization of comprehensive initiatives with a detailed timeline to keep team members accountable.

    Revisit project metrics to track phase progress

    Goals for Phase 3:

    • Put everything together. Findings and observations from Phase 1 and 2 are rationalized in this phase to develop data initiatives and create a strategy and roadmap for BI.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking Phase 3 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Learn more about the CIO Business Vision program.

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that helps you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create a BI Roadmap for Continuous Improvement

    Proposed Time to Completion: 1-2 weeks

    Step 3.1: Construct a BI Improvement Initiative Roadmap

    Start with an analyst kick off call:

    • Review findings and insights from completion of activities pertaining to current and future state assessments
    • Discuss challenges around consolidating activities into initiatives

    Then complete these activities…

    • Collect improvement objectives/tasks from previous phases
    • Develop comprehensive improvement initiatives
    • Leverage value-effort matrix activities to prioritize these initiatives and place them along an improvement roadmap

    With these tools & templates:

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Template

    Step 3.2: Continuous Improvement Opportunities for BI

    Review findings with analyst:

    • Review completed BI improvement initiatives and roadmap
    • Discuss guidelines presenting a finalized improvement to the relevant committee or stakeholders
    • Discuss additional policies and programs that can serve to enhance your established BI improvement roadmap

    Then complete these activities…

    • Present BI improvement roadmap to relevant stakeholders
    • Develop Info-Tech’s recommended supplementary policies and programs for BI

    With these tools & templates:

    BI Strategy and Roadmap Executive Presentation Template

    Phase 3 Results & Insights:

    • Comprehensive initiatives with associated tasks/activities consolidated and prioritized in an improvement roadmap

    STEP 3.1

    Construct a BI Improvement Initiative Roadmap

    Build an improvement initiative roadmap to solidify your revamped BI strategy

    Step Objectives

    • Bring together activities and objectives for BI improvement to form initiatives
    • Develop a fit-for-purpose roadmap aligned with your BI strategy

    Step Activities

    3.1.1 Characterize individual improvement objectives and activities ideated in previous phases.

    3.1.2 Synthesize and detail overall BI improvement initiatives.

    3.1.3 Create a plan of action by placing initiatives on a roadmap.

    Outcomes

    • Detailed BI improvement initiatives, prioritized by value and effort
    • Defined roadmap for completion of tasks associated with each initiative and accountability

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool

    Proposed Participants in this Step

    Project Manager

    Project Team

    Create detailed BI strategy initiatives by bringing together the objectives listed in the previous phases

    When developing initiatives, all components of the initiative need to be considered, from its objectives and goals to its benefits, risks, costs, effort required, and relevant stakeholders.

    Use outputs from previous project steps as inputs to the initiative and roadmap building:

    The image shows the previous project steps as inputs to the initiative and roadmap building, with arrow pointing from one to the next.

    Determining the dependencies that exist between objectives will enable the creation of unique initiatives with associated to-do items or tasks.

    • Group objectives into similar buckets with dependencies
    • Select one overarching initiative
    • Adapt remaining objectives into tasks of the main initiative
    • Add any additional tasks

    Leverage Info-Tech’s BI Initiatives and Roadmap Tool to build a fit-for-purpose improvement roadmap

    BI Initiatives and Roadmap Tool

    Overview

    Use the BI Initiatives and Roadmap Tool to develop comprehensive improvement initiatives and add them to a BI strategy improvement roadmap.

    Recommended Participants

    • BI project team

    Tool Guideline

    Tab 1. Instructions Use this tab to get an understanding as to how the tool works.
    Tab 2. Inputs Use this tab to customize the inputs used in the tool.
    Tab 3. Activities Repository Use this tab to list and prioritize activities, to determine dependencies between them, and build comprehensive initiatives with them.
    Tab 4. Improvement Initiatives Use this tab to develop detailed improvement initiatives that will form the basis of the roadmap. Map these initiatives to activities from Tab 3.
    Tab 5. Improvement Roadmap Use this tab to create your BI strategy improvement roadmap, assigning timelines and accountability to initiatives and tasks, and to monitor your project performance over time.

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities

    3.1.1

  • 2 hours
    1. Have one person from the BI project team populate Tab 3. Activities Repository with the BI strategy activities that were compiled in Phases 1 and 2. Use drop-downs to indicate in which phase the objective was originally ideated.
    2. With BI project team executives, discuss and assign dependencies between activities in the Dependencies columns. A dependency exists if:
    • An activity requires consideration of another activity.
    • An activity requires the completion of another activity.
    • Two activities should be part of the same initiative.
    • Two activities are very similar in nature.
  • Then discuss and assign priorities to each activity in the Priority column using input from previous Phases. For example, if an activity was previously indicated as critical to the business, if a similar activity appears multiple times, or if an activity has several dependencies, it should be higher priority.
  • Inputs

    • BI improvement activities created in Phases 1 and 2

    Output

    • Activities with dependencies and priorities

    Materials

    • BI Initiatives and Roadmap Tool

    Participants

    • BI project team

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities (cont’d.)

    3.1.1

    2 hours

    Screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities

    The image is of a screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities.

    Revisit the outputs of your current state assessment and note which activities have already been completed in the “Status” column, to avoid duplication of your efforts.

    When classifying the status of items in your activity repository, distinguish between broader activities (potential initiatives) and granular activities (tasks).

    Activity: Customize project inputs and build out detailed improvement initiatives

    3.1.2

    1.5 hours

    1. Follow instructions on Tab 2. Inputs to customize inputs you would like to use for your project.
    2. Review the activities repository and select up to 12 overarching initiatives based on the activities with extreme or highest priority and your own considerations.
    • Rewording where necessary, transfer the names of your initiatives in the banners provided on Tab 4. Improvement Initiatives.
    • On Tab 3, indicate these activities as “Selected (initiatives)” in the Status column.
  • In Tab 4, develop detailed improvement initiatives by indicating the owner, taxonomy, start and end periods, cost and effort estimates, goal, benefit/value, and risks of each initiative.
  • Use drop-downs to list “Related activities,” which will become tasks under each initiative.
    • activities with dependency to the initiative
    • activities that lead to the same goal or benefit/value of the main initiative

    Screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives

    <p data-verified=The image is a screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives.">

    Inputs

    • Tab 3. Activities Repository

    Output

    • Unique and detailed improvement initiatives

    Materials

    • BI Initiatives and Roadmap Tool
    • BI Initiatives section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Visual representations of your initiative landscape can aid in prioritizing tasks and executing the roadmap

    Building a comprehensive BI program will be a gradual process involving a variety of stakeholders. Different initiatives in your roadmap will either be completed sequentially or in parallel to one another, given dependencies and available resources. The improvement roadmap should capture and represent this information.

    To determine the order in which main initiatives should be completed, exercises such as a value–effort map can be very useful.

    Example: Value–Effort Map for a BI Project

    Initiatives that are high value–low effort are found in the upper left quadrant and are bolded; These may be your four primary initiatives. In addition, initiative five is valuable to the business and critical to the project’s success, so it too is a priority despite requiring high effort. Note that you need to consider dependencies to prioritize these key initiatives.

    Value–Effort Map for a BI Project
    1. Data profiling techniques training
    2. Improve usage metrics
    3. Communication plan for BI
    4. Staff competency evaluation
    5. Formalize practice capabilities
    6. Competency improvement plan program
    7. Metadata architecture improvements
    8. EDW capability improvements
    9. Formalize oversight for data manipulation

    This exercise is best performed using a white board and sticky notes, and axes can be customized to fit your needs (E.g. cost, risk, time, etc.).

    Activity: Build an overall BI strategy improvement roadmap for the entire project

    3.1.3

    45 minutes

    The BI Strategy Improvement Roadmap (Tab 5 of the BI Initiatives and Roadmap Tool) has been populated with your primary initiatives and related tasks. Read the instructions provided at the top of Tab 5.

    1. Use drop-downs to assign a Start Period and End Period to each initiative (already known) and each task (determined here). As you do so, the roadmap will automatically fill itself in. This is where the value–effort map or other prioritization exercises may help.
    2. Assign Task Owners reporting Managers.
    3. Update the Status and Notes columns on an ongoing basis. Hold meetings with task owners and managers about blocked or overdue items.
    • Updating status should also be an ongoing maintenance requirement for Tab 3 in order to stay up to date on which activities have been selected as initiatives or tasks, are completed, or are not yet acted upon.

    Screenshot of the BI Improvement Roadmap (Gantt chart) showing an example initiative with tasks, and assigned timeframes, owners, and status updates.

    INPUTS

    • Tab 3. Activities Repository
    • Tab 4. Improvement Initiatives

    OUTPUT

    • BI roadmap

    Materials

    • BI Initiatives and Roadmap Tool
    • Roadmap section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Obtain approval for your BI strategy roadmap by organizing and presenting project findings

    Use a proprietary presentation template

    Recommended Participants

    • Project sponsor
    • Relevant IT & business executives
    • CIO
    • BI project team

    Materials & Requirements

    Develop your proprietary presentation template with:

    • Results from Phases 1 and 2 and Step 3.1
    • Information from:
      • Info-Tech’s Build a Reporting and Analytics Strategy
    • Screen shots of outputs from the:
      • BI Practice Assessment Tool
      • BI Initiatives and Roadmap Tool

    Next Steps

    Following the approval of your roadmap, begin to plan the implementation of your first initiatives.

    Overall Guidelines

    • Invite recommended participants to an approval meeting.
    • Present your project’s findings with the goal of gaining key stakeholder support for implementing the roadmap.
    1. Set the scene using BI vision & objectives.
    2. Present the results and roadmap next.
    3. Dig deeper into specific issues by touching on the important components of this blueprint to generate a succinct and cohesive presentation.
  • Make the necessary changes and updates stemming from discussion notes during this meeting.
  • Submit a formal summary of findings and roadmap to your governing body for review and approval (e.g. BI steering committee, BI CoE).
  • Info-Tech Insight

    At this point, it is likely that you already have the support to implement a data quality improvement roadmap. This meeting is about the specifics and the ROI.

    Maximize support by articulating the value of the data quality improvement strategy for the organization’s greater information management capabilities. Emphasize the business requirements and objectives that will be enhanced as a result of tackling the recommended initiatives, and note any additional ramifications of not doing so.

    Leverage Info-Tech’s presentation template to present your BI strategy to the executives

    Use the BI Strategy and Roadmap Executive Presentation Template to present your most important findings and brilliant ideas to the business executives and ensure your BI program is endorsed. Business executives can also learn about how the BI strategy empowers them and how they can help in the BI journey.

    Important Messages to Convey

    • Executive summary of the presentation
    • Current challenges faced by the business
    • BI benefits and associated opportunities
    • SWOT analyses of the current BI
    • BI end-user satisfaction survey
    • BI vision, mission, and goals
    • BI initiatives that take you to the future state
    • (Updated) Analytical Strategy
    • Roadmap that depicts the timeline

    STEP 3.2

    Continuous Improvement Opportunities for BI

    Create supplementary policies and programs to augment your BI strategy

    Step Objectives

    • Develop a plan for encouraging users to continue to use Excel, but in a way that does not compromise overall BI effectiveness.
    • Take steps to establish a positive organizational culture around BI.

    Step Activities

    3.2.1 Construct a concrete policy to integrate Excel use with your new BI strategy.

    3.2.2 Map out the foundation for a BI Ambassador network.

    Outcomes

    • Business user understanding of where Excel manipulation should and should not occur
    • Foundation for recognizing exceptional BI users and encouraging development of enterprise-wide business intelligence

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Project Team

    Additional Business Users

    Establish Excel governance to better serve Excel users while making sure they comply with policies

    Excel is the number one BI tool

    • BI applications are developed to support information needs.
    • The reality is that you will never migrate all Excel users to BI. Some Excel users will continue to use it. The key is to support them while imposing governance.
    • The goal is to direct them to use the data in BI or in the data warehouse instead of extracting their own data from various source systems.

    The Tactic: Centralize data extraction and customize delivery

    • Excel users formerly extracted data directly from the production system, cleaned up the data, manipulated the data by including their own business logic, and presented the data in graphs and pivot tables.
    • With BI, the Excel users can still use Excel to look at the information. The only difference is that BI or data warehouse will be the data source of their Excel workbook.

    Top-Down Approach

    • An Excel policy should be created at the enterprise level to outline which Excel use cases are allowed, and which are not.
    • Excel use cases that involve extracting data from source systems and transforming that data using undisclosed business rules should be banned.
    • Excel should be a tool for manipulating, filtering, and presenting data, not a tool for extracting data and running business rules.

    Excel

    Bottom-Up Approach

    • Show empathy to your users. They just want information to get their work done.
    • A sub-optimal information landscape is the root cause, and they are the victims. Excel spreadmarts are the by-products.
    • Make the Excel users aware of the risks associated with Excel, train them in BI, and provide them with better information in the BI platform.

    Activity: Create an Excel governance policy

    3.2.1

    4 hours

    Construct a policy around Excel use to ensure that Excel documents are created and shared in a manner that does not compromise the integrity of your overall BI program.

    1. Review the information artifact list harvested from Step 2.1 and identify all existing Excel-related use cases.
    2. Categorize the Excel use cases into “allowed,” “not allowed,” and “not sure.” For each category define:
    3. Category To Do: Policy Context
      Allowed Discuss what makes these use cases ideal for BI. Document use cases, scenarios, examples, and reasons that allow Excel as an information artifact.
      Not Allowed Discuss why these cases should be avoided. Document forbidden use cases, scenarios, examples, and reasons that use Excel to generate information artifacts.
      Not Sure Discuss the confusions; clarify the gray area. Document clarifications and advise how end users can get help in those “gray area” cases.
    4. Document the findings in the BI Strategy and Roadmap Template in the Manage and Sustain BI Strategy section, or a proprietary template. You may also need to create a separate Excel policy to communicate the Dos and Don’ts.

    Inputs

    • Step 2.1 – A list of information artifacts

    Output

    • Excel-for-BI Use Policy

    Materials

    • BI Strategy Roadmap and Template, or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Build a network of ambassadors to promote BI and report to IT with end-user feedback and requests

    The Building of an Insider Network: The BI Ambassador Network

    BI ambassadors are influential individuals in the organization that may be proficient at using BI tools but are passionate about analytics. The network of ambassadors will be IT’s eyes, ears, and even mouth on the frontline with users. Ambassadors will promote BI, communicate any messages IT may have, and keep tabs on user satisfaction.

    Ideal candidate:

    • A good relationship with IT.
    • A large breadth of experience with BI, not just one dashboard.
    • Approachable and well-respected amongst peers.
    • Has a passion for driving organizational change using BI and continually looking for opportunities to innovate.

    Push

    • Key BI Messages
    • Best Practices
    • Training Materials

    Pull

    • Feedback
    • Complaints
    • Thoughts and New Ideas

    Motivate BI ambassadors with perks

    You need to motivate ambassadors to take on this additional responsibility. Make sure the BI ambassadors are recognized in their business units when they go above and beyond in promoting BI.

    Reward Approach Reward Type Description
    Privileges High Priority Requests Given their high usage and high visibility, ambassadors’ BI information requests should be given a higher priority.
    First Look at New BI Development Share the latest BI updates with ambassadors before introducing them to the organization. Ambassadors may even be excited to test out new functionality.
    Recognition Featured in Communications BI ambassadors’ use cases and testimonials can be featured in BI communications. Be sure to create a formal announcement introducing the ambassadors to the organization.
    BI Ambassador Certificate A certificate is a formal way to recognize their efforts. They can also publicly display the certificate in their workspace.
    Rewards Appointed by Senior Executives Have the initial request to be a BI ambassador come from a senior executive to flatter the ambassador and position the role as a reward or an opportunity for success.
    BI Ambassador Awards Award an outstanding BI ambassador for the year. The award should be given by the CEO in a major corporate event.

    Activity: Plan for a BI ambassador network

    3.2.2

    2 hours

    Identify individuals within your organization to act as ambassadors for BI and a bridge between IT and business users.

    1. Obtain a copy of your latest organizational chart. Review your most up-to-date organizational chart and identify key BI consumers across a variety of functional units. In selecting potential BI ambassadors, reflect on the following questions:
    • Does this individual have a good relationship with IT?
    • What is the depth of their experience with developing/consuming business intelligence?
    • Is this individual respected and influential amongst their respective business units?
    • Has this individual shown a passion for innovating within their role?
  • Create a mandate and collateral detailing the roles and responsibilities for the ambassador role, e.g.:
    • Promote BI to members of your group
    • Represent the “voice of the data consumers”
  • Approach the ambassador candidates and explain the responsibilities and perks of the role, with the goal of enlisting about 10-15 ambassadors
  • Inputs

    • An updated organizational chart
    • A list of BI users

    Output

    • Draft framework for BI ambassador network

    Materials

    • BI Strategy and Roadmap Template or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Keeping tabs on metadata is essential to creating a data democracy with BI

    A next generation BI not only provides a platform that mirrors business requirements, but also creates a flexible environment that empowers business users to explore data assets without having to go back and forth with IT to complete queries.

    Business users are generally not interested in the underlying architecture or the exact data lineages; they want access to the data that matters most for decision-making purposes.

    Metadata is data about data

    It comes in the form of structural metadata (information about the spaces that contain data) and descriptive metadata (information pertaining to the data elements themselves), in order to answer questions such as:

    • What is the intended purpose of this data?
    • How up-to-date is this information?
    • Who owns this data?
    • Where is this data coming from?
    • How have these data elements been transformed?

    By creating effective metadata, business users are able to make connections between and bring together data sources from multiple areas, creating the opportunity for holistic insight generation.

    Like BI, metadata lies in the Information Dimension layer of our data management framework.

    The metadata needs to be understood before building anything. You need to identify fundamentals of the data, who owns not only that data, but also its metadata. You need to understand where the consolidation is happening and who owns it. Metadata is the core driver and cost saver for building warehouses and requirements gathering.

    – Albert Hui, Principal, Data Economist

    Deliver timely, high quality, and affordable information to enable fast and effective business decisions

    In order to maximize your ROI on business intelligence, it needs to be treated less like a one-time endeavor and more like a practice to be continually improved upon.

    Though the BI strategy provides the overall direction, the BI operating model – which encompasses organization structure, processes, people, and application functionality – is the primary determinant of efficacy with respect to information delivery. The alterations made to the operating model occur in the short term to improve the final deliverables for business users.

    An optimal BI operating model satisfies three core requirements:

    Timeliness

    Effectiveness

  • Affordability
  • Bring tangible benefits of your revamped BI strategy to business users by critically assessing how your organization delivers business intelligence and identifying opportunities for increased operational efficiency.

    Assess and Optimize BI Operations

    Focus on delivering timely, quality, and affordable information to enable fast and effective business decisions

    Implement a fit-for-purpose BI and analytics solution to augment your next generation BI strategy

    Organizations new to business intelligence or with immature BI capabilities are under the impression that simply getting the latest-and-greatest tool will provide the insights business users are looking for.

    BI technology can only be as effective as the processes surrounding it and the people leveraging it. Organizations need to take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.

    As an increasing number of companies turn to business intelligence technology, vendors are responding by providing BI and analytics platforms with more and more features.

    Our vendor landscape will simplify the process of selecting a BI and analytics solution by:

    Differentiating between the platforms and features vendors are offering.

    Detailing a robust framework for requirements gathering to pinpoint your organization’s needs.

    Developing a high-level plan for implementation.

    Select and Implement a Business Intelligence and Analytics Solution

    Find the diamond in your data-rough using the right BI & Analytics solution

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-tech analysts with your team:

    3.1.1-3.1.3

    Construct a BI improvement initiative roadmap

    During these activities, your team will consolidate the list of BI initiatives generated from the assessments conducted in previous phases, assign timelines to each action, prioritize them using a value–effort matrix, and finally produce a roadmap for implementing your organization’s BI improvement strategy.

    3.2

    Identify continuous improvement opportunities for BI

    Our analyst team will work with your organization to ideate supplementary programs to support your BI strategy. Defining Excel use cases that are permitted and prohibited in conjunction with your BI strategy, as well as structuring an internal BI ambassador network, are a few extra initiatives that can enhance your BI improvement plans.

    Insight breakdown

    Your BI platform is not a one-and-done initiative.

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to provide effective enablement of business decision making. Develop a BI strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current BI capabilities.

    Put the “B” back in “BI.”

    The closer you align your new BI platform to real business interests, the stronger will be the buy-in, realized value, and groundswell of enthusiastic adoption. Ultimately, getting this phase right sets the stage to best realize a strong ROI for your investment in the people, processes, and technology that will be your next generation BI platform.

    Go beyond the platform.

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment – data management, data quality, and related data practices must be strong, otherwise the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Appendix

    Detailed list of BI Types

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as On-line analytical processing): Flexible tool-based user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods to historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future 5 3 5

    Our BI strategy approach follows Info-Tech’s popular IT Strategy Framework

    A comprehensive BI strategy needs to be developed under the umbrella of an overall IT strategy. Specifically, creating a BI strategy is contributing to helping IT mature from a firefighter to a strategic partner that has close ties with business units.

    1. Determine mandate and scope 2. Assess drivers and constraints 3. Evaluate current state of IT 4. Develop a target state vision 5. Analyze gaps and define initiatives 6. Build a roadmap 8. Revamp 7. Execute
    Mandate Business drivers Holistic assessments Vision and mission Initiatives Business-driven priorities
    Scope External drivers Focus-area specific assessments Guiding principles Risks
    Project charter Opportunities to innovate Target state vision Execution schedule
    Implications Objectives and measures

    This BI strategy blueprint is rooted in our road-tested and proven IT strategy framework as a systematic method of tackling strategy development.

    Research contributors

    Internal Contributors

    • Andy Woyzbun, Executive Advisor
    • Natalia Nygren Modjeska, Director, Data & Analytics
    • Crystal Singh, Director, Data & Analytic
    • Andrea Malick, Director, Data & Analytics
    • Raj Parab, Director, Data & Analytics
    • Igor Ikonnikov, Director, Data & Analytics
    • Andy Neill, Practice Lead, Data & Analytics
    • Rob Anderson, Manager Sales Operations
    • Shari Lava, Associate Vice-President, Vendor Advisory Practice

    External Contributors

    • Albert Hui, Principal, DataEconomist
    • Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP
    • David Farrar, Director – Marketing Planning & Operations, Ricoh Canada Inc
    • Emilie Harrington, Manager of Analytics Operations Development, Lowe’s
    • Sharon Blanton, VP and CIO, The College of New Jersey
    • Raul Vomisescu, Independent Consultant

    Research contributors and experts

    Albert Hui

    Consultant, Data Economist

    Albert Hui is a cofounder of Data Economist, a data-consulting firm based in Toronto, Canada. His current assignment is to redesign Scotiabank’s Asset Liability Management for its Basel III liquidity compliance using Big Data technology. Passionate about technology and problem solving, Albert is an entrepreneur and result-oriented IT technology leader with 18 years of experience in consulting and software industry. His area of focus is on data management, specializing in Big Data, business intelligence, and data warehousing. Beside his day job, he also contributes to the IT community by writing blogs and whitepapers, book editing, and speaking at technology conferences. His recent research and speaking engagement is on machine learning on Big Data.

    Albert holds an MBA from the University of Toronto and a master’s degree in Industrial Engineering. He has twin boys and enjoys camping and cycling with them in his spare time.

    Albert Hui Consultant, Data Economist

    Cameran Hetrick

    Senior Director of Analytics and Data Science, thredUP

    Cameran is the Senior Director of Analytics and Data Science at thredUP, a startup inspiring a new generation to think second hand first. There she helps drives top line growth through advanced and predictive analytics. Previously, she served as the Director of Data Science at VMware where she built and led the data team for End User Computing. Before moving to the tech industry, she spent five years at The Disneyland Resort setting ticket and hotel prices and building models to forecast attendance. Cameran holds an undergraduate degree in Economics/Mathematics from UC Santa Barbara and graduated with honors from UC Irvine's MBA program.

    Cameran Hetrick Senior Director of Analytics and Data Science, thredUP

    Bibliography

    Bange, Carsten and Wayne Eckerson. “BI and Data Management in the Cloud: Issues and Trends.” BARC and Eckerson Group, January 2017. Web.

    Business Intelligence: The Strategy Imperative for CIOs. Tech. Information Builders. 2007. Web. 1 Dec. 2015.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Dag, Naslund, Emma Sikander, and Sofia Oberg. "Business Intelligence - a Maturity Model Covering Common Challenges." Lund University Publications. Lund University, 2014. Web. 23 Oct. 2015.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    Davenport, Thomas H. and Bean, Randy. “Big Data and AI Executive Survey 2019.” NewVantage Partners LLC. 2019. Web.

    "Debunking the Business of Analytics." Experian Data Quality. Sept. 2013. Web.

    Bibliography

    Drouin, Sue. "Value Chain." SAP Analytics. February 27, 2015.

    Farrar, David. “BI & Data analytics workshop feedback.” Ricoh Canada. Sept. 2019.

    Fletcher, Heather. "New England Patriots Use Analytics & Trigger Emails to Retain Season Ticket Holders." Target Marketing. 1 Dec. 2011. Web.

    Gonçalves, Alex. "Social Media Analytics Strategy - Using Data to Optimize Business Performance.” Apress. 2017.

    Imhoff, Claudia, and Colin White. "Self Service Business Intelligence: Empowering Users to Generate Insights." SAS Resource Page. The Data Warehouse Institute, 2011. Web.

    Khamassi, Ahmed. "Building An Analytical Roadmap : A Real Life Example." Wipro. 2014.

    Kuntz, Jerry, Pierre Haren, and Rebecca Shockley. IBM Insight 2015 Teleconference Series. Proc. of Analytics: The Upside of Disruption. IBM Institute for Business Value, 19 Oct. 2015. Web.

    Kwan, Anne , Maximillian Schroeck, Jon Kawamura. “Architecting and operating model, A platform for accelerating digital transformation.” Part of a Deliotte Series on Digital Industrial Transformation, 2019. Web.

    Bibliography

    Lebied, Mona. "11 Steps on Your BI Roadmap To Implement A Successful Business Intelligence Strategy." Business Intelligence. July 20, 2018. Web.

    Light, Rob. “Make Business Intelligence a Necessity: How to Drive User Adoption.” Sisense Blog. 30 July 2018.

    Mazenko, Elizabeth. “Avoid the Pitfalls: 3 Reasons 80% of BI Projects Fail.” BetterBuys. October 2015.

    Marr, Bernard. "Why Every Business Needs A Data And Analytics Strategy.” Bernard Marr & Co. 2019.

    Mohr, Niko and Hürtgen, Holger. “Achieving Business Impact with Data.” McKinsey. April 2018.

    MIT Sloan Management

    Quinn, Kevin R. "Worst Practices in Business Intelligence: Why BI Applications Succeed Where BI Tools Fail." (2007): 1-19. BeyeNetwork. Information Builders, 2007. Web. 1 Dec. 2015.

    Ringdal, Kristen. "Learning multilevel Analysis." European social Survey. 2019.

    Bibliography

    Schaefer, Dave, Ajay Chandramouly, Burt Carmak, and Kireeti Kesavamurthy. "Delivering Self-Service BI, Data Visualization, and Big Data Analytics." IT@Intel White Paper (2013): 1-11. June 2013. Web. 30 Nov. 2015.

    Schultz, Yogi. “About.” Corvelle Consulting. 2019.

    "The Current State of Analytics: Where Do We Go From Here?" SAS Resource Page. SAS & Bloomberg Businessweek, 2011. Web.

    "The Four Steps to Defining a Customer Analytics Strategy." CCG Analytics Solutions & Services. Nov 10,2017.

    Traore, Moulaye. "Without a strategic plan, your analytics initiatives are risky." Advisor. March 12, 2018. web.

    Wells, Dave. "Ten Mistakes to Avoid When Gathering BI Requirements." Engineering for Industry. The Data Warehouse Institute, 2008. Web.

    “What is a Business Intelligence Strategy and do you need one?” Hydra. Sept 2019. Web.

    Williams, Steve. “Business Intelligence Strategy and Big Data Analytics.” Morgan Kaufman. 2016.

    Wolpe, Toby. "Case Study: How One Firm Used BI Analytics to Track Staff Performance | ZDNet." ZDNet. 3 May 2013. Web.

    Yuk, Mico. “11 Reasons Why Most Business Intelligence Projects Fail.” Innovative enterprise Channels. May 2019.

    Build an Application Rationalization Framework

    • Buy Link or Shortcode: {j2store}173|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $39,942 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios, and application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide, and without value rationalization, decisions are misaligned to business needs.

    Our Advice

    Critical Insight

    There is no “one size fits all.” Applying a rigid approach to rationalization with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Impact and Result

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management practice.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information that your dispositions will be based on.
    • Initiate an application portfolio roadmap that will showcase your rationalization decisions to key stakeholders.

    Build an Application Rationalization Framework Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should rationalize your applications and why you need a framework that is specific to your goals and limitations, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay your foundations

    Define the motivations, goals, and scope of your rationalization effort. Build the action plan and engagement tactics to roll out the rationalization activities.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations
    • Application Rationalization Tool

    2. Plan your application rationalization framework

    Understand the core assessments performed in application rationalizations. Define your application rationalization framework and degree of rigor in applying these assessments based on your goals and limitations.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework

    3. Test and adapt your application rationalization framework

    Test your application rationalization framework using Info-Tech’s tool set on your first iteration. Perform a retrospective and adapt your framework based on that experience and outcomes.

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework
    • Application TCO Calculator
    • Value Calculator

    4. Initiate your roadmap

    Review, determine, and prioritize your dispositions to ensure they align to your goals. Initiate an application portfolio roadmap to showcase your rationalization decisions to key stakeholders.

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap
    • Disposition Prioritization Tool
    [infographic]

    Workshop: Build an Application Rationalization Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Define the goals, scope, roles, and responsibilities of your rationalization effort.

    Key Benefits Achieved

    Defined motivations, long and short-term goals, and metrics for your rationalization effort.

    Definition of application.

    Defined roles and responsibilities for your rationalization effort.

    Activities

    1.1 Define motivations and goals for rationalization.

    1.2 Define “application.”

    1.3 Identify team and responsivities.

    1.4 Adapt target dispositions.

    1.5 Initiate Application Rationalization Framework (ARF).

    Outputs

    Goals, motivations, and metrics for rationalizations

    Definition of “Application”

    Defined dispositions

    Defined core APM team and handoffs

    2 Assess Business Value

    The Purpose

    Review and adapt Info-Tech’s methodology and toolset.

    Assess business value of applications.

    Key Benefits Achieved

    Tailored application rationalization framework

    Defined business value drivers

    Business value scores for applications

    Activities

    2.1 Review Application Rationalization Tool.

    2.2 Review focused apps, capabilities, and areas of functionality overlap.

    2.3 Define business value drivers.

    2.4 Determine the value score of focused apps.

    Outputs

    Application Rationalization Tool

    List of functional overlaps

    Weighed business value drivers

    Value scores for focused application

    Value Calculator

    3 Gather Application Information

    The Purpose

    Continue to review and adapt Info-Tech’s methodology and toolset.

    Key Benefits Achieved

    Tailored application rationalization framework

    TCO values for applications

    Technical health review of applications

    Recommended dispositions for applications

    Activities

    3.1 Determine TCO for focused apps.

    3.2 Determine technical health of focused apps.

    3.3 Review APA.

    3.4 Review recommended dispositions.

    3.5 Perform retrospective of assessments and adapt ARF.

    Outputs

    TCO of focused applications

    TCO Calculator

    Technical health of focused apps

    Defined rationalization criteria

    Recommended disposition for focused apps

    4 Gather, Assess, and Select Dispositions

    The Purpose

    Review and perform high-level prioritization of dispositions.

    Build a roadmap for dispositions.

    Determine ongoing rationalization and application portfolio management activities.

    Key Benefits Achieved

    Application Portfolio Roadmap

    Prioritized Dispositions

    Activities

    4.1 Determine dispositions.

    4.2 Prioritize dispositions.

    4.3 Initiate portfolio roadmap.

    4.4 Build an action plan for next iterations and ongoing activities.

    4.5 Finalize ARF.

    Outputs

    Disposition Prioritization Tool

    Application portfolio roadmap

    Action plan for next iterations and ongoing activities

    Further reading

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Analyst Perspective

    "You're not rationalizing for the sake of IT, you’re rationalizing your apps to create better outcomes for the business and your customers. Consider what’s in it for delivery, operations, the business, and the customer." – Cole Cioran, Senior Director – Research, Application Delivery and Management

    Our understanding of the problem

    This Research Is Designed For:

    • Application portfolio managers, application portfolio management (APM) teams, or any application leaders who are tasked with making application portfolio decisions.
    • Application leaders looking to align their portfolios to the organization’s strategy.
    • Application leaders who need a process for rationalizing their applications.

    This Research Will Help You:

    • Measure the business value of your applications.
    • Rationalize your portfolio to determine the best disposition for each application.
    • Initiate a roadmap that will showcase the future of your applications.

    This Research Will Also Assist:

    • CIOs and other business leaders who need to understand the applications in their portfolio, the value they contribute to the business, and their strategic direction over a given timeline.
    • Steering committees and/or the PMO that needs to understand the process by which application dispositions are generated.

    This Research Will Help Them:

    • Build their reputation as an IT leader who drives the business forward.
    • Define the organization’s value statement in the context of IT and their applications.
    • Visualize the roadmap to the organization’s target application landscape.

    Executive Summary

    Situation

    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios (Flexera, 2015).
    • Application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • Application managers need their portfolios to be current and effective and evolve continuously to support the business or risk being marginalized.

    Complication

    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide and, without value rationalization, decisions are misaligned to business needs.

    Resolution

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management (APM) and other related practices.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information, which your dispositions will be based on, and adapt your ARF based on the experiences of your first iteration.
    • Review, determine, and prioritize your application dispositions to create a portfolio strategy aligned to your goals.
    • Initiate an application portfolio roadmap, which will showcase your rationalization decisions to key stakeholders.

    Info-Tech Insight

    There is no one size fits all.

    Applying a rigid approach with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Business value must drive your decisions.

    Of the 11 vendor capabilities asked about by Info-Tech’s SoftwareReviews, “business value created” has the second highest relationship with overall software satisfaction.

    Take an iterative approach.

    Larger approaches take longer and are more likely to fail. Identify the applications that best address your strategic objectives, then: rationalize, learn, repeat.

    Info-Tech recommends a disciplined, step-by-step approach as outlined in our Application Portfolio Strategy Program

    Step 1 "No Knowledge": Define application capabilities and visualize lifecycle stages

    Application Discovery

    1. Build in Application Portfolio Management Principles.
    2. Conduct Application Alignment.
    3. Build Detailed Application Inventory

    Step 2 "No Strategy": Rationalize application portfolio and visualize strategic directions

    Application Rationalization

    1. Set Your Rationalization Framework
    2. Conduct Assessment & Assign Dispositions
    3. Create an Application Portfolio Roadmap

    Step 3 "No Plan": Build a product roadmap and visualize the detailed plan

    Detailed Disposition Planning

    1. Conduct an Impact Assessment
    2. Determine the Details of the Disposition
    3. Create Detailed Product Roadmaps

    This blueprint focuses on step 2 of Info-Tech's Application Portfolio Strategy Program. Our methodology assumes you have completed the following activities, which are outlined in Discover Your Applications.

    • Collected your full application inventory (including Shadow IT)
    • Aligned applications to business capabilities
    • Determined redundant applications
    • Identified appropriate subject matter experts (business and technical) for your applications

    Info-Tech's four-phase methodology

    Phase 1

    Lay Your Foundations

    • Define Motivations, Goals, and Scope
    • Iteration and Engagement Planning

    This phase is intended to establish the fundamentals in launching either a rationalization initiative or ongoing practice.

    Here we define goals, scope, and the involvement of various roles from both IT and the business.

    Phase 2

    Plan Your ARF

    • Establish Rationalization Inputs and Current Gaps

    This phase is intended to review a high-level approach to rationalization and determine which analyses are necessary and their appropriate level of depth.

    Here we produce an initial ARF and discuss any gaps in terms of the availability of necessary data points and additional collection methods that will need to be applied.

    Phase 3

    Test and Adapt Your ARF

    • Perform First Iteration Analysis
    • First Iteration Retrospective and Adaptation

    This phase is intended to put the ARF into action and adapt as necessary to ensure success in your organization.

    If appropriate, here we apply Info-Tech’s ARF and toolset and test it against a set of applications to determine how best to adapt these materials for your needs.

    Phase 4

    Initiate Your Roadmap

    • Prioritize and Roadmap Applications
    • Ongoing Rationalization and Roadmapping

    This phase is intended to capture results of rationalization and solidify your rationalization initiative or ongoing practice.

    Here we aim to inject your dispositions into an application portfolio roadmap and ensure ongoing governance of APM activities.

    There is an inconsistent understanding and ownership of the application portfolio

    What can I discover about my portfolio?

    Application portfolios are misunderstood.

    Portfolios are viewed as only supportive in nature. There is no strategy or process to evaluate application portfolios effectively. As a result, organizations build a roadmap with a lack of understanding of their portfolio.

    72% of organizations do not have an excellent understanding of the application portfolio (Capgemini).

    How can I improve my portfolio?

    Misalignment between Applications and Business Operations

    Applications fail to meet their intended function, resulting in duplication, a waste of resources, and a decrease in ROI. This makes it harder for IT to justify to the business the reasons to complete a roadmap.

    48% of organizations believe that there are more applications than the business requires (Capgemini).

    How can my portfolio help transform the business?

    IT's budget is to keep the lights on.

    The application portfolio is complex and pervasive and requires constant support from IT. This makes it increasingly difficult for IT to adopt or develop new strategies since its immediate goal will always be to fix what already exists. This causes large delays and breaks in the timeline to complete a roadmap.

    68% of IT directors have wasted time and money because they did not have better visibility of application roadmaps (ComputerWeekly).

    Roadmaps can be the solution, but stall when they lack the information needed for good decision making

    An application portfolio roadmap provides a visual representation of your application portfolio, is used to plan out the portfolio’s strategy over a given time frame, and assists management in key decisions. But…

    • You can’t change an app without knowing its backend.
    • You can't rationalize what you don't know.
    • You can’t confirm redundancies without knowing every app.
    • You can’t rationalize without the business perspective.

    A roadmap is meaningless if you haven’t done any analysis to understand the multiple perspectives on your applications.

    Application rationalization ensures roadmaps reflect what the business actually wants and needs

    Application rationalization is the practice of strategically identifying business applications across an organization to determine which applications should be kept, replaced, retired, or consolidated (TechTarget).

    Discover, Improve, and Transform Through Application Rationalization

    Your application rationalization effort increases the maturity of your roadmap efforts by increasing value to the business. Go beyond the discover phase – leverage application rationalization insights to reach the improve and transform phases.

    Strong Apps Are Key to Business Satisfaction

    79% of organizations with high application suite satisfaction believe that IT offers the organization a competitive edge over others in the industry. (Info-Tech Research Group, N=230)

    Info-Tech Insight

    Companies with an effective portfolio are twice as likely to report high-quality applications, four times as likely to report high proficiency in legacy apps management, and six times as likely to report strong business alignment.

    Rationalization comes at a justified cost

    Rationalization can reduce costs and drive innovation

    Projecting the ROI of application rationalization is difficult and dangerous when used as the only marker for success.

    However, rationalization, when done effectively, will help drop operational or maintenance costs of your applications as well as provide many more opportunities to add value to the business.

    A graph with Time on the X-axis and Cost on the Y axis. The graph compares cost before rationalization, where the cost of the existing portfolio is high, with cost after rationalization, where the cost of the existing portfolio is reduced. The graph demonstrates a decrease in overall portfolio spend after rationalization

    Organizations lack a strategic approach to application rationalization, leading to failure

    IT leaders strive to push the business forward but are stuck in a cycle of reaction where they manage short-term needs rather than strategic approaches.

    Why Is This the Case?

    Lack of Relevant Information

    Rationalization fails without appropriately detailed, accurate, and up-to-date information. You need to identify what information is available and assemble the teams to collect and analyze it.

    Failure to Align With Business Objectives

    Rationalization fails when you lack a clear list of strategic and collaborative priorities; priorities need to be both IT and non-IT related to align with the business objectives and provide value.

    IT Leaders Fails to Justify Projects

    Adhering to a rigid rationalization process can be complex and costly. Play to your strengths and build an ARF based on your goals and limitations.

    Info-Tech Insight

    Misaligned portfolio roadmaps are known to lead teams and projects into failure!
    Building an up-to-date portfolio roadmap that aligns business objectives to IT objectives will increase approval and help the business see the long-term value of roadmapping.

    Don’t start in the middle; ensure you have the basics down

    Application portfolio strategy practice maturity stages

    1. Discover Your Applications
    2. Improve
    3. Transform
    A graph with Rigor of APM Practice on the X-axis and Value to the Business on the Y-axis. The content of the graph is split into the 3 maturity stages, Discover, Improve, and Transform. With each step, the Value to the Business and Rigor of APM Practice increase.

    Disambiguate your systems and clarify your scope

    Define the items that make up your portfolio.

    Broad or unclear definitions of “application” can complicate the scope of rationalization. Take the time to define an application and come to a common understanding of the systems which will be the focus of your rationalization effort.

    Bundling systems under common banner or taking a product view of your applications and components can be an effective way to ensure you include your full collection of systems, without having to perform too many individual assessments.

    Scope

    Single... Capability enabled by... Whole...
    Digital Product + Service Digital Platform Platform Portfolio Customer Facing
    Product (one or more apps) Product Family Product Portfolio

    Application Application Architecture Application Portfolio Internal

    A graphic listing the following products: UI, Applications, Middleware, Data, and Infrastructure. A banner reading APIs runs through all products, and UI, Applications, and Middleware are bracketed off as Application

    Info-Tech’s framework can be applied to portfolios of apps, products, and their related capabilities or services.

    However you organize your tech stack, Info-Tech’s application rationalization framework can be applied.

    Understand the multiple lenses of application rationalization and include in your framework

    There are many lenses to view your applications. Rationalize your applications using all perspectives to assess your portfolio and determine the most beneficial course of action.

    Application Alignment - Architect Perspective

    How well does the entire portfolio align to your business capabilities?

    Are there overlaps or redundancies in your application features?

    Covered in Discover Your Applications.

    Business Value - CEO Perspective

    Is the application producing sufficient business value?

    Does it impact profitability, enable capabilities, or add any critical factor that fulfills the mission and vision?

    TCO - CIO Perspective

    What is the overall cost of the application?

    What is the projected cost as your organization grows? What is the cost to maintain the application?

    End User

    How does the end user perceive the application?

    What is the user experience?

    Do the features adequately support the intended functions?

    Is the application important or does it have high utilization?

    Technical Value - App Team Perspective

    What is the state of the backend of the application?

    Has the application maintained sufficient code quality? Is the application reliable? How does it fit into your application architecture?

    Each perspective requires its own analysis and is an area of criteria for rationalization.

    Apply the appropriate amount of rigor for your ARF based on your specific goals and limitations

    Ideally, the richer the data the better the results, but the reality is in-depth analysis is challenging and you’ll need to play to your strengths to be successful.

    Light-Weight Assessment

    App to capability alignment.

    Determine overlaps.

    Subjective 1-10 scale

    Subjective T-shirt size (high, med., low)

    End-user surveys

    Performance temperature check

    Thorough Analysis

    App to process alignment.

    Determine redundancies.

    Apply a value measurement framework.

    Projected TCO with traceability to ALM & financial records.

    Custom build interviews with multiple end users

    Tool and metric-based analysis

    There is no one-size-fits all rationalization. The primary goal of this blueprint is to help you determine the appropriate level of analysis given your motivations and goals for this effort as well as the limitations of resources, timeline, and accessible information.

    Rationalize and build your application portfolio strategy the right way to ensure success

    Big-Bang Approach

    • An attempt to assess the whole portfolio at once.
    • The result is information overload.
    • Information gathered is likely incomplete and/or inaccurate.
    • Tangible benefits are a long time away.

    Covert Approach

    • Information is collected behind the scenes and whenever information sources are available.
    • Assumptions about the business use of applications go unconfirmed.

    Corner-of-the-Desk Approach

    • No one is explicitly dedicated to building a strategy or APM practices.
    • Information is collected whenever the application team has time available.
    • Benefits are pushed out and value is lost.

    Iterative Approach

    • Carried out in phases, concentrating on individual business units or subsets of applications.
    • Priority areas are completed first.
    • The APM practice strengthens through experience.

    Sponsored Mandate Approach

    • The appropriate business stakeholders participate.
    • Rationalization is given project sponsors who champion the practice and communicate the benefits across the organization.

    Dedicated Approach

    • Rationalization and other APM activities are given a budget and formal agenda.
    • Roles and responsibilities are assigned to team members.

    Use Info-Tech’s Application Portfolio Assessment Diagnostic to add the end users’ perspective to your decision making

    Prior to Blueprint: Call 1-888-670-8889 to inquire about or request the Application Portfolio Assessment.

    Info-Tech Best Practice

    The approach in this blueprint has been designed in coordination with Info-Tech’s Application Portfolio Assessment (APA) Diagnostic. While it is not a prerequisite, your project will experience the best results and be completed much quicker by taking advantage of our diagnostic offering prior to initiating the activities in this blueprint.

    Use the program diagnostic to:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    Integrate diagnostic results to:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use Info-Tech’s Application Rationalization Tool to determine and then visualize your application portfolio strategy

    At the center of this project is an Application Rationalization Tool that is used as a living document of your:

      1. Customizable Application Rationalization Framework

      2. Recommendation Dispositions

      3. Application Portfolio Roadmap (seen below)

    Use the step-by-step advice within this blueprint to rationalize your application portfolio and build a realistic and accurate application roadmap that drives business value.

    Central to our approach to application rationalization are industry-leading frameworks

    Info-Tech uses the APQC and COBIT5 frameworks for certain areas of this research. Contextualizing application rationalization within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas. The APQC and COBIT5 frameworks are used as a starting point for assessing application effectiveness within specific business capabilities of the different components of application rationalization.

    APQC is one of the world's leading proponents of business benchmarking, best practices, and knowledge management research.

    COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    A public utility organization is using Info-Tech’s approach for rationalization of its applications for reduced complexity

    Case Study

    Industry: Public Sector

    Source: Info-Tech Research Group

    Challenge

    • The public utility has a complex application portfolio, with a large number of applications custom-built that provide limited functionality to certain business groups.
    • The organization needed to move away from custom point solutions and adopt more hosted solutions to cater to larger audiences across business domains.
    • The organization required a comprehensive solution for the following:
      • Understanding how applications are being used by business users.
      • Unraveling the complexity of its application landscape using a formal rationalization process.

    Solution

    • The organization went through a rationalization process with Info-Tech in a four-day onsite engagement to determine the following:
      • Satisfaction level and quality evaluation of end users’ perception of application functionality.
      • Confirmation on what needs to be done with each application under assessment.
      • The level of impact the necessary changes required for a particular application would have on the greater app ecosystem.
      • Prioritization methodology for application roadmap implementation.

    Results

    • Info-Tech’s Application Portfolio Assessment Diagnostic report helped the public utility understand what applications users valued and found difficult to use.
    • The rationalization process gave insight into situations where functionality was duplicated across multiple applications and could be consolidated within one application.
    • The organization determined that its application portfolio was highly complex, and Info-Tech provided a good framework for more in-depth analysis.
    • The organization now has a rationalization process that it can take to other business domains.

    AI and the Future of Enterprise Productivity

    • Buy Link or Shortcode: {j2store}329|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • We’re witnessing a fundamental transformation in how businesses operate and productivity is achieved.
    • Advances in narrow but powerful forms of artificial intelligence (AI) are being driven by a cluster of factors.
    • Applications for enterprise AI aren’t waiting for the emergence of a general AI. They’re being rapidly deployed in task-specific domains. From robotic process automation (RPA) to demand forecasting, from real-world robotics to AI-driven drug development, AI is boosting enterprise productivity in significant ways.

    Our Advice

    Critical Insight

    Algorithms are becoming more advanced, data is now richer and easier to collect, and hardware is cheaper and more powerful. All of this is true and contributes to the excitement around enterprise AI applications, but the biggest difference today is that enterprises are redesigning their processes around AI, rather than simply adding AI to their existing processes.

    Impact and Result

    This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

    AI and the Future of Enterprise Productivity Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read the trend report

    This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

    • AI and the Future of Enterprise Productivity Trend Report
    • AI and the Future of Enterprise Productivity Trend Report (PDF)
    [infographic]

    Manage Exponential Value Relationships

    • Buy Link or Shortcode: {j2store}210|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Implementing exponential IT will require businesses to work with external vendors to facilitate the rapid adoption of cutting-edge technologies such as generative artificial intelligence. IT leaders must:

    These challenges require new skills which build trust and collaboration among vendors.

    Our Advice

    Critical Insight

    Outcome-based relationships require a higher degree of trust than traditional vendor relationships. Build trust by sharing risks and rewards.

    Impact and Result

    • Assess your readiness to take on the new types of vendor relationships that will help you succeed.
    • Identify where you need to build your capabilities in order to successfully manage relationships.
    • Successfully manage outcomes, financials, risk, and relationships in complex vendor relationships.

    Manage Exponential Value Relationships Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Exponential Value Relationships Storyboard – Learn about the new era of exponential vendor relationships and the capabilities needed to succeed.

    This research walks you through how to assess your capabilities to undertake a new model of vendor relationships and drive exponential IT.

    • Manage Exponential Value Relationships Storyboard

    2. Exponential Relationships Readiness Assessment – Assess your readiness to engage in exponential vendor partnerships.

    This tool will facilitate your readiness assessment.

    • Exponential Relationships Readiness Assessment
    [infographic]

    Further reading

    Manage Exponential Value Relationships

    Are you ready to manage outcome-based agreements?

    Analyst Perspective

    Outcome-based agreements require a higher degree of mutual trust.

    Kim Osborne Rodriguez

    Exponential IT brings with it an exciting new world of cutting-edge technology and increasingly accelerated growth of business and IT. But adopting and driving change through this paradigm requires new capabilities to grow impactful and meaningful partnerships with external vendors who can help implement technologies like artificial intelligence and virtual reality.

    Building outcome-based partnerships involves working very closely with vendors who, in many cases, will have just as much to lose as the organizations implementing these new technologies. This requires a greater degree of trust between parties than a standard vendor relationship. It also drastically increases the risks to both organizations; as each loses some control over data and outcomes, they must trust that the other organization will follow through on commitments and obligations.

    Outcome-based partnerships build upon traditional vendor management practices and create the potential for organizations to embrace emerging technology in new ways.

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Exponential IT drives change

    Vendor relationships must evolve

    To deliver exponential value

    Implementing exponential IT will require businesses to work with external vendors to facilitate the rapid adoption of cutting-edge technologies such as generative artificial intelligence. IT leaders must:

    • Build strategic relationships with external entities to support the autonomization of the enterprise.
    • Procure, operate, and manage contracts and performance in outcome-based relationships.
    • Build relationships with new vendors.

    These challenges require new skills which build trust and collaboration with vendors.

    Traditional vendor management approaches are still important for organizations to develop and maintain. But exponential relationships bring new challenges:

    • A shift from managing technology service agreements to managing business capability agreements
    • Increased vendor access to intellectual property, confidential information, and customers

    IT leaders must adapt traditional vendor management capabilities to successfully lead this change.

    Outcome-based relationships should not be undertaken lightly as they can significantly impact the risk profile of the organization. Use this research to:

    • Assess your foundational vendor management capabilities as well as the transformative capabilities you need to manage outcome-based relationships.
    • Identify where you need to build your capabilities in order to successfully manage relationships.
    • Successfully manage outcomes, financials, risk, and relationships in complex vendor partnerships.

    Exponential value relationships will help drive exponential IT and autonomization of the enterprise.

    Info-Tech Insight

    Outcome-based partnerships require a higher degree of trust than traditional vendor relationships. Build trust by sharing risks and rewards.

    Vendor relationships can be worth billions of dollars

    Positive vendor relationships directly impact the bottom line, sometimes to the tune of billions of dollars annually.

    • Organizations typically spend 40% to 80% of their total budget on external suppliers.
    • Greater supplier trust translates directly to greater business profits, even in traditional vendor relationships.1
    • Based on over a decade of data from vehicle manufacturers, greater supplier relationships nearly doubled the unit profit margin on vehicles, contributing over $20 billion to Toyota’s annual profits based on typical sales volume.2
    • Having positive vendor relationships can be instrumental in times of crisis – when scarcity looms, vendors often choose to support their best customers.3,4 For example, Toyota protected itself from the losses many original equipment manufacturers (OEMs) faced in 2020 and showed improved profitability that year due to increased demand for vehicles which it was able to supply as a result of top-ranked vendor relationships.
    1 PR Newswire, 2022.
    2 Based on 10 years of data comparing Toyota and Nissan, every 1-point increase in the company’s Working Relations Index was correlated with a $15.77 net profit increase per unit. Impact on Toyota annual profits is based on 10.5 million units sold in 2021 and 2022.
    3 Interview with Renee Stanley, University of Texas at Arlington. Conducted 17 May 2023.
    4 Plante Moran, 2020.

    Supplier Trust Impacts OEM Profitability

    Sources: Macrotrends, Plante Moran 2022, Nissan 2022 and 2023, and Toyota 2022. Profit per car is based on total annual profit divided by total annual sales volume.

    Outcome-based relationships are a new paradigm

    In a new model where organizations are procuring autonomous capabilities, outcomes will govern vendor relationships.

    An outcome-based relationship requires a higher level of mutual trust than traditional vendor relationships. This requires shared reward and shared risk.

    Don’t forget about traditional vendor management relationships! Not all vendor relationships can (or should) be outcome-based.

    Managing Exponential Value Relationships.

    Case study

    INDUSTRY: Technology

    SOURCE: Press Release

    Microsoft and OpenAI partner on Azure, Teams, and Microsoft Office suite

    In January 2023, Microsoft announced a $10 billion investment in OpenAI, allowing OpenAI to continue scaling its flagship large language model, ChatGPT, and giving Microsoft first access to deploy OpenAI’s products in services like GitHub, Microsoft Office, and Microsoft Teams.

    Shared risk

    Issues with OpenAI’s platforms could have a debilitating effect on Microsoft’s own reputation – much like Google’s $100 billion stock loss following a blunder by its AI platform Bard – not to mention the financial loss if the platform does not live up to the hype.

    Shared reward

    This was a particularly important strategic move by Microsoft, as its main competitors develop their own AI models in a race to the top. This investment also gave OpenAI the resources to continue scaling and evolving its services much faster than it would be capable of on its own. If OpenAI’s products succeed, there is a significant upside for both companies.

    The image contains a graph that demonstrates time to reach 1 million users.

    Adapt your approach to vendor relationships

    Both traditional vendors and exponential relationships are important.

    Traditional

    procurement

    Vendor

    management

    Exponential vendor relationships

    • Ideal for procuring a product or service
    • Typically evaluates vendors based on their capabilities and track record of success
    • Focuses on metrics, KPIs, and contracts to deliver success to the organization purchasing the product or service
    • Vendors typically only have access to company data showing what is required to deliver their product or service
    • Ideal for managing vendors supplying products or services
    • Typically evaluates vendors based on the value and the criticality of a vendor to drive VM-resource allocation
    • External vendors do not generally participate in sharing of risks or rewards outside of payment for services or incentives/penalties
    • Vendors typically have limited access to company data
    • Ideal for procuring an autonomous capability
    • Typically evaluated based on the total possible value creation for both parties
    • External vendors share in substantial portions of the risks and rewards of the relationship
    • Vendors typically have significant access to company data, including proprietary methods, intellectual property, and customer lists

    Use this research to successfully
    manage outcome-based relationships.

    Use Info-Tech’s research to Jump Start Your Vendor Management Initiative.

    Common obstacles

    Exponential relationships require new approaches to vendor management as businesses autonomize:

    • Autonomization refers to the shift toward autonomous business capabilities which leverage technologies such as AI and quantum computing to operate independently of human interaction.
    • The speed and complexity of technology advancement requires that businesses move quickly and confidently to develop strong relationships and deliver value.
    • We are seeing businesses shift from procuring products and services to procuring autonomous business capabilities (sometimes called “as a service,” or aaS). This shift can drive exponential value but also increases complexity and risk.
    • Exponential IT requires a shift in emphasis toward more mature relationship and risk management strategies, compared to traditional vendor management.

    The shift from technology service agreements to business capability agreements needs a new approach

    Eighty-seven percent of organizations are currently experiencing talent shortages or expect to within a few years.

    Source: McKinsey, “Mind the [skills] gap”, 2021.

    Sixty-three percent of IT leaders plan to implement AI in their organizations by the end of 2023.

    Source: Info-Tech Research Group survey, 2022

    Insight summary

    Build trust

    Successfully managing exponential relationships requires increased trust and the ability to share both risks and rewards. Outcome-based vendors typically have greater access to intellectual property, customer data, and proprietary methods, which can pose a risk to the organization if this information is used to benefit competitors. Build mutual trust by sharing both risks and rewards.

    Manage risk

    Outcome-based relationships with external vendors can drastically affect an organization’s risk profile. Carefully consider third-party risk and shared risk, including ESG risk, as well as the business risk of losing control over capabilities and assets. Qualified risk specialists (such as legal, regulatory, contract, intellectual property law) should be consulted before entering outcome-based relationships.

    Drive outcomes

    Fostering strategic relationships can be instrumental in times of crisis, when being the customer of choice for key vendors can push your organization up the line from the vendor’s side – but be careful about relying on this too much. Vendor objectives may not align with yours, and in the end, everyone needs to protect themselves.

    Assess your readiness for exponential value relationships

    Key deliverable:

    Exponential Relationships Readiness Assessment

    Determine your readiness to build exponential value relationships.

    Measure the value of this blueprint

    Save thousands of dollars by leveraging this research to assess your readiness, before you lose millions from a relationship gone bad.

    Our research indicates that most organizations would take months to prepare this type of assessment without using our research. That’s over 80 person-hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Doesn’t your staff have better things to do?

    Start by answering a few brief questions, then return to this slide at the end to see how much your answers have changed.

    Establish Baseline Metrics

    Use Info-Tech’s research to Exponential Relationships Readiness Assessment.

    Estimated time commitment without Info-Tech’s research (person-hours)

    Establish a baseline

    Gauge the effectiveness of this research by asking yourself the following questions before and after completing your readiness assessment:

    Questions

    Before

    After

    To what extent are you satisfied with your current vendor management approach?

    How many of your current vendors would you describe as being of strategic importance?

    How much do you spend on vendors annually?

    How much value do you derive from your vendor relationships annually?

    Do you have a vendor management strategy?

    What outcomes are you looking to achieve through your vendor relationships?

    How well do you understand the core capabilities needed to drive successful vendor management?

    How well do you understand your current readiness to engage in outcome-based vendor relationships?

    Do you feel comfortable managing the risks when working with organizations to implement artificial intelligence and other autonomous capabilities?

    How to use this research

    Five tips to get the most out of your readiness assessment.

    1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
    2. Effectiveness levels range from basic (level 1) to advanced (level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with level 1 competencies, it is recommended to improve maturity in those areas before pursuing exponential relationships.
    3. This assessment is qualitative; complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
    4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
    5. Other industry- and region-specific competencies may be required to succeed at exponential relationships. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

    Financial management

    Manage your budget and spending to stay on track throughout your relationship.

    “Most organizations underestimate the amount of time, money, and skill required to build and maintain a successful relationship with another organization. The investment in exponential relationships is exponential in itself – as are the returns.”

    – Jennifer Perrier, Principal Research Director,
    Info-Tech Research Group

    This step involves the following participants:

    • Executive leadership team, including CIO
    • CFO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage scope and budget in exponential IT relationships.

    Successfully manage complex finances

    Stay on track and keep your relationship running smoothly.

    Why is this important?

    • Finance is at the core of most business – it drives decision making, acts as a constraint for innovation and optimization, and plays a key role in assessing options (such as return on investment or payback period).
    • Effectively managing finances is a critical success factor in developing strong relationships. Each organization must be able to manage their own budget and spending in order to balance the risk and reward in the relationship. Often, these risks and rewards will come in the form of profit and loss or revenue and spend.

    Build it into your practice:

    1. Ensure your financial decision-making practices are aligned with the organizational and relationship strategy. Do metrics and criteria reflect the organization’s goals?
    2. Develop strong accounting and financial analysis practices – this includes the ability to conduct financial due diligence on potential vendors.
    3. Develop consistent methodology to track and report on the desired outcomes on a regular basis.

    Build your ability to manage finances

    The five competencies needed to manage finances in exponential value relationships are:

    Budget procedures

    Financial alignment

    Adaptability

    Financial analysis

    Reporting & compliance

    Clearly articulate and communicate budgets, with proactive analysis and reporting.

    There is a strong, direct alignment between financial outcomes and organizational strategy and goals.

    Financial structures can manage many different types of relationships and structures without major overhaul.

    Proactive financial analysis is conducted regularly, with actionable insights.

    This exceeds legal requirements and includes proactive and actionable reporting.

    Relationship management

    Drive exponential value by becoming a customer of choice.

    “The more complex the business environment becomes — for instance, as new technologies emerge or as innovation cycles get faster — the more such relationships make sense. And the better companies get at managing individual relationships, the more likely it is that they will become “partners of choice” and be able to build entire portfolios of practical and value-creating partnerships.”

    (“Improving the management of complex business partnerships.” McKinsey, 2019)

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage relationships in exponential IT relationships.

    Take your relationships to the next level

    Maintaining positive relationships is key to building trust.

    Why is this important?

    • All relationships will experience challenges, and the ability to resolve these issues will rely heavily on the relationship management skills and soft skills of the leadership within each organization.
    • Based on a 20-year study of vendor relationships in the automotive sector, business-to-business trust is a function of reasonable demands, follow-through, and information sharing.
    (Source: Plante Moran, 2020)

    Build it into your practice:

    1. Develop the soft skills necessary to promote psychological safety, growth mindset, and strong and open communication channels.
    2. Be smart about sharing information – you don’t need to share everything, but being open about relevant information will enhance trust.
    3. Both parties need to work hard to develop trust necessary to build a true relationship. This will require increased access to decision-makers, clearly defined guardrails, and the ability for unsatisfied parties to leave.

    Build your ability to manage relationships

    The five competencies needed to manage relationships in exponential partnerships are:

    Strategic alignment

    Follow-through

    Information sharing

    Shared risk & rewards

    Communication

    Work with vendors to create roadmaps and strategies to drive mutual success.

    Ensure demands are reasonable and consistently follow through on commitments.

    Proactively and freely share relevant information between parties.

    Equitably share responsibility for outcomes and benefits from success.

    Ensure clear, proactive, and frequent communication occurs between parties.

    Performance management

    Outcomes management focuses on results, not methods.

    According to Jennifer Robinson, senior editor at Gallup, “This approach focuses people and teams on a concrete result, not the process required to achieve it. Leaders define outcomes and, along with managers, set parameters and guidelines. Employees, then, have a high degree of autonomy to use their own unique talents to reach goals their own way.” (Forbes, 2023)

    In the context of exponential relationships, vendors can be given a high degree of autonomy provided they meet their objectives.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage outcomes in exponential IT relationships.

    Manage outcomes to drive mutual success

    Build trust by achieving shared objectives.

    Why is this important?

    • Relationships are based on shared risk and shared reward for all parties. In order to effectively communicate the shared rewards, you must first understand and communicate your objectives for the relationship, then measure outcomes to ensure all parties are benefiting.
    • Effectively managing outcomes reduces the risk that one party will choose to leave based on a perception of benefits not being achieved. Parties may still leave the agreement, but decisions should be based on shared facts and issues should be communicated and addressed early.

    Build it into your practice:

    1. Clearly articulate what you hope to achieve by entering an outcome-based relationship. Each party should outline and agree to the goals, objectives, and desired outcomes from the relationship.
    2. Document how rewards will be shared among parties. What type of rewards are anticipated? Who will benefit and how?
    3. Develop consistent methodology to track and report on the desired outcomes on a regular basis. This might consist of a vendor scorecard or a monthly meeting.

    Build your ability to manage outcomes

    The five competencies needed to manage outcomes in exponential value relationships are:

    Goal setting

    Negotiation

    Performance tracking

    Issue
    resolution

    Scope management

    Set specific, measurable and actionable goals, and communicate them with stakeholders.

    Clearly articulate and agree upon measurable outcomes between all parties.

    Proactively track progress toward goals/outcomes and discuss results with vendors regularly.

    Openly discuss potential issues and challenges on a regular basis. Find collaborative solutions to problems.

    Proactively manage scope and discuss with vendors on a regular basis.

    Risk management

    Exponential IT means exponential risk – and exponential rewards.

    One of the key differentiators between traditional vendor relationships and exponential relationships is the degree to which risk is shared between parties. This is not possible in all industries, which may limit companies’ ability to participate in this type of exponential relationship.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Risk management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage risk in exponential IT relationships.

    Relationships come with a lot of hidden risks

    Successfully managing complex risks can be the difference between a spectacular success and company-ending failure.

    Why is this important?

    • Relationships inherently involve a loss of control. You are relying on another party to fulfill their part of the agreement, and you depend on the success of the outcome. Loss of control comes with significant risks.
    • Sharing in risk is what differentiates an outcome-based relationship from a traditional vendor relationship; vendors must have skin in the game.
    • Organizations must consider many different types of risk when considering a relationship with a vendor: fraud, security, human rights, labor relations, ESG, and operational risks. Remember that risk is not inherently bad; some risk is necessary.

    Build it into your practice:

    1. Build or hire the necessary risk expertise needed to properly assess and evaluate the risks of potential vendor relationships. This includes intellectual property, ESG, legal/regulatory, cybersecurity, data security, and more.
    2. Develop processes and procedures which clearly communicate and report on risk on a regular basis.

    Info-Tech Insight

    Some highly regulated industries (such as finance) are prevented from transferring certain types of risk. In these industries, it may be much more difficult to form vendor relationships.

    Don’t forget about third-party ESG risk

    Customers care about ESG. You should too.

    Protect yourself against third-party ESG risks by considering the environmental and social impacts of your vendors.

    Third-party ESG risks can include the following:

    • Environmental risk: Vendors with unsustainable practices such as carbon emissions or waste generation of natural resource depletion can negatively impact the organization’s environmental goals.
    • Social risk: Unsafe or illegal labor practices, human rights violations, and supply chain management issues can reflect negatively on organizations that choose to work with vendors who engage in such practices.
    • Governance risk: Vendors who engage in illegal or unethical behaviors, including bribery and corruption or data and privacy breaches can impact downstream customers.

    Working with vendors that have a poor record of ESG carries a very real reputational risk for organizations who do not undertake appropriate due diligence.

    A global survey of nearly 14,000 customers revealed that…

    Source: EY Future Consumer Index, 2021

    Seventy-seven percent of customers believe companies have a responsibility to manufacture sustainably.

    Sixty-eight percent of customers believe businesses should ensure their suppliers meet high social and environmental standards.

    Fifty-five percent of customers consider the environmental impact of production in their purchasing decisions.

    Build your ability to manage risk

    The five competencies needed to manage risk in exponential value relationships are:

    Third-party risk

    Value chain

    Data management

    Regulatory & compliance

    Monitoring & reporting

    Understand and assess third-party risk, including ESG risk, in potential relationships.

    Assess risk throughout the value chain for all parties and balance risk among parties.

    Proactively assess and manage potential data risks, including intellectual property and strategic data.

    Manage regulatory and compliance risks, including understanding risk transfer and ultimate risk holder.

    Proactive and open monitoring and reporting of risks, including regular communication among stakeholders.

    Contract management

    Contract management is a critical part of vendor management.

    Well-managed contracts include clearly defined pricing, performance-based outcomes, clear roles and responsibilities, and appropriate remedies for failure to meet requirements. In outcome-based relationships, contracts are generally used as a secondary method of enforcing performance, with relationship management being the primary method of addressing challenges and ensuring performance.

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Risk management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Assess your ability to manage risk in exponential IT relationships.

    Build your ability to manage contracts

    The five competencies needed to manage contracts in exponential value relationships are:

    Pricing

    Performance outcomes

    Roles and responsibilities

    Remedies

    Payment

    Pricing is clearly defined in contracts so that the total cost is understood including all fees, optional pricing, and set caps on increases.

    Contracts are performance-based whenever possible, including deliverables, milestones, service levels, due dates, and outcomes.

    Each party's roles and responsibilities are clearly defined in the contract documents with adequate detail.

    Contracts contain appropriate remedies for a vendor's failure to meet SLAs, due dates, and other obligations.

    Payment is made after performance targets are met, approved, or accepted.

    Activity 1: Assess your readiness for exponential relationships

    1-3 hours

    1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
    2. As a group, review the core competencies from the previous four sections and determine where your organization’s effectiveness lies for each competency. Record your responses in the Exponential Relationships Readiness Assessment tool.

    Download the Exponential Relationships Readiness Assessment tool.

    Input Output
    • Core competencies
    • Knowledge of internal processes and capabilities
    • Readiness assessment
    Materials Participants
    • Exponential
      Relationships Readiness Assessment
      tool
    • Whiteboard/flip charts
    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Understand your assessment

    This step involves the following participants:

    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Activities:

    • Create an action plan.

    Understand the results of your assessment

    Consider the following recommendations based on your readiness assessment scores:

    • The chart to the right shows sample results. The bars indicate the recommended scores, and the line indicates the readiness score.
    • Three or more categories below the recommended scores, or any categories more than five points below the recommendation: outcome-based relationships are not recommended at this time.
    • Two or more categories below the recommended scores: Proceed with caution and limit outcome-based relationships to low-risk areas. Continue to mature capabilities.
    • One category below the recommended scores: Evaluate the risks and benefits before engaging in higher-risk vendor relationships. Continue to mature capabilities.
    • All categories at or above the recommended scores: You have many of the core capabilities needed to succeed at exponential relationships! Continue to evaluate and refine your vendor relationships strategy, and identify any additional competencies needed based on your industry or region.

    Acme Corp Exponential Relationships Readiness.

    Activity 2: Create an action plan

    1 hour

    1. Gather the stakeholders who participated in the readiness assessment exercise.
    2. As a group, review the results of the readiness assessment. Where there any surprise? Do the results reflect your understanding of the organization’s maturity?
    3. Determine which areas are likely to limit the organization’s relationship capability, based on lowest scoring areas and relative importance to the organization.
    4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
    5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.
    InputOutput
    • Readiness assessment
    • Action plan to improve maturity of capabilities
    MaterialsParticipants
    • Exponential
      Relationship Readiness Assessment
      tool
    • Whiteboard/flip charts
    • Executive leadership team, including CIO
    • Vendor management leader
    • Other internal stakeholders of vendor relationships

    Related Info-Tech Research

    Jump Start Your Vendor Management Initiative
    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

    Elevate Your Vendor Management Initiative
    Transform your VMI from tactical to strategic to maximize its impact and value

    Evaluate Your Vendor Account Team to Optimize Vendor Relations
    Understand the value of knowing your account team’s influence in the organization, and your influence, to drive results.

    Related Info-Tech Research

    Build an IT Risk Management Program
    Mitigate the IT risks that could negatively impact your organization.

    Build an IT Budget
    Effective IT budgets are more than a spreadsheet. They tell a story.

    Adopt an Exponential IT Mindset
    Thrive through the next paradigm shift..

    Author

    Kim Osborne Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.

    Kim holds a Bachelor’s degree in Honours Mechatronics Engineering and an option in Management Sciences from the University of Waterloo.

    Research Contributors and Experts

    Jack Hakimian

    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multibillion-dollar organizations in multiple industries including financial services and telecommunications. Jack also served several large public sector institutions.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Michael Tweedie

    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He’s led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor’s degree in Architecture from Ryerson University.

    Scott Bickley

    Scott Bickley
    Practice Lead, VCCO
    Info-Tech Research Group

    Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group, focused on Vendor Management and Contract Review. He also has experience in the areas of IT Asset Management (ITAM), Software Asset Management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    Scott holds a B.S. in Justice Studies from Frostburg State University. He also holds active IAITAM certification designations of CSAM and CMAM and is a Certified Scrum Master (SCM).

    Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group, specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multistakeholder industry initiatives.

    Donna has a bachelor’s degree in economics from the University of Western Ontario.

    Research Contributors and Experts

    Jennifer Perrier

    Jennifer Perrier
    Principal Research Director
    Info-Tech Research Group

    Jennifer has 25 years of experience in the information technology and human resources research space, joining Info-Tech in 1998 as the first research analyst with the company. Over the years, she has served as a research analyst and research manager, as well as in a range of roles leading the development and delivery of offerings across Info-Tech’s product and service portfolio, including workshops and the launch of industry roundtables and benchmarking. She was also Research Lead for McLean & Company, the HR advisory division of Info-Tech, during its start-up years.

    Jennifer’s research expertise spans the areas of IT strategic planning, governance, policy and process management, people management, leadership, organizational change management, performance benchmarking, and cross-industry IT comparative analysis. She has produced and overseen the development of hundreds of publications across the full breadth of both the IT and HR domains in multiple industries. In 2022, Jennifer joined Info-Tech’s IT Financial Management Practice with a focus on developing financial transparency to foster meaningful dialogue between IT and its stakeholders and drive better technology investment decisions.

    Phil Bode

    Phil Bode
    Principal Research Director
    Info-Tech Research Group

    Phil has 30+ years of experience with IT procurement-related topics: contract drafting and review, negotiations, RFXs, procurement processes, and vendor management. Phil has been a frequent speaker at conferences, a contributor to magazine articles in CIO Magazine and ComputerWorld, and quoted in many other magazines. He is a co-author of the book The Art of Creating a Quality RFP.

    Phil has a Bachelor of Science in Business Administration with a double major of Finance and Entrepreneurship and a Bachelor of Science in Business Administration with a major of Accounting, both from the University of Arizona.

    Research Contributors

    Erin Morgan

    Erin Morgan
    Assistant Vice President, IT Administration
    University of Texas at Arlington

    Renee Stanley

    Renee Stanley
    Assistant Director IT Procurement and Vendor Management
    University of Texas at Arlington

    Note: Additional contributors did not wish to be identified.

    Bibliography

    Andrea, Dave. “Plante Moran’s 2022 Working Relations Index® (WRI) Study shows supplier relations can improve amid industry crisis.” Plante Moran, 25 Aug 2022. Accessed 18 May 2023.
    Andrea, Dave. “Trust between suppliers and OEMs can better prepare you for the next crisis.” Plante Moran, 9 Sept 2020. Accessed 17 May 2023.
    Cleary, Shannon, and Carolan McLarney. “Organizational Benefits of an Effective Vendor Management Strategy.” IUP Journal of Supply Chain Management, Vol. 16, Issue 4, Dec 2019.
    De Backer, Ruth, and Eileen Kelly Rinaudo. “Improving the management of complex business partnerships.” McKinsey, 21 March 2019. Accessed 9 May 2023 .
    Dennean, Kevin et al. “Let's chat about ChatGPT.” UBS, 22 Feb 2023. Accessed 26 May 2023.
    F&I Tools. “Nissan Worldwide Vehicle Sales Report.” Factory Warranty List, 2022. Accessed 18 May 2023.
    Gomez, Robin. “Adopting ChatGPT and Generative AI in Retail Customer Service.” Radial, 235, April 2023. Accessed 10 May 2023.
    Harms, Thomas and Kristina Rogers. “How collaboration can drive value for you, your partners and the planet.” EY, 26 Oct 2021. Accessed 10 May 2023.
    Hedge & Co. “Toyota, Honda finish 1-2; General Motors finishes at 3rd in annual Supplier Working Relations Study.” PR Newswire, 23 May 2022. Accessed 17 May 2023.
    Henke Jr, John W., and T. Thomas. "Lost supplier trust, lost profits." Supply Chain Management Review, May 2014. Accessed 17 May 2023.
    Information Services Group, Inc. “Global Demand for IT and Business Services Continues Upward Surge in Q2, ISG Index™ Finds.” BusinessWire, 7 July 2021. Accessed 8 May 2023.
    Kasanoff, Bruce. “New Study Reveals Costs Of Bad Supplier Relationships.” Forbes, 6 Aug 2014. Accessed 17 May 2023.
    Macrotrends. “Nissan Motor Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
    Macrotrends. “Toyota Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
    McKinsey. “Mind the [skills] gap.” McKinsey, 27 Jan 2021. Accessed 18 May 2023.
    Morgan, Blake. “7 Examples of How Digital Transformation Impacted Business Performance.” Forbes, 21 Jul 2019. Accessed 10 May 2023.
    Nissan Motor Corporation. “Nissan reports strong financial results for fiscal year 2022.” Nissan Global Newsroom, 11 May 2023. Accessed 18 May 2023.

    Bibliography

    “OpenAI and Microsoft extend partnership.” Open AI, 23 Jan 2023. Accessed 26 May 2023.
    Pearson, Bryan. “The Apple Of Its Aisles: How Best Buy Lured One Of The Biggest Brands.“ Forbes, 23 Apr 2015. Accessed 23 May 2023.
    Perifanis, Nikolaos-Alexandros and Fotis Kitsios. “Investigating the Influence of Artificial Intelligence on Business Value in the Digital Era of Strategy: A Literature Review.” Information, 2 Feb 2023. Accessed 10 May 2023.
    Scott, Tim and Nathan Spitse. “Third-party risk is becoming a first priority challenge.” Deloitte. Accessed 18 May 2023.
    Stanley, Renee. Interview by Kim Osborne Rodriguez, 17 May 2023.
    Statista. “Toyota's retail vehicle sales from 2017 to 2021.” Statista, 27 Jul 2022. Accessed 18 May 2023.
    Tlili, Ahmed, et al. “What if the devil is my guardian angel: ChatGPT as a case study of using chatbots in education.” Smart Learning Environments, 22 Feb 2023. Accessed 9 May 2023.
    Vitasek, Kate. “Outcome-Based Management: What It Is, Why It Matters And How To Make It Happen.” Forbes, 12 Jan 2023. Accessed 9 May 2023.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}220|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
    • Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Reputational Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your brand reputation.

    Use this research to identify and quantify the potential reputational impacts caused by vendors. Use Info-Tech's approach to look at the reputational impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Reputational Risk Impacts on Your Organization Storyboard

    2. Reputational Risk Impact Tool – Use this tool to help identify and quantify the reputational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Reputational Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Reputational Risk Impacts on Your Organization

    Brand reputation is the most valuable asset an organization can protect.

    Analyst Perspective

    Organizations must diligently assess and protect their reputations, both in the market and internally.

    Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.

    Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Reputational risk impacts

    Potential losses to the organization due to risks to its reputation and brand

    In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.

    Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Reputational' highlighted.

    Protect your most valuable asset: your brand

    25%

    of a company’s market value is due to reputation (Transmission Private, 2021)

    94%

    of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022)

    14 hours

    is the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018)
    Image of an umbrella covering the word 'BRAND' and three arrows approaching from above.

    What is brand recognition?

    And the cost of rebranding

    Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)

    Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)

    The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).

    Stock image of a house with a money sign chimney.

    "All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)

    What your vendor associations say about you

    Arrows of multiple colors coalescing in an Earth labelled 'Your Brand', and then a red arrow that reads 'Reputation' points to the terms on the right.

    Bad Customer Reviews

    Breach of Data

    Poor Security Posture

    Negative News Articles

    Public Lawsuits

    Poor Performance

    How a major vendor protects its brand

    An ideal state
    • There is a dedicated brand protection department.
    • All employees are educated annually on brand protection policies and procedures.
    • Brand protection is tied to cybersecurity.
    • The organization actively monitors its brand and reputation through various media formats.
    • The organization has criteria for assessing x-party vendors and holds them accountable through ongoing monitoring and validation of their activities.

    Brand Protection
    Done Right

    Sticker for a '5 Star Rating'.

    Never underestimate the power of local media on your profits

    Info-Tech Insight

    Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.

    Story: Restaurant data breach

    Losing customer faith

    A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.

    Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.

    In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.

    For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
    Broken trust.

    Story: Monitor your subcontractors

    Trust but verify

    A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.

    The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.

    Weeks later, the contractor checked in with the clients and received a ton of negative feedback:

    • The specialist called them once and never called back.
    • The specialist refused to do the work as described and wanted to charge extra.
    • The specialist performed work to “fix” the issue but cut corners to lessen their costs.

    As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.

    Stock image of a sad construction site supervisor.

    You work hard for your reputation. Don’t let others ruin it.

    Don’t forget to look within as well as without

    Stock image of a frustrated desk worker.

    Story: Internal reputation is vital

    Trust works both ways

    An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.

    Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.

    The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.

    It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.

    How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?

    It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them

    Stock image of a fingerprint on a computer chip under a blacklight.

    Identify, manage, and monitor reputational risks

    Global markets
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Now more than ever, organizations need to be mindful of the larger global landscape and how their interactions within various regions can impact their reputation.
    Social media
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Changes in social media generally happen faster than companies can recognize them. If you are not actively monitoring those risks, the damage could set in before you even have a chance to respond.
    Global shortages
    • Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term plans.
    • Customers don’t always understand what is happening in the global supply chain and may blame you for poor service if you cannot meet demands as you have in the past.

    Which way is your reputation heading?

    • Do you understand and track items that might affect your reputation?
    • Do you understand the impact they may have on your business?

    Visualization of a Newton's Cradle perpetual motion device, aka clacky balls. The lifted ball is colored green with a smiley face and is labelled 'Your Brand Reputation'. The other four balls are red with a frowny face and are labelled 'Data Breach/ Lawsuit', 'Service Disruption', 'Customer Complaint', and 'Poor Delivery'.

    Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape

    Info-Tech Insight

    Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.

    Reputational risks

    Not protecting your brand can have disastrous consequences to your organization

    • Data breaches & lawsuits
    • Poor vendor performance
    • Service disruptions
    • Negative reviews

    Stock image of a smiling person on their phone rating something five stars.

    What to look for in vendors

    Identify potential reputational risk impacts
    • Check online reviews from both customers and employees.
    • Check news sites:
      • Has the vendor been affected by a breach?
      • Is the vendor frequently in the news – good or bad? Greater exposure can cause an uptick in hostile attacks, so make sure the vendor has adequate protections in line with its exposure.
    • Review its financials. Is it prime for an acquisition/bankruptcy or other significant change?
    • Review your contractual protections to ensure that you are made whole in the event something goes wrong. Has anything changed with the vendor that requires you to increase your protections?
    • Has anything changed in the vendor’s market? Is a competitor taking its business, or are its resources stretched on multiple projects due to increased demand?
    Illustration of business people in a city above various icons.

    Assessing Reputational Risk Impacts

    Zigzagging icons and numbers one through 7 alternating sides downward. Review Organizational Strategy
    Understand the organizational strategy to prepare for the “what if” game exercise.
    Identify & Understand Potential Risks
    Play the “what if” game with the right people at the table.
    Create a Risk Profile Packet for Leadership
    Pull all the information together in a presentation document.
    Validate the Risks
    Work with leadership to ensure that the proposed risks are in line with their thoughts.
    Plan to Manage the Risks
    Lower the overall risk potential by putting mitigations in place.
    Communicate the Plan
    It is important not only to have a plan but also to socialize it in the organization for awareness.
    Enact the Plan
    Once the plan is finalized and socialized put it in place with continued monitoring for success.
    (Adapted from Harvard Law School Forum on Corporate Governance)

    Insight Summary

    Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.

    Insight 1

    Understanding how to monitor social media activity and online content will give you an edge in the current environment.

    Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.

    Insight 2

    Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

    For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

    Insight 3

    Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.

    Do you include a social media and brand protection policy in your annual education?

    Identify reputational risk

    Who should be included in the discussion?
    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make INFORMED decisions.
    • Getting input from your organization's marketing experts will enhance your brand's long-term protection.
    • Involving those who directly manage vendors and understand the market will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.
    • Organizations have a wealth of experience in their marketing departments that can help identify real-world negative scenarios.
    • Include vendor relationship managers to help track what is happening in the media for those vendors.
    Keep in mind: (R=L*I)
    Risk = Likelihood x Impact

    Impact tends to remain the same, while likelihood is a very flexible variable.

    Stock image of a flowchart asking 'Risk?', 'Yes', 'No'.

    Manage and monitor reputational risk impacts

    What can we realistically do about the risks?
    • Re-evaluate corporate policies frequently.
    • Ensure proper protections in contracts:
      • Limit the use of your brand name in the publicity and trademark clauses.
      • Make sure to include security protections for your data in the event of a breach; understand that reputation can rarely be made whole again once trust is breached.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time and adjust your strategy based on the lessons.
    • Monitor your company’s and associated vendors’ online presence.
    • Track similar companies’ brand reputations to see how yours compares in the market.

    Social media is driving the need for perpetual diligence.

    Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.

    Stock image of a person on a phone that is connected to other people.

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive reputational risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion

    Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Reputational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risk but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Reputational Risk Impact Tool

    Example: Low reputational risk

    We can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue.

    Stock image of construction workers.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a low average score of '1.3' and '%100' total weight in their respective columns.

    Example: High reputational risk

    Note in the example how the tool can represent different weights for each of the criteria depending on your needs.

    Stock image of an older person looking out a window.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a high average score of '3.1' and '%100' total weight in their respective columns.

    Summary

    Be vigilant and adaptable to change
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Bring the right people to the table to outline potential risks to your organization’s brand reputation.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.
    Stock image of a person's face overlaid with many different images.

    Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market.

    Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster.

    Bibliography

    "The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.

    Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.

    Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.

    Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.

    Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.

    Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.

    "Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.

    "Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.

    Related Info-Tech Research

    Sample of 'Assessing Financial Risk Management'. Identify and Manage Financial Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.
    Sample of 'How to Assess Strategic Risk'. Identify and Manage Strategic Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential strategic impact requires multiple people in the organization across several functions – and those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often caught unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
    Research coming soon. Jump Start Your Vendor Management Initiative
    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. The key is to adapt vendor management principles to fit your needs…not the other way around.
    • All vendors are not of equal importance to an organization. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Research Contributors and Experts

    Frank Sewell

    Research Director
    Info-Tech Research Group

    Donna Glidden

    Research Director
    Info-Tech Research Group

    Steven Jeffery

    Principal Research Director
    Info-Tech Research Group

    Mark Roman

    Managing Partner
    Info-Tech Research Group

    Phil Bode

    Principal Research Director
    Info-Tech Research Group

    Sarah Pletcher

    Executive Advisor
    Info-Tech Research Group

    Scott Bickley

    Practice Lead
    Info-Tech Research Group

    Lead Strategic Decision Making With Service Portfolio Management

    • Buy Link or Shortcode: {j2store}397|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • There are no standardized processes for the intake of new ideas and no consistent view of the drivers needed to assess the value of these ideas.
    • IT is spending money on low-value services and doesn’t have the ability to understand and track value in order to prioritize IT investment.
    • CIOs are not trusted to drive innovation.

    Our Advice

    Critical Insight

    • The service portfolio empowers IT to be a catalyst in business strategy, change, and growth.
    • IT must drive value-based investment by understanding value of all services in the portfolio.
    • Organizations must assess the value of their services throughout their lifecycle to optimize business outcomes and IT spend.

    Impact and Result

    • Optimize IT investments by prioritizing services that provide more value to the business, ensuring that you do not waste money on low-value or out-of-date IT services.
    • Ensure that services are directly linked to business objectives, goals, and needs, keeping IT embedded in the strategic vision of the organization.
    • Enable the business to understand the impact of IT capabilities on business strategy.
    • Ensure that IT maintains a strategic and tactical view of the services and their value.
    • Drive agility and innovation by having a streamlined view of your business value context and a consistent intake of ideas.
    • Provide strategic leadership and create new revenue by understanding the relative value of new ideas vs. existing services.

    Lead Strategic Decision Making With Service Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Service portfolio management enables organizations to become strategic value creators by establishing a dynamic view of service value. Understand the driving forces behind the need to manage services through their lifecycles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the service portfolio

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 1: Establish the Service Portfolio
    • Service Portfolio Worksheet

    2. Develop a value assessment framework

    Use the value assessment tool to assess services based on the organization’s context of value.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 2: Develop a Value Assessment Framework
    • Value Assessment Tool
    • Value Assessment Example Tool

    3. Manage intake and assessment of initiatives

    Create a centralized intake process to manage all new service ideas.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 3: Manage Intake and Assessment of Initiatives
    • Service Intake Form

    4. Assess active services

    Continuously validate the value of the existing service and determine the future of service based on the value and usage of the service.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 4: Assess Active Services

    5. Manage and communicate the service portfolio

    Communicate and implement the service portfolio within the organization, and create a mechanism to seek out continuous improvement opportunities.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 5: Manage and Communicate the Service Portfolio
    [infographic]

    Workshop: Lead Strategic Decision Making With Service Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Service Portfolio

    The Purpose

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    Understand at a high level the steps involved in managing the service portfolio.

    Key Benefits Achieved

    Adapt the Service Portfolio Worksheet to organizational needs and create a plan to begin documenting services in the worksheet.

    Activities

    1.1 Review the Service Portfolio Worksheet.

    1.2 Adapt the Service Portfolio Worksheet.

    Outputs

    Knowledge about the use of the Service Portfolio Worksheet.

    Adapt the worksheet to reflect organizational needs and structure.

    2 Develop a Value Assessment Framework

    The Purpose

    Understand the need for a value assessment framework.

    Key Benefits Achieved

    Identify the organizational context of value through a holistic look at business objectives.

    Leverage Info-Tech’s Value Assessment Tool to validate and determine service value.

    Activities

    2.1 Understand value from business context.

    2.2 Determine the governing body.

    2.3 Assess culture and organizational structure.

    2.4 Complete the value assessment.

    2.5 Discuss value assessment score.

    Outputs

    Alignment on value context.

    Clear roles and responsibilities established.

    Ensure there is a supportive organizational structure and culture in place.

    Understand how to complete the value assessment and obtain a value score for selected services.

    Understand how to interpret the service value score.

    3 Manage Intake and Assessment of Initiatives

    The Purpose

    Create a centralized intake process to manage all new service ideas.

    Key Benefits Achieved

    Encourage collaboration and innovation through a transparent, formal, and centralized service intake process.

    Activities

    3.1 Review or design the service intake process.

    3.2 Review the Service Intake Form.

    3.3 Design a process to assess and transfer service ideas.

    3.4 Design a process to transfer completed services to the service catalog.

    Outputs

    Create a centralized process for service intake.

    Complete the Service Intake Form for a specific initiative.

    Have a process designed to transfer approved projects to the PMO.

    Have a process designed for transferring of completed services to the service catalog.

    4 Assess Active Services

    The Purpose

    Continuously validate the value of existing services.

    Key Benefits Achieved

    Ensure services are still providing the expected outcome.

    Clear next steps for services based on value.

    Activities

    4.1 Discuss/review management of active services.

    4.2 Complete value assessment for an active service.

    4.3 Determine service value and usage.

    4.4 Determine the next step for the service.

    4.5 Document the decision regarding the service outcome.

    Outputs

    Understand how active services must be assessed throughout their lifecycles.

    Understand how to assess an existing service.

    Place the service on the 2x2 matrix based on value and usage.

    Understand the appropriate next steps for services based on value.

    Formally document the steps for each of the IRMR options.

    5 Manage and Communicate Your Service Portfolio

    The Purpose

    Communicate and implement the service portfolio within the organization.

    Key Benefits Achieved

    Obtain buy-ins for the process.

    Create a mechanism to identify changes within the organization and to seek out continuous improvement opportunities for the service portfolio management process and procedures.

    Activities

    5.1 Create a communication plan for service portfolio and value assessment.

    5.2 Create a communication plan for service intake.

    5.3 Create a procedure to continuously validate the process.

    Outputs

    Document the target audience, the message, and how the message should be communicated.

    Document techniques to encourage participation and promote participation from the organization.

    Document the formal review process, including cycle, roles, and responsibilities.

    Develop an Availability and Capacity Management Plan

    • Buy Link or Shortcode: {j2store}500|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $2,840 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Availability & Capacity Management
    • Parent Category Link: /availability-and-capacity-management
    • It is crucial for capacity managers to provide capacity in advance of need to maximize availability.
    • In an effort to ensure maximum uptime, organizations are overprovisioning (an average of 59% for compute, and 48% for storage). With budget pressure mounting (especially on the capital side), the cost of this approach can’t be ignored.
    • Half of organizations have experienced capacity-related downtime, and almost 60% wait more than three months for additional capacity.

    Our Advice

    Critical Insight

    • All too often capacity management is left as an afterthought. The best capacity managers bake capacity management into their organization’s business processes, becoming drivers of value.
    • Communication is key. Build bridges between your organization’s silos, and involve business stakeholders in a dialog about capacity requirements.

    Impact and Result

    • Map business metrics to infrastructure component usage, and use your organization’s own data to forecast demand.
    • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.
    • Establish infrastructure as a driver of business value, not a “black hole” cost center.

    Develop an Availability and Capacity Management Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a capacity management plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop an Availability and Capacity Management Plan – Phases 1-4

    1. Conduct a business impact analysis

    Determine the most critical business services to ensure availability.

    • Develop an Availability and Capacity Management Plan – Phase 1: Conduct a Business Impact Analysis
    • Business Impact Analysis Tool

    2. Establish visibility into core systems

    Craft a monitoring strategy to gather usage data.

    • Develop an Availability and Capacity Management Plan – Phase 2: Establish Visibility into Core Systems
    • Capacity Snapshot Tool

    3. Solicit and incorporate business needs

    Integrate business stakeholders into the capacity management process.

    • Develop an Availability and Capacity Management Plan – Phase 3: Solicit and Incorporate Business Needs
    • Capacity Plan Template

    4. Identify and mitigate risks

    Identify and mitigate risks to your capacity and availability.

    • Develop an Availability and Capacity Management Plan – Phase 4: Identify and Mitigate Risks

    [infographic]

    Workshop: Develop an Availability and Capacity Management Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Conduct a Business Impact Analysis

    The Purpose

    Determine the most important IT services for the business.

    Key Benefits Achieved

    Understand which services to prioritize for ensuring availability.

    Activities

    1.1 Create a scale to measure different levels of impact.

    1.2 Evaluate each service by its potential impact.

    1.3 Assign a criticality rating based on the costs of downtime.

    Outputs

    RTOs/RPOs

    List of gold systems

    Criticality matrix

    2 Establish Visibility Into Core Systems

    The Purpose

    Monitor and measure usage metrics of key systems.

    Key Benefits Achieved

    Capture and correlate data on business activity with infrastructure capacity usage.

    Activities

    2.1 Define your monitoring strategy.

    2.2 Implement your monitoring tool/aggregator.

    Outputs

    RACI chart

    Capacity/availability monitoring strategy

    3 Develop a Plan to Project Future Needs

    The Purpose

    Determine how to project future capacity usage needs for your organization.

    Key Benefits Achieved

    Data-based, systematic projection of future capacity usage needs.

    Activities

    3.1 Analyze historical usage trends.

    3.2 Interface with the business to determine needs.

    3.3 Develop a plan to combine these two sources of truth.

    Outputs

    Plan for soliciting future needs

    Future needs

    4 Identify and Mitigate Risks

    The Purpose

    Identify potential risks to capacity and availability.

    Develop strategies to ameliorate potential risks.

    Key Benefits Achieved

    Proactive approach to capacity that addresses potential risks before they impact availability.

    Activities

    4.1 Identify capacity and availability risks.

    4.2 Determine strategies to address risks.

    4.3 Populate and review completed capacity plan.

    Outputs

    List of risks

    List of strategies to address risks

    Completed capacity plan

    Further reading

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    ANALYST PERSPECTIVE

    The cloud changes the capacity manager’s job, but it doesn’t eliminate it.

    "Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."

    Jeremy Roberts,

    Consulting Analyst, Infrastructure Practice

    Info-Tech Research Group

    Availability and capacity management transcend IT

    This Research Is Designed For:

    ✓ CIOs who want to increase uptime and reduce costs

    ✓ Infrastructure managers who want to deliver increased value to the business

    ✓ Enterprise architects who want to ensure stability of core IT services

    ✓ Dedicated capacity managers

    This Research Will Help You:

    ✓ Develop a list of core services

    ✓ Establish visibility into your system

    ✓ Solicit business needs

    ✓ Project future demand

    ✓ Set SLAs

    ✓ Increase uptime

    ✓ Optimize spend

    This Research Will Also Assist:

    ✓ Project managers

    ✓ Service desk staff

    This Research Will Help Them:

    ✓ Plan IT projects

    ✓ Better manage availability incidents caused by lack of capacity

    Executive summary

    Situation

    • IT infrastructure leaders are responsible for ensuring that the business has access to the technology needed to keep the organization humming along. This requires managing capacity and availability.
    • Dependencies go undocumented. Services are provided on an ad hoc basis, and capacity/availability are managed reactively.

    Complication

    • Organizations are overprovisioning an average of 59% for compute, and 48% for storage. This is expensive. With budget pressure mounting, the cost of this approach can’t be ignored.
    • Lead time to respond to demand is long. Half of organizations have experienced capacity-related downtime, and almost 60% wait 3+ months for additional capacity. (451 Research, 3)

    Resolution

    • Conduct a business impact analysis to determine which of your services are most critical, and require active capacity management that will reap more in benefits than it produces in costs.
    • Establish visibility into your system. You can’t track what you can’t see, and you can’t see when you don’t have proper monitoring tools in place.
    • Develop an understanding of business needs. Use a combination of historical trend analyses and consultation with line of business and project managers to separate wants from needs. Overprovisioning used to be necessary, but is no longer required.
    • Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.

    Info-Tech Insight

    1. Components are critical. The business doesn’t care about components. You, however, are not so lucky…
    2. Ask what the business is working on, not what they need. If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs.
    3. Cloud shmoud. The role of the capacity manager is changing with the cloud, but capacity management is as important as ever.

    Save money and drive efficiency with an effective availability and capacity management plan

    Overprovisioning happens because of the old style of infrastructure provisioning (hardware refresh cycles) and because capacity managers don’t know how much they need (either as a result of inaccurate or nonexistent information).

    According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:

    • Identify your gold systems
    • Establish visibility into them
    • Project your future capacity needs

    Balancing overprovisioning and spending is the capacity manager’s struggle.

    Availability and capacity management go together like boots and feet

    Availability and capacity are not the same, but they are related and can be effectively managed together as part of a single process.

    If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.

    "Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."

    – OGC, Best Practice for Service Delivery, 12

    "Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"

    – OGC, Business Perspective, 90

    Integrate the three levels of capacity management

    Successful capacity management involves a holistic approach that incorporates all three levels.

    Business The highest level of capacity management, business capacity management, involves predicting changes in the business’ needs and developing requirements in order to make it possible for IT to adapt to those needs. Influx of new clients from a failed competitor.
    Service Service capacity management focuses on ensuring that IT services are monitored to determine if they are meeting pre-determined SLAs. The data gathered here can be used for incident and problem management. Increased website traffic.
    Component Component capacity management involves tracking the functionality of specific components (servers, hard drives, etc.), and effectively tracking their utilization and performance, and making predictions about future concerns. Insufficient web server compute.

    The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.

    A healthcare organization practiced poor capacity management and suffered availability issues as a result

    CASE STUDY

    Industry: Healthcare

    Source: Interview

    New functionalities require new infrastructure

    There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.

    Beware underestimating demand and hardware sourcing lead times

    As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.

    Sufficient budget won’t ensure success without capacity planning

    The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.

    Manage availability and keep your stakeholders happy

    If you run out of capacity, you will inevitably encounter availability issues like downtime and performance degradation . End users do not like downtime, and neither do their managers.

    There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).

      1. Uptime:

    The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.

      1. Reliability:

    The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.

      1. Maintainability:

    The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.

    Enter the cloud: changes in the capacity manager role

    There can be no doubt – the rise of the public cloud has fundamentally changed the nature of capacity management.

    Features of the public cloudImplications for capacity management
    Instant, or near-instant, instantiation Lead times drop; capacity management is less about ensuring equipment arrives on time.
    Pay-as-you go services Capacity no longer needs to be purchased in bulk. Pay only for what you use and shut down instances that are no longer necessary.
    Essentially unlimited scalability Potential capacity is infinite, but so are potential costs.
    Offsite hosting Redundancy, but at the price of the increasing importance of your internet connection.

    Vendors will sell you the cloud as a solution to your capacity/availability problems

    The image contains two graphs. The first graph on the left is titled: Reactive Management, and shows the struggling relationship between capacity and demand. The second graph on the right is titled: Cloud future (ideal), which demonstrates a manageable relationship between capacity and demand over time.

    Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.

    Reality check: even in the cloud era, capacity management is necessary

    You will likely find vendors to nurture the growth of a gap between your expectations and reality. That can be damaging.

    The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.

    The image contains an example of cloud reality not matching with the cloud ideal in the form of a graph. The graph is split horizontally, the top half is red, and there is a dotted line splitting it from the lower half. The line is labelled: Reserved instance ceiling. In the bottom half, it is the colour green and has a curving line.

    Use best practices to optimize your cloud resources

    The image contains two graphs. The graph on the left is labelled: Ineffective reserve capacity. At the top of the graph is a dotted line labelled: Reserved Instance ceiling. The graph is measuring capacity requirements over time. There is a curved line on the graph that suddenly spikes and comes back down. The spike is labelled unused capacity. The graph on the right is labelled: Effective reserve capacity. The reserved instance ceiling is about halfway down this graph, and it is comparing capacity requirements over time. This graph has a curved line on it, also has a spike and is labelled: spot instance.

    Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.

    Evaluate business impact; not all systems are created equal

    Limited resources are a reality. Detailed visibility into every single system is often not feasible and could be too much information.

    Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.

    Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.

    Take advantage of a business impact analysis to define and understand your critical services

    Ideally, downtime would be minimal. In reality, though, downtime is a part of IT life. It is important to have realistic expectations about its nature and likelihood.

    STEP 1

    STEP 2

    STEP 3

    STEP 4

    STEP 5

    Record applications and dependencies

    Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

    Define impact scoring scale

    Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

    Estimate impact of downtime

    Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

    Identify desired RTO and RPO

    Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

    Determine current RTO/RPO

    Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

    Info-Tech Insight

    According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.

    Establish visibility into critical systems

    You may have seen “If you can’t measure it, you can’t manage it” or a variation thereof floating around the internet. This adage is consumable and makes sense…doesn’t it?

    "It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."

    – W. Edwards Deming, statistician and management consultant, author of The New Economics

    While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.

    Solicit needs from line of business managers

    Unless you head the world’s most involved IT department (kudos if you do) you’re going to have to determine your needs from the business.

    Do

    Do not

    ✓ Develop a positive relationship with business leaders responsible for making decisions.

    ✓ Make yourself aware of ongoing and upcoming projects.

    ✓ Develop expertise in organization-specific technology.

    ✓ Make the business aware of your expenses through chargebacks or showbacks.

    ✓ Use your understanding of business projects to predict business needs; do not rely on business leaders’ technical requests alone.

    X Be reactive.

    X Accept capacity/availability demands uncritically.

    X Ask line of business managers for specific computing requirements unless they have the technical expertise to make informed judgments.

    X Treat IT as an opaque entity where requests go in and services come out (this can lead to irresponsible requests).

    Demand: manage or be managed

    You might think you can get away with uncritically accepting your users’ demands, but this is not best practice. If you provide it, they will use it.

    The company meeting

    “I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.

    "Work expands as to fill the resources available for its completion…"

    – C. Northcote Parkinson, quoted in Klimek et al.

    Combine historical data with the needs you’ve solicited to holistically project your future needs

    Predicting the future is difficult, but when it comes to capacity management, foresight is necessary.

    Critical inputs

    In order to project your future needs, the following inputs are necessary.

    1. Usage trends: While it is true that past performance is no indication of future demand, trends are still a good way to validate requests from the business.
    2. Line of business requests: An understanding of the projects the business has in the pipes is important for projecting future demand.
    3. Institutional knowledge: Read between the lines. As experts on information technology, the IT department is well-equipped to translate needs into requirements.
    The image contains a graph that is labelled: Projected demand, and graphs demand over time. There is a curved line that passes through a vertical line labelled present. There is a box on top of the graph that contains the text: Note: confidence in demand estimates will very by service and by stakeholder.

    Follow best practice guidelines to maximize the efficiency of your availability and capacity management process

    The image contains Info-Tech's IT Management & Governance Framework. The framework displays many of Info-Tech's research to help optimize and improve core IT processes. The name of this blueprint is under the Infrastructure & Operations section, and has been circled to point out where it is in the framework.

    Understand how the key frameworks relate and interact

    The image contains a picture of the COBIT 5 logo.

    BA104: Manage availability and capacity

    • Current state assessment
    • Forecasting based on business requirements
    • Risk assessment of planning and implementation of requirements
    The image contains a picture of the ITIL logo

    Availability management

    • Determine business requirements
    • Match requirements to capabilities
    • Address any mismatch between requirements and capabilities in a cost-effective manner

    Capacity management

    • Monitoring services and components
    • Tuning for efficiency
    • Forecasting future requirements
    • Influencing demand
    • Producing a capacity plan
    The image contains a picture of Info-Tech Research Group logo.

    Availability and capacity management

    • Conduct a business impact analysis
    • Establish visibility into critical systems
    • Solicit and incorporate business needs
    • Identify and mitigate risks

    Disaster recovery and business continuity planning are forms of availability management

    The scope of this project is managing day-to-day availability, largely but not exclusively, in the context of capacity. For additional important information on availability, see the following Info-Tech projects.

      • Develop a Business Continuity Plan

    If your focus is on ensuring process continuity in the event of a disaster.

      • Establish a Program to Enable Effective Performance Monitoring

    If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.

      • Create a Right-Sized Disaster Recovery Plan

    If your focus is on hardening your IT systems against major events.

    Info-Tech’s approach to availability and capacity management is stakeholder-centered and cloud ready

    Phase 1:

    Conduct a business impact analysis

    Phase 2:

    Establish visibility into core systems

    Phase 3:

    Solicit and incorporate business needs

    Phase 4:

    Identify and mitigate risks

    1.1 Conduct a business impact analysis

    1.2 Assign criticality ratings to services

    2.1 Define your monitoring strategy

    2.2 Implement monitoring tool/aggregator

    3.1 Solicit business needs

    3.2 Analyze data and project future needs

    4.1 Identify and mitigate risks

    Deliverables

    • Business impact analysis
    • Gold systems
    • Monitoring strategy
    • List of stakeholders
    • Business needs
    • Projected capacity needs
    • Risks and mitigations
    • Capacity management summary cards

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Availability & capacity management – project overview

     

    Conduct a business impact analysis

    Establish visibility into core systems

    Solicit and incorporate business needs

    Identify and
    mitigate risks

    Best-Practice Toolkit

    1.1 Create a scale to measure different levels of impact

    1.2 Assign criticality ratings to services

    2.1 Define your monitoring strategy

    2.2 Implement your monitoring tool/aggregator

    3.1 Solicit business needs and gather data

    3.2 Analyze data and project future needs

    4.1 Identify and mitigate risks

    Guided Implementations

    Call 1: Conduct a business impact analysis Call 1: Discuss your monitoring strategy

    Call 1: Develop a plan to gather historical data; set up plan to solicit business needs

    Call 2: Evaluate data sources

    Call 1: Discuss possible risks and strategies for risk mitigation

    Call 2: Review your capacity management plan

    Onsite Workshop

    Module 1:

    Conduct a business impact analysis

    Module 2:

    Establish visibility into core systems

    Module 3:

    Develop a plan to project future needs

    Module 4:

    Identify and mitigate risks

     

    Phase 1 Results:

    • RTOs/RPOs
    • List of gold systems
    • Criticality matrix

    Phase 2 Results:

    • Capacity/availability monitoring strategy

    Phase 3 Results:

    • Plan for soliciting future needs
    • Future needs

    Phase 4 Results:

    • Strategies for reducing risks
    • Capacity management plan

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

     

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

     

    Conduct a business
    impact analysis

    Establish visibility into
    core systems

    Solicit and incorporate business needs

    Identify and mitigate risks

    Activities

    1.1 Conduct a business impact analysis

    1.2 Create a list of critical dependencies

    1.3 Identify critical sub-components

    1.4 Develop best practices to negotiate SLAs

    2.1 Determine indicators for sub-components

    2.2 Establish visibility into components

    2.3 Develop strategies to ameliorate visibility issues

    3.1 Gather relevant business-level data

    3.2 Gather relevant service-level data

    3.3 Analyze historical trends

    3.4 Build a list of business stakeholders

    3.5 Directly solicit requirements from the business

    3.6 Map business needs to technical requirements

    3.7 Identify inefficiencies and compare historical data

    • 4.1 Brainstorm potential causes of availability and capacity risk
    • 4.2 Identify and mitigate capacity risks
    • 4.3 Identify and mitigate availability risks

    Deliverables

    1. Business impact analysis
    2. List of gold systems
    3. SLA best practices
    1. Sub-component metrics
    2. Strategy to establish visibility into critical sub-components
    1. List of stakeholders
    2. Business requirements
    3. Technical requirements
    4. Inefficiencies
    1. Strategies for mitigating risks
    2. Completed capacity management plan template

    PHASE 1

    Conduct a Business Impact Analysis

    Step 1.1: Conduct a business impact analysis

    This step will walk you through the following activities:

    • Record applications and dependencies in the Business Impact Analysis Tool.
    • Define a scale to estimate the impact of various applications’ downtime.
    • Estimate the impact of applications’ downtime.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • Estimated impact of downtime for various applications

    Execute a business impact analysis (BIA) as part of a broader availability plan

    1.1a Business Impact Analysis Tool

    Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management

    STEP 1

    STEP 2

    STEP 3

    STEP 4

    STEP 5

    Record applications and dependencies

    Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster.

    Define impact scoring scale

    Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications.

    Estimate impact of downtime

    Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application.

    Identify desired RTO and RPO

    Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss.

    Determine current RTO/RPO

    Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step.

    Info-Tech Insight

    Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.

    Control the scope of your availability and capacity management planning project with a business impact analysis

    Don’t avoid conducting a BIA because of a perception that it’s too onerous or not necessary. If properly managed, as described in this blueprint, the BIA does not need to be onerous and the benefits are tangible.

    A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.

    The image contains a graph that is labelled: BIA Impact on Appropriate RTOS. With no BIA, there is 59% RTOs are appropriate. With BIA, there is 93% RTOS being appropriate. The image contains a graph that is labelled: BIA Impact on Appropriate Spending. No BIA has 59% indication that BCP is cost effective. With a BIA there is 86% indication that BCP is cost effective.

    Terms

    No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.

    BIA: based on a detailed evaluation or estimated dollar impact of downtime.

    Source: Info-Tech Research Group; N=70

    Select the services you wish to evaluate with the Business Impact Analysis Tool

    1.1b 1 hour

    In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.

    Instructions

    1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
    2. Solicit feedback from the group. Questions to ask:
    • What services do you regularly use? What do you see others using? (End users)
    • Which service inspires the greatest number of service calls? (IT)
    • What services are you most excited about? (Management)
    • What services are the most critical for business operations? (Everybody)
  • Record these applications in the Business Impact Analysis Tool.
  • Input

    • Applications/services

    Output

    • Candidate applications for the business impact analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect
    • Application owners
    • End users

    Info-Tech Insight

    Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.

    Record the applications and dependencies in the BIA tool

    1.1c Use tab 1 of the Business Impact Analysis Tool

    1. In the Application/System column, list the applications identified for this pilot as well as the Core Infrastructure category. Also indicate the Impact on the Business and Business Owner.
    2. List the dependencies for each application in the appropriate columns:
    • Hosted On-Premises (In-House) – If the physical equipment is in a facility you own, record it here, even if it is managed by a vendor.
    • Hosted by a Co-Lo/MSP – List any dependencies hosted by a co-lo/MSP vendor.
    • Cloud (includes "as a Service”) – List any dependencies hosted by a cloud vendor.

    Note: If there are no dependencies for a particular category, leave it blank.

  • If you wish to highlight specific dependencies, put an asterisk in front of them (e.g. *SAN). This will cause the dependency to be highlighted in the remaining tabs in this tool.
  • Add comments as needed in the Notes columns. For example, for equipment that you host in-house but is remotely managed by an MSP, specify this in the notes. Similarly, note any DR support services.
  • Example

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool specifically tab 1.

    ID is optional. It is a sequential number by default.

    In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.

    Add notes as applicable – e.g. critical support services.

    Define a scoring scale to estimate different levels of impact

    1.1d Use tab 2 of the Business Impact Analysis Tool

    Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.

    The image contains a screenshot of Info-Tech's Business Impact Analysis Tool, specifically tab 2.

    Estimate the impact of downtime for each application

    1.1e Use tab 3 of the Business Impact Analysis Tool

    In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:

      • Loss of Revenue might score a two or three depending on the proportion of overall sales lost due to the downtime.
      • The Impact on Customers might be a one or two depending on the extent that existing customers might be using the call center to purchase new products or services, and are frustrated by the inability to process orders.
      • The Legal/Regulatory Compliance and Health or Safety Risk might be a zero.

    On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.

    Rank service criticality: gold, silver, and bronze

    Gold

    Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.

    Silver

    Important to daily operations, but not mission critical. Example: email services at any large organization.

    Bronze

    Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.

    Info-Tech Best Practice

    Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.

    Use the results of the business impact analysis to sort systems based on their criticality

    1.1f 1 hour

    Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.

    Instructions

    1. Gather a group of key stakeholders and project the completed Business Impact Analysis Tool onto a screen for them.
    2. Share the definitions of gold, silver, and bronze services with them (if they are not familiar), and begin sorting the services by category,
    • How long would it take to notice if a particular service went out?
    • How important are the non-quantifiable damages that could come with an outage?
  • Sort the services into gold, silver, and bronze on a whiteboard, with sticky notes, or with chart paper.
  • Verify your findings and record them in section 2.1 of the Capacity Plan Template.
  • Input

    • Results of the business impact analysis exercise

    Output

    • List of gold, silver, and bronze systems

    Materials

    • Projector
    • Business Impact Analysis Tool
    • Capacity Plan Template

    Participants

    • Infrastructure manager
    • Enterprise architect

    Leverage the rest of the BIA tool as part of your disaster recovery planning

    Disaster recovery planning is a critical activity, and while it is a sort of availability management, it is beyond this project’s scope. You can complete the business impact analysis (including RTOs and RPOs) for the complete disaster recovery package.

    See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.

    Step 1.2: Assign criticality ratings to services

    This step will walk you through the following activities:

    • Create a list of dependencies for your most important applications.
    • Identify important sub-components.
    • Use best practices to develop and negotiate SLAs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of dependencies of most important applications
    • List of important sub-components
    • SLAs based on best practices

    Determine the base unit of the capacity you’re looking to purchase

    Not every IT organization should approach capacity the same way. Needs scale, and larger organizations will inevitably deal in larger quantities.

    Large cloud provider

    Local traditional business

    • Thousands of servers housed in a number of datacenters around the world.
    • Dedicated capacity manager.
    • Purchases components from OEMs in bulk as part of bespoke contracts that are worth many millions of dollars over time.
    • May deal with components at a massive scale (dozens of servers at once, for example).
    • A small server room that runs non-specialized services (email, for example).
    • Barely even a dedicated IT person, let alone an IT capacity manager.
    • Purchases new components from resellers or even retail stores.
    • Deals with components at a small scale (a single switch here, a server upgrade there).

    "Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."

    – Richie Mendoza, IT Consultant, SMITS Inc.

    Consider the relationship between component capacity and service capacity

    End users’ thoughts about IT are based on what they see. They are, in other words, concerned with service availability: does the organization have the ability to provide access to needed services?

    Service

    • Email
    • CRM
    • ERP

    Component

    • Switch
    • SMTP server
    • Archive database
    • Storage

    "You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."

    – Todd Evans, Capacity and Performance Management SME, IBM.

    One telco solved its availability issues by addressing component capacity issues

    CASE STUDY

    Industry: Telecommunications

    Source: Interview

    Coffee and Wi-Fi – a match made in heaven

    In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.

    Wi-Fi, whack-a-mole, and web woes

    The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.

    Resolution

    Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.

    Create a list of dependencies for your most important applications

    1.2a 1.5 hours

    Instructions

    1. Work your way down the list of services outlined in step 1, starting with your gold systems. During the first iteration of this exercise select only 3-5 of your most important systems.
    2. Write the name of each application on a sticky note or at the top of a whiteboard (leaving ample space below for dependency mapping).
    3. In the first tier below the application, include the specific services that the general service provides.
    • This will vary based on the service in question, but an example for email is sending, retrieving, retrieving online, etc.
  • For each of the categories identified in step 3, identify the infrastructure components that are relevant to that system. Be broad and sweeping; if the component is involved in the service, include it here. The goal is to be exhaustive.
  • Leave the final version of the map intact. Photographing or making a digital copy for posterity. It will be useful in later activities.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

    The image contains a sample dependency map on ride sharing. Ride Sharing has been split between two categories: Application and Drivers. Under drivers it branches out to: Availability, Car, and Pay. Under Application, it branches out to: Compute, Network, Edge devices, Q/A maintenance, and Storage. Compute branches out to Cloud Services. Network branches out to Cellular network and Local. Edge Devices branch out to Drivers and Users. Q/A maintenance does not have a following branch. Storage branches out to Storage (Enterprise) and Storage (local).

    Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.

    Leverage a sample dependency tree for a common service

    The image contains a sample dependency tree for the Email service. Email branches out to: Filtering, Archiving, Retrieval, and Send/receive. Filtering branches out to security appliance which then branches out to CPU, Storage, and Network. Archiving branches to Archive server, which branches out to CPU, Storage, and Network. Retrieval branches out to IMAP/PoP which branches out to CPU, Storage, and Network. Send/receive branches out to IMAP/PoP and SMTP. SMTP branches out to CPU, Storage and Network.

    Info-Tech Best Practice

    Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.

    Separate the wheat from the chaff; identify important sub-components and separate them from unimportant ones

    1.2b 1.5 hours

    Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.

    Instructions

    1. Record a list of the gold services identified in the previous activity. Leave space next to each service for sub-components.
    2. Go through each relevant sub-component. Highlight those that are critical and could reasonably be expected to cause problems.
    • Has this sub-component caused a problem in the past?
    • Is this sub-component a bottleneck?
    • What could cause this component to fail? Is it such an occurrence feasible?
  • Record the results of the exercise (and the service each sub-component is tied to) in tab 2 (columns B &C) of the Capacity Snapshot Tool.
  • Input

    • List of important applications

    Output

    • List of critical dependencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Understand availability commitments with SLAs

    With the rise of SaaS, cloud computing, and managed services, critical services and their components are increasingly external to IT.

    • IT’s lack of access to the internal working of services does not let them off the hook for performance issues (as much as that might be the dream).
    • Vendor management is availability management. Use the dependency map drawn earlier in this phase to highlight the components of critical services that rely on capacity that cannot be managed internally.
    • For each of these services ensure that an appropriate SLA is in place. When acquiring new services, ensure that the vendor SLA meets business requirements.

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.

    Info-Tech Insight

    Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).

    Use best practices to develop and negotiate SLAs

    1.2c 20 minutes per service

    When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.

    1. Use the business impact analysis conducted in this project’s first step to determine your requirements. How much downtime can you tolerate for your critical services?
    2. Once you have been presented with an SLA, be sure to scour it for tricks. Remember, just because a vendor offers “five nines” of availability doesn’t mean that you’ll actually get that much uptime. It could be that the vendor is comfortable eating the cost of downtime or that the contract includes provisions for planned maintenance. Whether or not the vendor anticipated your outage does little to mitigate the damage an outage can cause to your business, so be careful of these provisions.
    3. Ensure that the person ultimately responsible for the SLA (the approver) understands the limitations of the agreement and the implications for availability.

    Input

    • List of external component dependencies

    Output

    • SLA requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Infrastructure manager
    • Enterprise architect

    Info-Tech Insight

    Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.

    Negotiate internal SLAs using Info-Tech’s rigorous process

    Talking past each other can drive misalignment between IT and the business, inconveniencing all involved. Quantify your needs through an internal SLA as part of a comprehensive availability management plan.

    See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2

    The image contains a screenshot of activity 1.2 as previously described above.

    Create a list of dependencies for your most important applications

    Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.

    Phase 1 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Conduct a business impact analysis

    Proposed Time to Completion: 1 week

    Step 1.1: Create a scale to measure different levels of impact

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Use the results of the business impact analysis to sort systems based on their criticality

    With these tools & templates:

    Business Impact Analysis Tool

    Step 1.2: Assign criticality ratings to services

    Review your findings with an analyst

    Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate.

    Then complete these activities…

    • Create a list of dependencies for your most important applications
    • Identify important sub-components
    • Use best practices to develop and negotiate SLAs

    With these tools & templates:

    Capacity Snapshot Tool

    Phase 1 Results & Insights:

    • Engaging in detailed capacity planning for an insignificant service is a waste of resources. Focus on ensuring availability for your most critical systems.
    • Carefully evaluate vendors’ service offerings. Make sure the SLA works for you, and approach pie-in-the-sky promises with skepticism.

    PHASE 2

    Establish Visibility Into Core Systems

    Step 2.1: Define your monitoring strategy

    This step will walk you through the following activities:

    • Determine the indicators you should be tracking for each sub-component.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team

    Outcomes of this step

    • List of indicators to track for each sub-component

    Data has its significance—but also its limitations

    The rise of big data can be a boon for capacity managers, but be warned: not all data is created equal. Bad data can lead to bad decisions – and unemployed capacity managers.

    Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*

    1. Accuracy: is the data exact and correct? More detail and confidence is better.
    2. Reliability: is the data consistent? In other words, if you run the same test twice will you get the same results?
    3. Validity: is the information gleaned believable and relevant?

    *National College of Teaching & Leadership, “Reliability and Validity”

    "Data is king. Good data is absolutely essential to [the capacity manager] role."

    – Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Info-Tech Best Practice

    Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.

    Take advantage of technology to establish visibility into your systems

    Managing your availability and capacity involves important decisions about what to monitor and how thresholds should be set.

    • Use the list of critical applications developed through the business impact analysis and the list of components identified in the dependency mapping exercise to produce a plan for effectively monitoring component availability and capacity.
    • The nature of IT service provision – the multitude of vendors providing hardware and services necessary for even simple IT services to work effectively – means that it is unlikely that capacity management will be visible through a single pane of glass. In other words, “email” and “CRM” don’t have a defined capacity. It always depends.
    • Establishing visibility into systems involves identifying what needs to be tracked for each component.

    Too much monitoring can be as bad as the inverse

    In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.

    Info-Tech Insight

    Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.

    Determine the indicators you should be tracking for each sub-component

    2.1a Tab 3 of the Capacity Snapshot Tool

    It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.

    Instructions

    1. Open the Capacity Snapshot Tool to tab 2. The tool should have been populated in step 1.2 as part of the component mapping exercise.
    2. For each service, determine which metric(s) would most accurately tell the component’s story. Consider the following questions when completing this activity (you may end up with more than one metric):
    • How would the component’s capacity be measured (storage space, RAM, bandwidth, vCPUs)?
    • Is the metric in question actionable?
  • Record each metric in the Metric column (D) of the Capacity Snapshot Tool. Use the adjacent column for any additional information on metrics.
  • Info-Tech Insight

    Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.

    Understand the limitations of this approach

    Although we’ve striven to make it as easy as possible, this process will inevitably be cumbersome for organizations with a complicated set of software, hardware, and cloud services.

    Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:

    • A focus on gold services
    • A focus on sub-components that have a reasonable likelihood of being problematic in the future.

    Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.

    Step 2.2: Implement your monitoring tool/aggregator

    This step will walk you through the following activities:

    • Clarify visibility.
    • Determine whether or not you have sufficiently granular visibility.
    • Develop strategies to .any visibility issues.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team
    • Applications personnel

    Outcomes of this step

    • Method for measuring and monitoring critical sub-components

    Companies struggle with performance monitoring because 95% of IT shops don’t have full visibility into their environments

    CASE STUDY

    Industry: Financial Services

    Source: AppDynamics

    Challenge

    • Users are quick to provide feedback when there is downtime or application performance degradation.
    • The challenge for IT teams is that while they can feel the pain, they don’t have visibility into the production environment and thus cannot identify where the pain is coming from.
    • The most common solution that organizations rely on is leveraging the log files for issue diagnosis. However, this method is slow and often unable to pinpoint the problem areas, leading to delays in problem resolution.

    Solution

    • Application and infrastructure teams need to work together to develop infrastructure flow maps and transaction profiles.
    • These diagrams will highlight the path that each transaction travels across your infrastructure.
    • Ideally at this point, teams will also capture latency breakdowns across every tier that the business transaction flows through.
      • This will ultimately kick start the baselining process.

    Results

    • Ninety-five percent of IT departments don’t have full visibility into their production environment. As a result, a slow business transaction will often require a war-room approach where SMEs from across the organization gather to troubleshoot.
    • Having visibility into the production environment through infrastructure flow mapping and transaction profiling will help IT teams pinpoint problems.
      • At the very least, teams will be able to identify common problem areas and expedite the root-cause analysis process.

    Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics

    Monitor your critical sub-components

    Establishing a monitoring plan for your capacity involves answering two questions: can I see what I need to see, and can I see it with sufficient granularity?

    • Having the right tool for the job is an important step towards effective capacity and availability management.
    • Application performance management tools (APMs) are essential to the process, but they tend to be highly specific and vertically oriented, like using a microscope.
    • Some product families can cover a wider range of capacity monitoring functions (SolarWinds, for example). It is still important, however, to codify your monitoring needs.

    "You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."

    – Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group

    Monitor your sub-components: clarify visibility

    2.2a Tab 2 of the Capacity Snapshot Tool

    The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.

    Instructions

    1. Open the Capacity Snapshot Tool and record the list of sub-components identified in the previous step.
    2. For each sub-component answer the following question:
    • Do I have easy access to the information I need to monitor to ensure this component remains available?
  • Select “Yes” or “No” from the drop-down menus as appropriate. In the adjacent column record details about visibility into the component.
    • What tool provides the information? Where can it be found?

    The image contains a screenshot of Info-Tech's Capacity Snapshot Tool, Tab 2.

    Monitor your sub-components; determine whether or not you have sufficient granular visibility

    2.2b Tab 2 of the Capacity Snapshot Tool

    Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.

    Instructions

    1. For each of the sub-components clarify the appropriate level of granularity for the visibility gained to be useful. In the case of storage, for example, is raw usage (in gigabytes) sufficient, or do you need a breakdown of what exactly is taking up the space? The network might be more complicated.
    2. Record the details of this ideation in the adjacent column.
    3. Select “Yes” or “No” from the drop-down menu to track the status of each sub-component.

    The image contains a picture of an iPhone storage screen where it breaks down the storage into the following categories: apps, media, photos, and other.

    For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.

    Info-Tech Insight

    Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.

    Develop strategies to ameliorate any visibility issues

    2.2c 1 hour

    The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.

    Instructions

    1. Write each of the yellow and red sub-components on a whiteboard or piece of chart paper.
    2. Brainstorm amelioration strategies for each of the problematic sub-components.
    • Does the current monitoring tool have sufficient functionality?
    • Does it need to be further configured/customized?
    • Do we need a whole new tool?
  • Record these strategies in the Amelioration Strategy column on tab 4 of the tool.
  • Input

    • Sub-components
    • Capacity Snapshot Tool

    Output

    • Amelioration strategies

    Materials

    • Whiteboard
    • Markers
    • Capacity Snapshot Tool

    Participants

    • Infrastructure manager

    Info-Tech Best Practice

    It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.

    See Info-Tech’s projects on storage and network modernization for additional details

    Leverage other products for additional details on how to modernize your network and storage services.

    The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.

    As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2

    The image contains a screenshot of activity 2.2.

    Develop strategies to ameliorate visibility issues

    The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish visibility into core systems

    Proposed Time to Completion: 3 weeks

    Step 2.1: Define your monitoring strategy

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Determine the indicators you should be tracking for each sub-component

    With these tools & templates:

    • Capacity Snapshot Tool

    Step 2.2: Implement your monitoring tool/aggregator

    Review your findings with an analyst

    Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization.

    Then complete these activities…

    • Clarify visibility
    • Determine whether or not you have sufficiently granular visibility
    • Develop strategies to ameliorate any visibility issues

    With these tools & templates:

    • Capacity Snapshot Tool

    Phase 2 Results & Insights:

    • Every organization’s data needs are different. Adapt data gathering, reporting, and analysis according to your services, delivery model, and business requirements.
    • Don’t confuse monitoring with management. Build a system to turn reported data into useful information that feeds into the capacity management process.

    PHASE 3

    Solicit and Incorporate Business Needs

    Step 3.1: Solicit business needs and gather data

    This step will walk you through the following activities:

    • Build relationships with business stakeholders.
    • Analyze usage data and identify trends.
    • Correlate usage trends with business needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • System for involving business stakeholders in the capacity planning process
    • Correlated data on business level, service level, and infrastructure level capacity usage

    Summarize your capacity planning activities in the Capacity Plan Template

    The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.

    The image contains a screenshot of Info-Tech's Capacity Plan Template.

    Info-Tech Best Practice

    The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.

    Analyze historical trends as a crucial source of data

    The first place to look for information about your organization is not industry benchmarks or your gut (though those might both prove useful).

    • Where better to look than internally? Use the data you’ve gathered from your APM tool or other sources to understand your historical capacity needs and to highlight any periods of unavailability.
    • Consider monitoring the status of the capacity of each of your crucial components. The nature of this monitoring will vary based on the component in question. It can range from a rough Excel sheet all the way to a dedicated application performance monitoring tool.

    "In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."

    – Mike Lynch, Consultant, CapacityIQ

    Gather relevant data at the business level

    3.1a 2 hours per service

    A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.

    Instructions

    1. Your service/application owners know how changes in business activities impact their systems. Business level capacity management involves responding to those changes. Ask service/application owners what changes will impact their capacity. Examples include:
    • Business volume (net new customers, number of transactions)
    • Staff changes (new hires, exits, etc.)
  • For each gold service, brainstorm relevant metrics. How can you capture that change in business volume?
  • Record these metrics in the summary card of the Capacity Plan Template.
  • In the notes section of the summary card record whether or not you have access to the required business metric.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Business level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Gather relevant data at the service level

    3.1b 2 hours per service

    One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.

    Instructions

    1. There should be internal SLAs for each service IT offers. (If not, that’s a good place to start. See Info-Tech’s research on the subject.) Prod each of your service owners for information on the metrics that are relevant for their SLAs. Consider the following:
    • Peak hours, requests per second, etc.
    • This will usually include some APM data.
  • Record these metrics in the summary card of the Capacity Plan Template.
  • Include any visibility issues in the notes in a similar section of the Capacity Plan Template.
  • Input

    • Brainstorming
    • List of gold services

    Output

    • Service level data

    Materials

    • In-house solution or commercial tool

    Participants

    • Capacity manager
    • Application/service owners

    Leverage the visibility into your infrastructure components and compare all of your data over time

    You established visibility into your components in the second phase of this project. Use this data, and that gathered at the business and service levels, to begin analyzing your demand over time.

    • Different organizations will approach this issue differently. Those with a complicated service catalog and a dedicated capacity manager might employ a tool like TeamQuest. If your operation is small, or you need to get your availability and capacity management activities underway as quickly as possible, you might consider using a simple spreadsheet software like Excel.
    • If you choose the latter option, select a level of granularity (monthly, weekly, etc.) and produce a line graph in Excel.
    • Example: Employee count (business metric)

    Jan

    Feb

    Mar

    Apr

    May

    June

    July

    74

    80

    79

    83

    84

    100

    102

    The image contains a graph using the example of employee count described above.

    Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.

    Manage, don’t just monitor; mountains of data need to be turned into information

    Information lets you make a decision. Understand the questions you don’t need to ask, and ask the right ones.

    "Often what is really being offered by many analytics solutions is just more data or information – not insights."

    – Brent Dykes, Director of Data Strategy, Domo

    Info-Tech Best Practice

    You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.

    Analyze historical trends and track your services’ status

    3.1c Tab 3 of the Capacity Snapshot Tool

    At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.

    Instructions

    1. Consult infrastructure leaders for information about lead times for new capacity for relevant sub-components and include that information in the tool.
    • Look to historical lead times. (How long does it traditionally take to get more storage?)
    • If you’re not sure, contact an in-house expert, or speak to your vendor
  • Use tab 3 of the tool to record whether your existing capacity will be exceeded before you can stand more hardware up (red), you have a plan to ameliorate capacity issues but new capacity is not yet in place (yellow), or if you are not slated to run out of capacity any time soon (green).
  • Repeat the activity regularly. Include notes about spikes that might present capacity challenges, and information about when capacity may run out.
  • This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.

    Build a list of key business stakeholders

    3.1d 10 minutes

    Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.

    Instructions

    1. With the infrastructure team, brainstorm a group of departments, roles, and people who may impact demand on capacity.
    2. Go through the list with your team and identify stakeholders from two groups:
    • Line of business: who in the business makes use of the service?
    • Application owner: who in IT is responsible for ensuring the service is up?
  • Insert the list into section 3 of the Capacity Plan Template, and update as needed.
  • Input

    • Gold systems
    • Personnel Information

    Output

    • List of key business stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.

    Organize stakeholder meetings

    3.1e 10 hours

    Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.

    Instructions

    1. Gather as many of the stakeholders identified in the previous activity as you can and present information on availability and capacity management
    • If you can’t get everyone in the same room, a virtual meeting or even an email blast could get the job done.
  • Explain the importance of capacity and availability management
    • Consider highlighting the trade-offs between cost and availability.
  • Field any questions the stakeholders might have about the process. Be honest. The goal of this meeting is to build trust. This will come in handy when you’re gathering business requirements.
  • Propose a schedule and seek approval from all present. Include the results in section 3 of the Capacity Plan Template.
  • Input

    • List of business stakeholders
    • Hard work

    Output

    • Working relationship, trust
    • Regular meetings

    Materials

    • Work ethic
    • Executive brief

    Participants

    • Capacity manager
    • Business stakeholders

    Info-Tech Insight

    The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.

    Bake stakeholders into the planning process

    3.1f Ongoing

    Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.

    1. Develop a system to involve stakeholders regularly in the capacity planning process.
    • Your system will vary depending on the structure and culture of your organization.
    • See the case study on the following slide for ideas.
    • It may be as simple as setting a recurring reminder in your own calendar to touch base with stakeholders.
  • Liaise with stakeholders regularly to keep abreast of new developments.
    • Ensure stakeholders have reasonable expectations about IT’s available resources, the costs of providing capacity, and the lead times required to source additional needed capacity.
  • Draw on these stakeholders for the step “Gather information on business requirements” later in this phase.
  • Input

    • List of business stakeholders
    • Ideas

    Output

    • Capacity planning process that involves stakeholders

    Materials

    • Meeting rooms

    Participants

    • Capacity manager
    • Business stakeholders
    • Infrastructure team

    A capacity manager in financial services wrangled stakeholders and produced results

    CASE STUDY

    Industry: Financial Services

    Source: Interview

    In financial services, availability is king

    In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.

    People know what they want, but sometimes they have to be herded

    While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.

    Proactively building relationships keeps services available

    He built relationships with all the department heads on the business side, and all the application owners.

    • He met with department heads quarterly.
    • He met with application owners and business liaisons monthly.

    He established a steering committee for capacity.

    He invited stakeholders to regular capacity planning meetings.

    • The first half of each meeting was high-level outlook, such as business volume and IT capacity utilization, and included stakeholders from other departments.
    • The second half of the meeting was more technical, serving the purpose for the infrastructure team.

    He scheduled lunch and learn sessions with business analysts and project managers.

    • These are the gatekeepers of information, and should know that IT needs to be involved when things come down the pipeline.

    Step 3.2: Analyze data and project future needs

    This step will walk you through the following activities:

    • Solicit needs from the business.
    • Map business needs to technical requirements, and technical requirements to infrastructure requirements.
    • Identify inefficiencies in order to remedy them.
    • Compare the data across business, component, and service levels, and project your capacity needs.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Model of how business processes relate to technical requirements and their demand on infrastructure
    • Method for projecting future demand for your organization’s infrastructure
    • Comparison of current capacity usage to projected demand

    “Nobody tells me anything!” – the capacity manager’s lament

    Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”

    In brief

    The image contains a picture of a man appearing to be overwhelmed.

    Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”

    Pictured: an artist’s rendering of the capacity manager in question.

    Directly solicit requirements from the business

    3.2a 30 minutes per stakeholder

    Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.

    Instructions

    1. Schedule a one-on-one meeting with each line of business manager (stakeholders identified in 3.1). Ideally this will be recurring.
    • Experienced capacity managers suggest doing this monthly.
  • In the meeting address the following questions:
    • What are some upcoming major initiatives?
    • Is the department going to expand or contract in a noticeable way?
    • Have customers taken to a particular product more than others?
  • Include the schedule in the Capacity Plan Template, and consider including details of the discussion in the notes section in tab 3 of the Capacity Snapshot Tool.
  • Input

    • Stakeholder opinions

    Output

    • Business requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.

    Below, you will find more details about what to look for when soliciting information from the line of business manager you’ve roped into your scheme.

    1. Consider the following:
    • Projected sales pipeline
    • Business growth
    • Seasonal cycles
    • Marketing campaigns
    • New applications and features
    • New products and services
  • Encourage business stakeholders to give you their best guess for elements such as projected sales or business growth.
  • Estimate variance and provide a range. What can you expect at the low end? The high end? Record your historical projections for an idea of how accurate you are.
  • Consider carefully the infrastructure impact of new features (and record this in the notes section of the Capacity Snapshot Tool).
  • Directly solicit requirements from the business (optional)

    3.2a 1 hour

    IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.

    Instructions

    1. Gather your IT staff in a room with a whiteboard. As a group, select a gold service/line of business manager you would like to use as a “practice dummy.”
    2. Have everyone write down a question they would ask of the line of business representative in a hypothetical business/service capacity discussion.
    3. As a group discuss the merits of the questions posed:
    • Are they likely to yield productive information?
    • Are they too vague or specific?
    • Is the person in question likely to know the answer?
    • Is the information requested a guarded trade secret?
  • Discuss the findings and include any notes in section 3 of the Capacity Plan Template.
  • Input

    • Workshop participants’ ideas

    Output

    • Interview skills

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Capacity manager
    • Infrastructure staff

    Map business needs to technical requirements, and technical requirements to infrastructure requirements

    3.2b 5 hours

    When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.

    Instructions

    1. Use your notes from stakeholder meetings to assess the impact of any changes on gold systems.
    2. For each system brainstorm with infrastructure staff (and any technical experts as necessary) about what the information gleaned from stakeholder discussions. Consider the following discussion points:
    • How has demand for the service been trending? Does it match what the business is telling us?
    • Have we had availability issues in the past?
    • Has the business been right with their estimates in the past?
  • Estimate what a change in business/service metrics means for capacity.
    • E.g. how much RAM does a new email user require?
  • Record the output in the summary card of the Capacity Plan Template.
  • Input

    • Business needs

    Output

    • Technical and infrastructure requirements

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data

    Avoid putting too much faith in the cloud as a solution to your problem

    Has the rise of on-demand, functionally unlimited services eliminated the need for capacity and availability management?

    Capacity management

    The role of the capacity manager is changing, but it still has a purpose. Consider this:

    • Not everything can move to the cloud. For security/functionality reasons, on-premises infrastructure will continue to exist.
    • Cost management is more relevant than ever in the cloud age. Manage your instances.
    • While a cloud migration might render some component capacity management functions irrelevant, it could increase the relevance of others (the network, perhaps).

    Availability management

    Ensuring services are available is still IT’s wheelhouse, even if that means a shift to a brokerage model:

    • Business availability requirements (as part of the business impact analysis, potentially) are important; internal SLAs and contracts with vendors need to be managed.
    • Even in the cloud environment, availability is not guaranteed. Cloud providers have outages (unplanned, maintenance related, etc.) and someone will have to understand the limitations of cloud services and the impact on availability.

    Info-Tech Insight

    The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.

    Beware Parkinson’s law

    A consequence of our infinite capacity for creativity, people have the enviable skill of making work. In 1955, C. Northcote Parkinson pointed out this fact in The Economist . What are the implications for capacity management?

    "It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."

    C. Northcote Parkinson, The Economist, 1955

    Info-Tech Insight

    If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.

    Optimally align demand and capacity

    When it comes to managing your capacity, look for any additional efficiencies.

    Questions to ask:

    • Are there any infrastructure services that are not being used to their full potential, sitting idle, or allocated to non-critical or zombie functions?
      • Are you managing your virtual servers? If, for example, you experience a seasonal spike in demand, are you leaving virtual machines running after the fact?
    • Do your organization’s policies and your infrastructure setup allow for the use of development resources for production during periods of peak demand?
    • Can you make organizational or process changes in order to satisfy demand more efficiently?

    In brief

    Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.

    Shutting off an idle cloud to cut costs

    CASE STUDY

    Industry:Professional Services

    Source:Interview

    24/7 AWS = round-the-clock costs

    A senior developer realized that his development team had been leaving AWS instances running without any specific reason.

    Why?

    The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.

    Resolution

    In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.

    Identify inefficiencies in order to remediate them

    3.2c 20 minutes per service

    Instructions

    1. Gather the infrastructure team together and discuss existing capacity and demand. Use the inputs from your data analysis and stakeholder meetings to set the stage for your discussion.
    2. Solicit ideas about potential inefficiencies from your participants:
    • Are VMs effectively allocated? If you need 7 VMs to address a spike, are those VMs being reallocated post-spike?
    • Are developers leaving instances running in the cloud?
    • Are particular services massively overprovisioned?
    • What are the biggest infrastructure line items? Are there obvious opportunities for cost reduction there?
  • Record any potential opportunities in the summary of the Capacity Plan Template.
  • Input

    • Gold systems
    • Data inputs

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.

    Dodging the toll troll by rerouting traffic

    CASE STUDY

    Industry:Telecommunications

    Source: Interview

    High-cost lines

    The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.

    Paying the toll troll

    These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.

    Resolution

    The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.

    Compare the data across business, component, and service levels, and project your capacity needs

    3.2d 2 hour session/meeting

    Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.

    Instructions

    1. Using either a dedicated tool or generic spreadsheet software like Excel or Sheets, evaluate capacity trends. Ask the following questions:
    • Are there times when application performance degraded, and the service level was disrupted?
    • Are there times when certain components or systems neared, reached, or exceeded available capacity?
    • Are there seasonal variations in demand?
    • Are there clear trends, such as ongoing growth of business activity or the usage of certain applications?
    • What are the ramifications of trends or patterns in relation to infrastructure capacity?
  • Use the insight gathered from stakeholders during the stakeholder meetings, project required capacity for the critical components of each gold service.
  • Record the results of this activity in the summary card of the Capacity Plan Template.
  • Compare current capacity to your projections

    3.2e Section 5 of the Capacity Plan Template

    Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*

    Instructions

    1. Compare your projections with your reality. You already know whether or not you have enough capacity given your lead times. But do you have too much? Compare your sub-component capacity projections to your current state.
    2. Highlight any outliers. Is there a particular service that is massively overprovisioned?
    3. Evaluate the reasons for the overprovisioning.
    • Is the component critically important?
    • Did you get a great deal on hardware?
    • Is it an oversight?
  • Record the results in the notes section of the summary card of the Capacity Plan Template.
  • *Office of Government Commerce 2001, 119.

    In brief

    The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2

    The image contains a screenshot of activity 3.2.

    Map business needs to technical requirements and technical requirements to infrastructure requirements

    The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Solicit and incorporate business needs

    Proposed Time to Completion: 2 weeks

    Step 3.1: Solicit business needs and gather data

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Analyze historical trends and track your services’ status
    • Build a list of key business stakeholders
    • Bake stakeholders into the planning process

    With these tools & templates:

    Capacity Plan Template

    Step 3.2: Analyze data and project future needs

    Review your findings with an analyst

    Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis.

    Then complete these activities…

    • Map business needs to technical requirements and technical requirements to infrastructure requirements
    • Compare the data across business, component, and service levels, and project your capacity needs
    • Compare current capacity to your projections

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 3 Results & Insights:

    • Develop new business processes that more closely align your role with business stakeholders. Building these relationships takes hard work, and won’t happen overnight.
    • Take a holistic approach to eliminate unnecessary infrastructure usage or source capacity more efficiently.

    PHASE 4

    Identify and Mitigate Risks

    Step 4.1: Identify and mitigate risks

    This step will walk you through the following activities:

    • Identify potential risks.
    • Determine strategies to mitigate risks.
    • Complete your capacity management plan.

    This involves the following participants:

    • Capacity manager
    • Infrastructure team members
    • Business stakeholders

    Outcomes of this step

    • Strategies for reducing risks
    • Capacity management plan

    Understand what happens when capacity/availability management fails

    1. Services become unavailable. If availability and capacity management are not constantly practiced, an inevitable consequence is downtime or a reduction in the quality of that service. Critical sub-component failures can knock out important systems on their own.
    2. Money is wasted. In response to fears about availability, it’s entirely possible to massively overprovision or switch entirely to a pay-as-you-go model. This, unfortunately, brings with it a whole host of other problems, including overspending. Remember: infinite capacity means infinite potential cost.
    3. IT remains reactive and is unable to contribute more meaningfully to the organization. If IT is constantly putting out capacity/availability-related fires, there is no room for optimization and activities to increase organizational maturity. Effective availability and capacity management will allow IT to focus on other work.

    Mitigate availability and capacity risks

    Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.

    Causes of availability issues:

    • Poor capacity management – a service becomes unavailable when there is insufficient supply to meet demand. This is the result of poor capacity management.
    • Scheduled maintenance – services go down for maintenance with some regularity. This needs to be baked into service-level negotiations with vendors.
    • Vendor outages – sometimes vendors experience unplanned outages. There is typically a contract provision that covers unplanned outages, but that doesn’t change the fact that your service will be interrupted.

    Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.

    Causes of capacity issues:

    • Poor demand management – allowing users to run amok without any regard for how capacity is sourced and paid for.
    • Massive changes in legitimate demand – more usage means more demand.
    • Poor capacity planning – predictable changes in demand that go unaddressed can lead to capacity issues.

    Add additional potential causes of availability and capacity risks as needed

    4.1a 30 minutes

    Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.

    Instructions

    1. Gather the group together. Go around the room and have participants provide examples of incidents and problems that have been the result of availability and capacity issues.
    2. Pose questions to the group about the source of those availability and capacity issues.
    • What could have been done differently to avoid these issues?
    • Was the availability/capacity issue a result of a faulty internal/external SLA?
  • Record the results of the exercise in sections 4.1 and 4.2 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Additional sources of availability and capacity risks

    Materials

    • Capacity Plan Template

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.

    Identify capacity risks and mitigate them

    4.1b 30 minutes

    Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Record risks to capacity you have identified in earlier activities.
    • Refer to the Capacity Snapshot Tool for components that are highlighted in red and yellow. These are specific components that present special challenges. Identify the risk(s) in as much detail as possible. Include service and business risks as well.
    • Examples: a marketing push will put pressure on the web server; a hiring push will require more Office 365 licenses; a downturn in registration will mean that fewer VMs will be required to run the service.

    Input

    • Capacity Snapshot Tool results

    Output

    • Inefficiencies

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify capacity risks and mitigate them (cont.)

    4.1b 1.5 hours

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance: responding to the risk is costlier than acknowledging its existence without taking any action. For gold systems, acceptance is typically not acceptable.
    • Mitigation: limiting/reducing, eliminating, or transferring risk (Herrera) comprise the sort of mitigation discussed here.
      • Limiting/reducing: taking steps to improve the capacity situation, but accepting some level of risk (spinning up a new VM, pushing back on demands from the business, promoting efficiency).
      • Eliminating: the most comprehensive (and most expensive) mitigation strategy, elimination could involve purchasing a new server or, at the extreme end, building a new datacenter.
      • Transfer: “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of the Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Capacity risk mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Insight

    It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

    Identify availability risks and mitigate them

    4.1c 30 minutes

    While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.

    Instructions

    1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
    2. Begin brainstorming general availability risks based on the following sources of information/categories:
    • Vendor outages
    • Disaster recovery
    • Historical availability issues

    The image contains a large blue circle labelled: Availability. Also in the blue circle is a small red circle labelled: Capacity.

    Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Info-Tech Best Practice

    A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.

    Identify availability risks and mitigate them (cont.)

    4.1c 1.5 hours

    Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.

    Instructions (cont.)

    1. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:
    • Acceptance – responding to the risk is costlier than taking it on. Some unavailability is inevitable, between maintenance and unscheduled downtime. Record this, though it may not require immediate action.
    • Mitigation strategies:
      • Limiting/reducing – taking steps to increase availability of critical systems. This could include hot spares for unreliable systems or engaging a new vendor.
      • Eliminating – the most comprehensive (and most expensive) mitigation strategy. It could include selling.
      • Transfer – “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?
  • Record the results of this exercise in section 5 of Capacity Plan Template.
  • Input

    • Capacity Snapshot Tool results

    Output

    • Availability risks and mitigations

    Materials

    • Whiteboard
    • Markers

    Participants

    • Capacity manager
    • Infrastructure staff

    Iterate on the process and present your completed availability and capacity management plan

    The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.

    The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.

    Info-Tech Insight

    Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

    The image contains a picture of an Info-Tech analyst.

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    The image contains a screenshot of activity 4.1.

    Identify capacity risks and mitigate them

    The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.

    Phase 4 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Identify and mitigate risks

    Proposed Time to Completion: 1 week

    Step 4.1: Identify and mitigate risks

    Review your findings with an analyst

    • Discuss your potential risks and your strategies for mitigating those risks.

    Then complete these activities…

    • Identify capacity risks and mitigate them
    • Identify availability risks and mitigate them
    • Complete your capacity management plan

    With these tools & templates:

    Capacity Snapshot Tool

    Capacity Plan Template

    Phase 4 Results & Insights:

    • Be a problem solver and prove IT’s value to the organization. Capacity management allows infrastructure to drive business value.
    • Iterate and share results. Reinforce your relationships with stakeholders and continue to refine how capacity management transforms your organization’s business processes.

    Insight breakdown

    Insight 1

    Components are critical to availability and capacity management.

    The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.

    Insight 2

    Ask what the business is working on, not what they need.

    If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.

    Insight 3

    Cloud shmoud.

    The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.

    Summary of accomplishment

    Knowledge Gained

    • Impact of downtime on the organization
    • Gold systems
    • Key dependencies and sub-components
    • Strategy for monitoring components
    • Strategy for soliciting business needs
    • Projected capacity needs
    • Availability and capacity risks and mitigations

    Processes Optimized

    • Availability management
    • Capacity management

    Deliverables Completed

    • Business Impact Analysis
    • Capacity Plan Template

    Project step summary

    Client Project: Develop an Availability and Capacity Management Plan

    1. Conduct a business impact analysis
    2. Assign criticality ratings to services
    3. Define your monitoring strategy
    4. Implement your monitoring tool/aggregator
    5. Solicit business needs and gather data
    6. Analyze data and project future needs
    7. Identify and mitigate risks

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery via Info-Tech Guided Implementation.

    Research contributors and experts

    The image contains a picture of Adrian Blant.

    Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

    Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.

    The image contains a picture of James Zhang.

    James Zhang, Senior Manager Disaster Recovery, AIG Technology

    James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.

    The image contains a picture of Mayank Banerjee.

    Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh

    Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.

    The image contains a picture of Mike Lynch

    Mike Lynch, Consultant, CapacityIQ

    Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.

    The image contains a picture of Paul Waguespack.

    Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan

    Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.

    The image contains a picture of Richie Mendoza.

    Richie Mendoza, IT Consultant, SMITS Inc.

    Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.

    The image contains a picture of Rob Thompson.

    Rob Thompson, President, IT Tools & Process

    Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.

    Todd Evans, Capacity and Performance Management SME, IBM

    Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.

    Bibliography

    451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.

    Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.

    Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.

    Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.

    “Availability Management.” ITIL and ITSM World. 2001. Web.

    Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.

    Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.

    BMC Capacity Optimization. BMC. 24 Oct 2017. Web.

    Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.

    "Capacity and Availability Management." CMMI Institute. April 2017. Web.

    Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.

    Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.

    "Capacity Management." Techopedia.

    “Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.

    Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.

    Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.

    Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.

    “Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,

    Capacity Plan Template. Purainfo. 11 Oct 2012. Web.

    “Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.

    Capacity Planning. CDC. Web. Aug. 2017.

    "Capacity Planning." TechTarget. 24 Oct 2017. Web.

    “Capacity Planning and Management.” BMC. 24 Oct 2017. Web.

    "Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.

    Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.

    Evolved Capacity Management. CA Technologies. Oct. 2013. Web.

    Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.

    Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.

    Glossary. Exin. Aug. 2017. Web.

    Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.

    Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.

    “How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.

    Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.

    IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.

    "ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.

    “Just-in-time.” The Economist. 6 Jul 2009. Web.

    Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.

    Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.

    Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.

    Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.

    Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.

    Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.

    Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.

    National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,

    Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.

    Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.

    Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.

    Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.

    “Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.

    Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.

    “Reliability and Validity.” UC Davis. N.d. Web.

    "Role: Capacity Manager." IBM. 2008. Web.

    Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.

    S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.

    Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.

    Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.

    “The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.

    Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.

    Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.

    "Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.

    "What is IT Capacity Management?" Villanova U. Aug. 2017. Web.

    Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.

    Beyond Survival

    • Buy Link or Shortcode: {j2store}204|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Consumer, customer, employee, and partner behavior has changed; new needs have arisen as a result of COVID-19. Entire business models had to be rethought and revised – in real time with no warning.
    • And worse, no one knows when (or even if) the pandemic will end. The world and the economy will continue to be highly uncertain, unpredictable, and vulnerable for some time.
    • Business leaders need to continue experimenting to stay in business, protect employees and supply chains, manage financial obligations, allay consumer and employee fears, rebuild confidence, and protect trust.
    • How do organizations know whether their new business tactics are working?

    Our Advice

    Critical Insight

    • We can learn many lessons from those who have survived and are succeeding.
    • They have one thing in common though – they rely on data and analytics to help people think and know how to respond, evaluate effectiveness of new business tactics, uncover emerging trends to feed innovation, and minimize uncertainty and risk.
    • This mini-blueprint highlights organizations and use cases where data, analytics, and AI deliver tangible business and human value now and in the future.

    Impact and Result

    • Learn from the pandemic survivors and super-achievers so that you too can hit the ground running in the new normal. Even better – go beyond survival, like many of them have done. Create your future by leveraging and scaling up your data and analytics investments. It is not (yet) too late, and Info-Tech can help.

    Beyond Survival Research & Tools

    Beyond Survival

    Use data, analytics, and AI to reimagine the future and thrive in the new normal.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Beyond Survival Storyboard
    [infographic]

    Maximize Your American Rescue Plan Funding

    • Buy Link or Shortcode: {j2store}74|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $661,499 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Will funding from COVID-19 stimulus opportunities mean more human and financial resources for IT?
    • Are there governance processes in place to successfully execute large projects?
    • What does a large, one-time influx of capital mean for keeping-the-lights-on budgets?
    • How will ARP funding impact your internal resourcing?
    • How can you ensure that IT is not left behind or an afterthought?

    Our Advice

    Critical Insight

    • Seek a one-to-many relationship between IT solutions and business problems. Use the central and overarching nature of IT to identify one solution to multiple business problems that span multiple programs, departments, and agencies.
    • Lack of specific guidance should not be a roadblock to starting. Be proactive by initiating the planning process so that you are ready to act as soon as details are clear.
    • IT involvement is the lynchpin for success. The pandemic has made this theme self-evident, and it needs to stay that way.
    • The fact that this funding is called COVID-19 relief might make you think you should only use it for recovery, but actually it should be viewed as an opportunity to help the organization thrive post-pandemic.

    Impact and Result

    • Shift IT’s role from service provider to innovator. Take ARP funding as a once-in-a-lifetime opportunity to create future enterprise capabilities by thinking big to consider IT innovation that can transform the business and its initiatives for the post-pandemic world.
    • Whether your organization is eligible for a direct or an indirect transfer, be sure you understand the requirements to apply for funding internally through a business case or externally through a grant application.
    • Gain the skills to execute the project with confidence by developing a comprehensive statement of work and managing your projects and vendor relationships effectively.

    Maximize Your American Rescue Plan Funding Research & Tools

    Use our research to help maximize ARP funding.

    Follow Info-Tech's approach to think big, align with the business, analyze budget and staffing, execute with confidence, and ensure compliance and reporting.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    [infographic]

    Workshop: Maximize Your American Rescue Plan Funding

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Think Big

    The Purpose

    Push the boundaries of conventional thinking and consider IT innovations that truly transform the business.

    Key Benefits Achieved

    A list of innovative IT opportunities that your IT department can use to transform the business

    Activities

    1.1 Discuss the objectives of ARP and what they mean to IT departments.

    1.2 Identify drivers for change.

    1.3 Review IT strategy.

    1.4 Augment your IT opportunities list.

    Outputs

    Revised IT vision

    List of innovative IT opportunities that can transform the business

    2 Align With the Business

    The Purpose

    Partner with the business to reprioritize projects and initiatives for the post-pandemic world.

    Key Benefits Achieved

    Assessment of the organization’s new and existing IT opportunities and alignment with business objectives

    Activities

    2.1 Assess alignment of current and new IT initiatives with business objectives.

    2.2 Review and update prioritization criteria for IT projects.

    Outputs

    Preliminary list of IT initiatives

    Revised project prioritization criteria

    3 Analyze IT Budget and Staffing

    The Purpose

    Identify IT budget deficits resulting from pandemic response and discover opportunities to support innovation through new staff and training.

    Key Benefits Achieved

    Prioritized shortlist of business-aligned IT initiative and projects

    Activities

    3.1 Classify initiatives into project categories using ROM estimates.

    3.2 Identify IT budget needs for projects and ongoing services.

    3.3 Identify needs for new staff and skills training.

    3.4 Determine business benefits of proposed projects.

    3.5 Prioritize your organization’s projects.

    Outputs

    Prioritized shortlist of business-aligned IT initiatives and projects

    4 Plan Next Steps

    The Purpose

    Tie IT expenditures to direct transfers or link them to ARP grant opportunities.

    Key Benefits Achieved

    Action plan to obtain ARP funding

    Activities

    4.1 Tie projects to direct transfers, where applicable.

    4.2 Align list of projects to indirect ARP grant opportunities.

    4.3 Develop an action plan to obtain ARP funding.

    4.4 Discuss required approach to project governance.

    Outputs

    Action plan to obtain ARP funding

    Project governance gaps

    Do you believe in absolute efficiency?

    Weekend read. Hence I post this a bit later on Friday.
    Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

    Register to read more …

    Legacy Active Directory Environment

    • Buy Link or Shortcode: {j2store}471|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    You are looking to lose your dependency on Active Directory (AD), and you need to tackle infrastructure technical debt, but there are challenges:

    • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
    • You are unaware of what processes depend on AD and how integrated they are.
    • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.

    Our Advice

    Critical Insight

    • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
    • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
    • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

    Impact and Result

    Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.

    Legacy Active Directory Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Legacy Active Directory Environment Deck – Legacy AD was never built for modern infrastructure. Understand the history and future of Active Directory and what alternatives are in the market.

    Build all new systems with cloud integration in mind. Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code.

    • Legacy Active Directory Environment Storyboard
    [infographic]

    Further reading

    Legacy Active Directory Environment

    Kill the technical debt of your legacy Active Directory environment.

    Analyst Perspective

    Understand what Active Directory is and why Azure Active Directory does not replace it.

    It’s about Kerberos and New Technology LAN Manager (NTLM).

    The image contains a picture of John Donovan.

    Many organizations that want to innovate and migrate from on-premises applications to software as a service (SaaS) and cloud services are held hostage by their legacy Active Directory (AD). Microsoft did a good job taking over from Novell back in the late 90s, but its hooks into businesses are so deep that many have become dependent on AD services to manage devices and users, when in fact AD falls far short of needed capabilities, restricting innovation and progress.

    Despite Microsoft’s Azure becoming prominent in the world of cloud services, Azure AD is not a replacement for on-premises AD. While Azure AD is a secure authentication store that can contain users and groups, that is where the similarities end. In fact, Microsoft itself has an architecture to mitigate the shortcomings of Azure AD by recommending organizations migrate to a hybrid model, especially for businesses that have an in-house footprint of servers and applications.

    If you are a greenfield business and intend to take advantage of software, infrastructure, and platform as a service (SaaS, IaaS, and PaaS), as well as Microsoft 365 in Azure, then Azure AD is for you and you don’t have to worry about the need for AD.

    John Donovan
    Principal Director, I&O Practice
    Info-Tech Research Group

    Insight Summary

    Legacy AD was never built for modern infrastructure

    When Microsoft built AD as a free component for the Windows Server environment to replace Windows NT before the demise of Novell Directory Services in 2001, it never meant Active Directory to work outside the corporate network with Microsoft apps and devices. While it began as a central managing system for users and PCs on Microsoft operating systems, with one user per PC, the IT ecosystem has changed dramatically over the last 20 years, with cloud adoption, SaaS, IaaS, PaaS, and everything as a service. To make matters worse, work-from-anywhere has become a serious security challenge.

    Build all new systems with cloud integration in mind

    Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code. Ensure you are engaged when the business is assessing new apps. Stop the practice of the business purchasing apps without IT’s involvement; for example, if your marketing department is asking you for your Domain credentials for a vendor when you were not informed of this purchase.

    Hybrid AD is a solution but not a long-term goal

    Economically, Microsoft has no interest in replacing AD anytime soon. Microsoft wants that revenue and has built components like Azure AD Connect to mitigate the AD dependency issue, which is basically holding your organization hostage. In fact, Microsoft has advised that a hybrid solution will remain because, as we will investigate, Azure AD is not legacy AD.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    You are looking to lose your dependency on Active Directory, and you need to tackle infrastructure technical debt, but there are challenges.

    • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
    • You are unaware of what processes depend on AD and how integrated they are.
    • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.
    • Legacy applications can prevent you from upgrading servers or may need to be isolated due to security concerns related to inadequate patching and upgrades.
    • You do not see any return on investment in AD maintenance.
    • Mergers and acquisitions can prevent you from migrating away from AD if one company is dependent on AD and the other is fully in the cloud. This increases technical debt.
    • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
    • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
    • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

    Info-Tech Insight

    Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.

    The history of Active Directory

    The evolution of your infrastructure environment

    From NT to the cloud

    AD 2001 Exchange Server 2003 SharePoint 2007 Server 2008 R2 BYOD Security Risk All in Cloud 2015
    • Active Directory replaces NT and takes over from Novell as the enterprise access and control plane.
    • With slow WAN links, no cellphones, no tablets, and very few laptops, security was not a concern in AD.
    • In 2004, email becomes business critical.
    • This puts pressure on links, increases replication and domains, and creates a need for multiple identities.
    • Collaboration becomes pervasive.
    • Cross domain authentication becomes prevalent across the enterprise.
    • SharePoint sites need to be connected to multiple Domain AD accounts. More multiple identities are required.
    • Exchange resource forest rolls out, causing the new forest functional level to be a more complex environment.
    • Fine-grained password policies have impacted multiple forests, forcing them to adhere to the new password policies.
    • There are powerful Domain controllers, strong LAN and WAN connections, and an increase in smartphones and laptops.
    • Audits and compliance become a focus, and mergers and acquisitions add complexity. Security teams are working across the board.
    • Cloud technology doesn’t work well with complicated, messy AD environment. Cloud solutions need simple, flat AD architecture.
    • Technology changes after 15+ years. AD becomes the backbone of enterprise infrastructure. Managers demand to move to cloud, building complexity again.

    Organizations depend on AD

    AD is the backbone of many organizations’ IT infrastructure

    73% of organizations say their infrastructure is built on AD.

    82% say their applications depend on AD data.

    89% say AD enables authenticated access to file servers.

    90% say AD is the main source for authentication.

    Source: Dimensions research: Active Directory Modernization :

    Info-Tech Insight

    Organizations fail to move away from AD for many reasons, including:

    • Lack of time, resources, budget, and tools.
    • Difficulty understanding what has changed.
    • Migrating from AD being a low priority.

    Active Directory components

    Physical and logical structure

    Authentication, authorization, and auditing

    The image contains a screenshot of the active directory components.

    Active Directory has its hooks in!

    AD creates infrastructure technical debt and is difficult to migrate away from.

    The image contains a screenshot of an active directory diagram.

    Info-Tech Insight

    Due to the pervasive nature of Active Directory in the IT ecosystem, IT organizations are reluctant to migrate away from AD to modernize and innovate.

    Migration to Microsoft 365 in Azure has forced IT departments’ hand, and now that they have dipped their toe in the proverbial cloud “lake,” they see a way out of the mounting technical debt.

    AD security

    Security is the biggest concern with Active Directory.

    Neglecting Active Directory security

    98% of data breaches came from external sources.

    Source: Verizon, Data Breach Report 2022

    85% of data breach took weeks or even longer to discover.

    Source: Verizon Data Breach Report, 2012

    The biggest challenge for recovery after an Active Directory security breach is identifying the source of the breach, determining the extent of the breach, and creating a safe and secure environment.

    Info-Tech Insight

    Neglecting legacy Active Directory security will lead to cyberattacks. Malicious users can steal credentials and hijack data or corrupt your systems.

    What are the security risks to legacy AD architecture?

    • It's been 22 years since AD was released by Microsoft, and it has been a foundational technology for most businesses over the years. However, while there have been many innovations over those two decades, like Amazon, Facebook, iPhones, Androids, and more, Active Directory has remained mostly unchanged. There hasn’t been a security update since 2016.
    • This lack of security innovation has led to several cyberattacks over the years, causing businesses to bolt on additional security measures and added complexity. AD is not going away any time soon, but the security dilemma can be addressed with added security features.

    AD event logs

    84% of organizations that had a breach had evidence of that breach in their event logs.

    Source: Verizon Data Breach Report, 2012

    What is the business risk

    How does AD impact innovation in your business?

    It’s widely estimated that Active Directory remains at the backbone of 90% of Global Fortune 1000 companies’ business infrastructure (Lepide, 2021), and with that comes risk. The risks include:

    • Constraints of AD and growth of your digital footprint
    • Difficulty integrating modern technologies
    • Difficulty maintaining consistent security policies
    • Inflexible central domains preventing innovation and modernization
    • Inability to move to a self-service password portal
    • Vulnerability to being hacked
    • BYOD not being AD friendly

    AD is dependent on Windows Server

    1. Even though AD is compliant with LDAP, software vendors often choose optional features of LDAP that are not supported by AD. It is possible to implement Kerberos in a Unix system and establish trust with AD, but this is a difficult process and mistakes are frequent.
    2. Restricting your software selection to Windows-based systems reduces innovation and may hamper your ability to purchase best-in-class applications.

    Azure AD is not a replacement for AD

    AD was designed for an on-premises enterprise

    The image contains a screenshot of a Azure AD diagram.

    • Despite Microsoft’s Azure becoming prominent in the world of cloud services, Azure AD is not a replacement for on-premises AD.
    • In fact, Microsoft itself has an architecture to mitigate the shortcomings of Azure AD by recommending organizations migrate to a hybrid model, especially those businesses that have an in-house footprint of servers and applications.
    • If you are a greenfield business and intend to take advantage of SaaS, IaaS, and PaaS, as well as Microsoft 365 in Azure, then Azure AD is for you and you don’t have to worry about the need for AD.

    "Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

    That’s why there is no actual ‘migration’ path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc."

    – Gregory Hall,
    Brand Representative for Microsoft
    (Source: Spiceworks)

    The hybrid model for AD and Azure AD

    How the model works

    The image contains a screenshot of a hybrid model for AD and Azure AD.

    Note: AD Federated Services (ADFS) is not a replacement for AD. It’s a bolt-on that requires maintenance, support, and it is not a liberating service.

    Many companies are:

    • Moving to SaaS solutions for customer relationship management, HR, collaboration, voice communication, file storage, and more.
    • Managing non-Windows devices.
    • Moving to a hybrid model of work.
    • Enabling BYOD.

    Given these trends, Active Directory is becoming obsolete in terms of identity management and permissions.

    The difference between AD Domain Services and Azure AD DS

    One of the core principles of Azure AD is that the user is the security boundary, not the network.

    Kerberos is the default authentication and authorization protocol for AD. Kerberos is involved in nearly everything from the time you log on to accessing Sysvol, which is used to deliver policy and logon scripts to domain members from the Domain Controller.

    Info-Tech Insight

    If you are struggling to get away from AD, Kerberos and NTML are to blame. Working around them is difficult. Azure AD uses SAML2.0 OpenID Connect and OAuth2.0.

    Feature Azure AD DS Self-managed AD DS
    Managed service
    Secure deployments Administrator secures the deployment
    DNS server ✓ (managed service)
    Domain or Enterprise administrator privileges
    Domain join
    Domain authentication using NTLM and Kerberos
    Kerberos-constrained delegation Resource-based Resource-based and account-based
    Custom OU structure
    Group Policy
    Schema extensions
    AD domain/forest trusts ✓ (one-way outbound forest trusts only)
    Secure LDAP (LDAPS)
    LDAP read
    LDAP write ✓ (within the managed domain)
    Geo-distributed deployments

    Source: “Compare self-managed Active Directory Domain Services...” Azure documentation, 2022

    Impact of work-from-anywhere

    How AD poses issues that impact the user experience

    IT organizations are under pressure to enable work-from-home/work-from-anywhere.

    • IT teams regard legacy infrastructure, namely Active Directory, as inadequate to securely manage remote workloads.
    • While organizations previously used VPNs to access resources through Active Directory, they now have complex webs of applications that do not reside on premises, such as AWS, G-Suite, and SaaS customer relationship management and HR management systems, among others. These resources live outside the Windows ecosystem, complicating user provisioning, management, and security.
    • The work environment has changed since the start of COVID-19, with businesses scrambling to enable work-from-home. This had a huge impact on on-premises identity management tools such as AD, exposing their limitations and challenges. IT admins are all too aware that AD does not meet the needs of work-from-home.
    • As more IT organizations move infrastructure to the cloud, they have the opportunity to move their directory services to the cloud as well.
      • JumpCloud, OneLogin, Okta, Azure AD, G2, and others can be a solution for this new way of working and free up administrators from the overloaded AD environment.
      • Identity and access management (IAM) can be moved to the cloud where the modern infrastructure lives.
      • Alternatives for printers using AD include Google Cloud Print, PrinterOn, and PrinterLogic.

    How AD can impact your migration to Microsoft 365

    The beginning of your hybrid environment

    • Businesses that have a large on-premises footprint have very few choices for setting up a hybrid environment that includes their on-premises AD and Azure AD synchronization.
    • Microsoft 365 uses Azure AD in the background to manage identities.
    • Azure AD Connect will need to be installed, along with IdFix to identify errors such as duplicates and formatting problems in your AD.
    • Password hash should be implemented to synchronize passwords from on-premises AD so users can sign in to Azure without the need for additional single sign-on infrastructure.
    • Azure AD Connect synchronizes accounts every 30 minutes and passwords within two minutes.

    Alternatives to AD

    When considering retiring Active Directory from your environment, look at alternatives that can assist with those legacy application servers, handle Kerberos and NTML, and support LDAP.

    • JumpCloud: Cloud-based directory services. JumpCloud provides LDAP-as-a-Service and RADIUS-as-a-Service. It authenticates, authorizes, and manages employees, their devices, and IT applications. However, domain name changes are not supported.
    • Apache Directory Studio Pro: Written in Java, it supports LDAP v3–certified directory services. It is certified by Eclipse-based database utilities. It also supports Kerberos, which is critical for legacy Microsoft AD apps authentication.
    • Univention Corporate Server (UCS): Open-source Linux-based solution that has a friendly user interface and gets continuous security and feature updates. It supports Kerberos V5 and LDAP, works with AD, and is easy to sync. It also supports DNS server, DHCP, multifactor authentication and single sign-on, and APIs and REST APIs. However, it has a limited English knowledgebase as it is a German tool.

    What to look for

    If you are embedded in Windows systems but looking for an alternative to AD, you need a similar solution but one that is capable of working in the cloud and on premises.

    Aside from protocols and supporting utilities, also consider additional features that can help you retire your Active Directory while maintaining highly secure access control and a strong security posture.

    These are just a few examples of the many alternatives available.

    Market drivers to modernize your infrastructure

    The business is now driving your Active Directory migration

    What IT must deal with in the modern world of work:

    • Leaner footprint for evolving tech trends
    • Disaster recovery readiness
    • Dynamic compliance requirements
    • Increased security needs
    • The need to future-proof
    • Mergers and acquisitions
    • Security extending the network beyond Windows

    Organizations are making decisions that impact Active Directory, from enabling work-from-anywhere to dealing with malicious threats such as ransomware. Mergers and acquisitions also bring complexity with multiple AD domains.
    The business is putting pressure on IT to become creative with security strategies, alternative authentication and authorization, and migration to SaaS and cloud services.

    Activity

    Build a checklist to migrate off Active Directory.

    Discovery

    Assessment

    Proof of Concept

    Migration

    Cloud Operations

    ☐ Catalog your applications.

    ☐ Define your users, groups and usage.

    ☐ Identify network interdependencies and complexity.

    ☐ Know your security and compliance regulations.

    ☐ Document your disaster recovery plan and recovery point and time objectives (RPO/RTO).

    ☐ Build a methodology for migrating apps to IaaS.

    ☐ Develop a migration team using internal resources and/or outsourcing.

    ☐ Use Microsoft resources for specific skill sets.

    ☐ Map on-premises third-party solutions to determine how easily they will migrate.

    ☐ Create a plan to retire and archive legacy data.

    ☐ Test your workload: Start small and prove value with a phased approach.

    ☐ Estimate cloud costs.

    ☐ Determine the amount and size of your compute and storage requirements.

    ☐ Understand security requirements and the need for network and security controls.

    ☐ Assess network performance.

    ☐ Qualify and test the tools and solutions needed for the migration.

    ☐ Create a blueprint of your desired cloud environment.

    ☐ Establish a rollback plan.

    ☐ Identify tools for automating migration and syncing data.

    ☐ Understand the implications of the production-day data move.

    ☐ Keep up with the pace of innovation.

    ☐ Leverage 24/7 support via skilled Azure resources.

    ☐ Stay on top of system maintenance and upgrades.

    ☐ Consider service-level agreement requirements, governance, security, compliance, performance, and uptime.

    Related Info-Tech Research

    Manage the Active Directory in the Service Desk

    • Build and maintain your Active Directory with good data.
    • Actively maintaining the Active Directory is a difficult task that only gets more difficult with issues like stale accounts and privilege creep.

    SoftwareReviews: Microsoft Azure Active Directory

    • The Azure Active Directory (Azure AD) enterprise identity service provides SSO and multifactor authentication to help protect your users from 99.9% of cybersecurity attacks

    Define Your Cloud Vision

    • Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Bibliography

    “2012 Data Breach Investigations Report.” Verizon, 2012. Web.
    “2022 Data Breach Investigations Report.” Verizon, 2012. Web.
    “22 Best Alternatives to Microsoft Active Directory.” The Geek Page, 16 Feb 2022. Accessed 12 Sept. 2022.
    Altieri, Matt. “Infrastructure Technical Debt.” Device 42, 20 May 2019. Accessed Sept 2022.
    “Are You Ready to Make the Move from ADFS to Azure AD?’” Steeves and Associates, 29 April 2021. Accessed 28 Sept. 2022.
    Blanton, Sean. “Can I Replace Active Directory with Azure AD? No, Here’s Why.” JumpCloud, 9 Mar 2021. Accessed Sept. 2022.
    Chai, Wesley, and Alexander S. Gillis. “What is Active Directory and how does it work?” TechTarget, June 2021. Accessed 10 Sept. 2022.
    Cogan, Sam. “Azure Active Directory is not Active Directory!” SamCogan.com, Oct 2020. Accessed Sept. 2022.
    “Compare Active Directory to Azure Active Directory.” Azure documentation, Microsoft Learn, 18 Aug. 2022. Accessed 12 Sept. 2022.
    "Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services." Azure documentation, Microsoft Learn, 23 Aug. 2022. Accessed Sept. 2022.
    “Dimensional Research, Active Directory Modernization: A Survey of IT Professionals.” Quest, 2017. Accessed Sept 2022.
    Grillenmeier, Guido. “Now’s the Time to Rethink Active Directory Security.“ Semperis, 4 Aug 2021. Accessed Oct. 2013.
    “How does your Active Directory align to today’s business?” Quest Software, 2017, accessed Sept 2022
    Lewis, Jack “On-Premises Active Directory: Can I remove it and go full cloud?” Softcat, Dec.2020. Accessed 15 Sept 2022.
    Loshin, Peter. “What is Kerberos?” TechTarget, Sept 2021. Accessed Sept 2022.
    Mann, Terry. “Why Cybersecurity Must Include Active Directory.” Lepide, 20 Sept. 2021. Accessed Sept. 2022.
    Roberts, Travis. “Azure AD without on-prem Windows Active Directory?” 4sysops, 25 Oct. 2021. Accessed Sept. 2022.
    “Understanding Active Directory® & its architecture.” ActiveReach, Jan 2022. Accessed Sept. 2022.
    “What is Active Directory Migration?” Quest Software Inc, 2022. Accessed Sept 2022.

    Develop a Master Data Management Practice and Platform

    • Buy Link or Shortcode: {j2store}401|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $27,416 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The volume of enterprise data is growing rapidly and comes from a wide variety of internal and external data sources (e.g. ERP, CRM). When data is located in different systems and applications, coupled with degradation and proliferation, this can lead to inaccurate, inconsistent, and redundant data being shared across departments within an organization.
    • Data kept in separate soiled sources can result in poor stakeholder decision making and inefficient business processes. Some common master data problems include:
      • The lack of a clean customer list results in poor customer service.
      • Hindering good analytics and business predictions, such as incorrect supply chain decisions when having duplicate product and vendor data between plants.
      • Creating cross-group consolidated reports from inconsistent local data that require too much manual effort and resources.

    Our Advice

    Critical Insight

    • Everybody has master data (e.g. customer, product) but not master data problems (e.g. duplicate customers and products). MDM is complex in practice and requires investments in data governance, data architecture, and data strategy. Identifying business outcomes based on quality master data is essential before you pull the trigger on an MDM solution.

    Impact and Result

    This blueprint can help you:

    • Build a list of business-aligned data initiatives and capabilities that address master data problem and realize business strategic objectives.
    • Design a master data management practice based on the required business and data process.
    • Design a master data management platform based on MDM implementation style and prioritized technical capabilities.

    Develop a Master Data Management Practice and Platform Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a Master Data Management Practice and Platform Deck – A clear blueprint that provides a step-by-step approach to aid in the development of your MDM practice and platform.

    This blueprint will help you achieve a single view of your most important data assets by following our two-phase methodology:

  • Build a vision for MDM
  • Build an MDM practice and platform
    • Develop a Master Data Management Practice and Platform – Phases 1-2

    2. Master Data Management Readiness Assessment Tool – A tool to help you make the decision to stop the MDM project now or to continue the path to MDM.

    This tool will help you determine if your organization has a master data problem and if an MDM project should be undertaken.

    • Master Data Management Readiness Assessment Tool

    3. Master Data Management Business Needs Assessment Tool – A tool to help you identify and document the various data sources in the organization and determine which data should be classified as master data.

    The tool will help you identify the sources of data within the business unit and use the typical properties of master data to determine which data should be classified as master data.

    • Master Data Management Business Needs Assessment Tool

    4. Master Data Management Business Case Presentation Template – A template to communicate MDM basics, benefits, and approaches to obtain business buy-in for the MDM project.

    The template will help you communicate your organization's specific pains surrounding poor management of master data and identify and communicate the benefits of effective MDM. Communicate Info-Tech's approach for creating an effective MDM practice and platform.

    • Master Data Management Business Case Presentation Template

    5. Master Data Management Project Charter Template – A template to centralize the critical information regarding to objectives, staffing, timeline, and expected outcome of the project.

    The project charter will help you document the project sponsor of the project. Identify purpose, goals, and objectives. Identify the project risks. Build a cross-functional project team and assign responsibilities. Define project team expectations and meeting frequency. Develop a timeline for the project with key milestones. Identify metrics for tracking success. Receive approval for the project.

    • Master Data Management Project Charter Template

    6. Master Data Management Architecture Design Template – An architecture design template to effectively document the movement of data aligned with the business process across the organization.

    This template will assist you:

  • Document the current state and achieve a common understanding of the business process and movement of data across the company.
  • Identify the source of master data and what other systems will contribute to the MDM system.
  • Document the target architectural state of the organization.
    • Master Data Management Architecture Design Template

    7. Master Data Management Practice Pattern Template – Pre-built practice patterns to effectively define the key services and outputs that must be delivered by establishing core capabilities, accountabilities, roles, and governance for the practice.

    The master data management practice pattern describes the core capabilities, accountabilities, processes, essential roles, and the elements that provide oversight or governance of the practice, all of which are required to deliver on high value services and deliverables or output for the organization.

    • Master Data Management Practice Pattern Template

    8. Master Data Management Platform Template – A pre-built platform template to illustrate the organization’s data environment with MDM and the value MDM brings to the organization.

    This template will assist you:

  • Establish an understanding of where MDM fits in an organization’s overall data environment.
  • Determine the technical capabilities that is required based on organization’s data needs for your MDM implementation.
    • Master Data Management Platform Template

    Infographic

    Workshop: Develop a Master Data Management Practice and Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop a Vision for the MDM Project

    The Purpose

    Identification of MDM and why it is important.

    Differentiate between reference data and master data.

    Discuss and understand the key challenges and pains felt by the business and IT with respect to master data, and identify the opportunities MDM can provide to the business.

    Key Benefits Achieved

    Identification of what is and is not master data.

    Understand the value of MDM and how it can help the organization better monetize its data.

    Knowledge of how master data can benefit both IT and the business.

    Activities

    1.1 Establish business context for master data management.

    1.2 Assess the value, benefits, challenges, and opportunities associated with MDM.

    1.3 Develop the vision, purpose, and scope of master data management for the business.

    1.4 Identify MDM enablers.

    1.5 Interview business stakeholders.

    Outputs

    High-level data requirements

    Identification of business priorities

    Project vision and scope

    2 Document the Current State

    The Purpose

    Recognize business drivers for MDM.

    Determine where master data lives and how this data moves within the organization.

    Key Benefits Achieved

    Streamline business process, map the movement of data, and achieve a common understanding across the company.

    Identify the source of master data and what other systems will contribute to the MDM system.

    Activities

    2.1 Evaluate the risks and value of critical data.

    2.2 Map and understand the flow of data within the business.

    2.3 Identify master data sources and users.

    2.4 Document the current architectural state of the organization.

    Outputs

    Data flow diagram with identified master data sources and users

    Business data glossary

    Documented current data state.

    3 Document the Target State

    The Purpose

    Document the target data state of the organization surrounding MDM.

    Identify key initiatives and metrics.

    Key Benefits Achieved

    Recognition of four MDM implementation styles.

    Identification of key initiatives and success metrics.

    Activities

    3.1 Document the target architectural state of the organization.

    3.2 Develop alignment of initiatives to strategies.

    3.3 Consolidate master data management initiatives and strategies.

    3.4 Develop a project timeline and define key success measures.

    Outputs

    Documented target state surrounding MDM.

    Data and master data management alignment and strategies

    4 Develop an MDM Practice and Platform

    The Purpose

    Get a clear picture of what the organization wants to get out of MDM.

    Identify master data management capabilities, accountabilities, process, roles, and governance.

    Key Benefits Achieved

    Prioritized master data management capabilities, accountabilities, process, roles, and governance.

    Activities

    4.1 Identify master data management capabilities, roles, process, and governance.

    4.2 Build a master data management practice and platform.

    Outputs

    Master Data Management Practice and Platform

    Further reading

    Develop a Master Data Management Practice and Platform

    Are you sure you have a master data problem?

    Analyst Perspective

    The most crucial and shared data assets inside the firm must serve as the foundation for the data maturing process. This is commonly linked to your master data (such as customers, products, employees, and locations). Every organization has master data, but not every organization has a master data problem.

    Don't waste time or resources before determining the source of your master data problem. Master data issues are rooted in the business practices of your organization (such as mergers and acquisitions and federated multi-geographic operations). To address this issue, you will require a master data management (MDM) solution and the necessary architecture, governance, and support from very senior champions to ensure the long-term success of your MDM initiative. Approaching MDM with a clear blueprint that provides a step-by-step approach will aid in the development of your MDM practice and platform.

    Ruyi Sun

    Ruyi Sun
    Research Specialist
    Data & Analytics Practice
    Info-Tech Research Group

    Rajesh Parab

    Rajesh Parab
    Research Director
    Data & Analytics Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Your organization is experiencing data challenges, including:

    • Too much data volume, variety, and velocity, from more and more sources.
    • Duplicate and disorganized data across multiple systems and applications.
    • Master data is pervasive throughout the business and is often created and captured in highly disparate sources that often are not easily shared across business units and applications.

    MDM is useful in situations such as a business undergoing a merger or acquisition, where a unique set of master data needs to be created to act as a single source of truth. However, having a unified view of the definitions and systems of record for the most critical data in your organization can be difficult to achieve. An organization might experience some pain points:

    • Failure to identify master data problem and organization’s data needs.
    • Conflicting viewpoints and definitions of data assets across business units.
    • Recognize common business operating models or strategies with master data problems.
    • Identify the organization’s problem and needs out of its master data and align to strategic business needs.
    • Define the architecture, governance, and support.
    • Create a practice and platform for the organization’s MDM program.

    Info-Tech Insight

    Everybody has master data (e.g. customer, product) but not a master data problem (e.g. duplicate customers and products). MDM is complex in practice and requires investments in data governance, data architecture, and data strategy. Identifying business outcomes based on quality master data is essential before you pull the trigger on an MDM solution.

    What is master data and master data management?

    • Master data domains include the most important data assets of an organization. For this data to be used across an enterprise in consistent and value-added ways, the data must be properly managed. Some common master data entities include customer, product, and employees.
    • Master data management (MDM) is the control over master data values to enable consistent, shared, contextual use across systems, of the most accurate, timely, and relevant version of truth about essential business entities (DAMA DMBOK).
    • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
    • MDM systems will detect and declare relationships between data, resolve duplicate records, and make data available to the people, processes, and applications that need it. The end goal of an MDM implementation is to make sure your investment in MDM technology delivers the promised business results. By supplementing the technology with rules, guidelines, and standards around enterprise data you will ensure data continues to be synchronized across data sources on an ongoing basis.

    The image contains a screenshot of Info-Tech's Data Management Framework.

    Info-Tech’s Data Management Framework Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions. See Create a Data Management Roadmap blueprint for more information.

    Why manage master data?

    Master data drives practical insights that arise from key aspects of the business.

    Customer Intimacy

    Innovation Leadership

    Risk Management

    Operational Excellence

    Improve marketing and the customer experience by using the right data from the system of record to analyze complete customer views of transactions, sentiments, and interactions.

    Gain insights on your products, services, usage trends, industry directions, and competitor results, and use these data artifacts to support decisions on innovations, new products, services, and pricing.

    Maintain more transparent and accurate records and ensure that appropriate rules are followed to support audit, compliance, regulatory, and legal requirements. Monitor data usage to avoid fraud.

    Make sure the right solution is delivered rapidly and consistently to the right parties for the right price and cost structure. Automate processes by using the right data to drive process improvements.

    85% of customers expect consistent interactions across departments (Salesforce, 2022).

    Top-decile economic performers are 20% more likely to have a common source of data that serves as the single source of truth across the organization compared to their peers (McKinsey & Company, 2021).

    Only 6% of board members believe they are effective in managing risk (McKinsey & Company, 2018).

    32% of sales and marketing teams consider data inconsistency across platforms as their biggest challenge (Dun & Bradstreet, 2022).

    Your Challenge

    Modern organizations have unprecedented data challenges.

    • The volume of enterprise data is growing rapidly and comes from a wide variety of internal and external data sources (e.g. ERP, CRM). When data is located in different systems and applications, coupled with degradation and proliferation, this can lead to inaccurate, inconsistent, and redundant data being shared across departments within an organization.
    • For example, customer information may not be identical in the customer service system, shipping system, and marketing management platform because of manual errors or different name usage (e.g. GE or General Electric) when input by different business units.
    • Data kept in separate soiled sources can also result in poor stakeholder decision making and inefficient business processes. Some issues include:
      • The lack of clean customer list results in poor customer service.
      • Hindering good analytics and business predictions, such as incorrect supply chain decision when having duplicate product and vendor data between plants.
      • Creating cross-group consolidated reports from duplicate and inconsistent local data requires too much manual effort and resources.

    On average, 25 different data sources are used for generating customer insights and engagement.

    On average, 16 different technology applications are used to leverage customer data.

    Source: Deloitte Digital, 2020

    Common Obstacles

    Finding a single source of truth throughout the organization can be difficult.

    Changes in business process often come with challenges for CIOs and IT leaders. From an IT perspective, there are several common business operating models that can result in multiple sets of master data being created and held in various locations. Some examples could be:

    • Integrate systems following corporate mergers and acquisitions
    • Enterprise with multi-product line
    • Multinational company or multi-geographic operations with various ERP systems
    • Digital transformation projects such as omnichannel

    In such situations, implementing an MDM solution helps achieve harmonization and synchronization of master data and provide a single, reliable, and precise view of the organization. However, MDM is a complex system that requires more than just a technical solution. An organization might experience the following pain points:

    • Failure to identify master data problem and organization’s data needs.
    • Conflicting viewpoints and definitions of data assets that should reside in MDM across business units.

    Building a successful MDM initiative can be a large undertaking that takes some preparation before starting. Understanding the fundamental roles that data governance, data architecture, and data strategy play in MDM is essential before the implementation.

    “Only 3 in 10 of respondents are completely confident in their company's ability to deliver a consistent omnichannel experience.”

    Source: Dun & Bradstreet, 2022

    The image contains an Info-Tech Thought Model of the Develop a Master Data Management Practice & Platform.

    Insight summary

    Overarching insight

    Everybody has master data (e.g. customer, product) but not a master data problem (e.g. duplicate customers and products). MDM is complex in practice and requires investments in data governance, data architecture, and data strategy. Figuring out what the organization needs out of its master data is essential before you pull the trigger on an MDM solution.

    Phase 1 insight

    A master data management solution will assist you in solving master data challenges if your organization is large or complex, such as a multinational corporation or a company with multiple product lines, with frequent mergers and acquisitions, or adopting a digital transformation strategy such as omnichannel.

    Organizations often have trouble getting started because of the difficulty of agreeing on the definition of master data within the enterprise. Reference data is an easy place to find that common ground.

    While the organization may have data that fits into more than one master data domain, it does not necessarily need to be mastered. Determine what master data entities your organization needs.

    Although it is easy to get distracted by the technical aspects of the MDM project – such as extraction and consolidation rules – the true goal of MDM is to make sure that the consumers of master data (such as business units, sales) have access to consistent, relevant, and trusted shared data.

    Phase 2 insight

    An organization with activities such as mergers and acquisitions or multi-ERP systems poses a significant master data challenge. Prioritize your master data practice based on your organization’s ability to locate and maintain a single source of master data.

    Leverage modern capabilities such as artificial intelligence or machine learning to support large and complex MDM deployments.

    Blueprint Overview

    1. Build a Vision for MDM

    2. Build an MDM Practice and Platform

    Phase Steps

    1. Assess Your Master Data Problem
    2. Identify Your Master Data Domains
    3. Create a Strategic Vision
    1. Document Your Organization’s Current Data State
    2. Document Your Organization’s Target Data State
    3. Formulate an Actionable MDM Practice and Platform

    Phase Participants

    CIO, CDO, or IT Executive

    Head of the Information Management Practice

    Business Domain Representatives

    Enterprise Architecture Domain Architects

    Information Management MDM Experts

    Data Stewards or Data Owners

    Phase Outcomes

    This step identifies the essential concepts around MDM, including its definitions, your readiness, and prioritized master data domains. This will ensure the MDM initiatives are aligned to business goals and objectives.

    To begin addressing the MDM project, you must understand your current and target data state in terms of data architecture and data governance surrounding your MDM strategy. With all these considerations in mind, design your organizational MDM practice and platform.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    1. MDM Readiness Assessment ToolThe image contains a screenshot of the MDM Readiness Assessment Tool. 2. Business Needs Assessment Tool The image contains a screenshot of the Business Needs Assessment Tool.
    3. Business Case Presentation Template The image contains a screenshot of the Business Case Presentation Template. 4. Project Charter Template The image contains a screenshot of the Project Charter Template.
    5. Architecture Design Template The image contains a screenshot of the Architecture Design Template.

    Key deliverable:

    6. MDM Practice Pattern Template

    7. MDM Platform Template

    Define the intentional relationships between the business and the master data through a well-thought-out master data platform and practice.

    The image contains a screenshot to demonstrate the intentional relationships between the business and the master data.

    Measure the value of this blueprint

    Refine the metrics for the overall Master Data Management Practice and Platform.

    In phase 1 of this blueprint, we will help you establish the business context and master data needs.

    In phase 2, we will help you document the current and target state of your organization and develop a practice and platform so that master data is well managed to deliver on those defined metrics.

    Sample Metrics

    Method of Calculation

    Master Data Sharing Availability and Utilization

    # of Business Lines That Use Master Data

    Master Data Sharing Volume

    # of Master Entities

    # of Key Elements, e.g. # of Customers With Many Addresses

    Master Data Quality and Compliance

    # of Duplicate Master Data Records

    Identified Sources That Contribute to Master Data Quality Issues

    # of Master Data Quality Issues Discovered or Resolved

    # of Non-Compliance Issues

    Master Data Standardization/Governance

    # of Definitions for Each Master Entity

    # of Roles (e.g. Data Stewards) Defined and Created

    Trust and Satisfaction

    Trust Indicator, e.g. Confidence Indicator of Golden Record

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify master data problem and assess your organizational readiness for MDM.

    Call #2: Define master data domains and priorities.

    Call #3: Determine business requirements for MDM.

    Call #4: Develop a strategic vision for the MDM project.

    Call #5: Map and understand the flow of data within the business.

    Call #6: Document current architectural state.

    Call #7: Discover the MDM implementation styles of MDM and document target architectural state.

    Call #8: Create MDM data practice and platform.

    Call #9: Summarize results and plan next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Develop a Vision for the MDM Project

    Document the
    Current State

    Document the
    Target State

    Develop a MDM Practice and Platform

    Next Steps and
    Wrap-Up (offsite)

    Activities

    • Establish business context for master data management.
    • Assess the readiness, value, benefits, challenges, and opportunities associated with MDM.
    • Develop the vision, purpose, and scope of master data management for the business.
    • Identify master data management enablers.
    • Interview business stakeholders.
    • Evaluate the risks and value of critical data.
    • Map and understand the flow of data within the business.
    • Identify master data sources and users.
    • Document the current architectural state of the organization
    • Document the target data state of the organization.
    • Develop alignment of initiatives to strategies.
    • Consolidate master data management initiatives and strategies.
    • Develop a project timeline and define key success measures.
    • Identify master data management capabilities, roles, process, and governance.
    • Build a master data management practice and platform.
    • Complete in-progress deliverables from previous four days.
    • Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. High-level data requirements
    2. Identification of business priorities
    3. Project vision and scope
    1. Data flow diagram with identified master data sources and users
    2. Business data glossary
    3. Documented current data state
    1. Documented target state surrounding MDM
    2. Data and master data management alignment and strategies
    1. Master Data Management Practice and Platform
    1. Master Data Management Strategy for continued success

    Phase 1: Build a Vision for MDM

    Develop a Master Data Management Practice and Platform

    Step 1.1

    Assess Your Master Data Problem

    Objectives

    1. Build a solid foundation of knowledge surrounding MDM.

    2. Recognize MDM problems that the organization faces in the areas of mergers and acquisitions, omnichannel, multi-product line, and multi-ERP setups.

    This step involves the following participants:

    CIO, CDO, or IT Executive

    Head of Information Management

    Outcomes of this step

    An understanding of master data, MDM, and the prerequisites necessary to create an MDM program.

    Determine if there is a need for MDM in the organization.

    Understand your data – it’s not all transactional

    Info-Tech analyzes the value of data through the lenses of its four distinct classes: Master, Transactional, Operational, and Reference.

    Master

    Transactional

    Operational

    Reference

    • Addresses critical business entities that fall into four broad groupings: party (customers, suppliers); product (products, policies); location (physical spaces and segmentations); and financial (contracts, transactions).
    • This data is typically critical to the organization, less volatile, and more complex in nature; it contains many data elements and is used across systems.
    • Transactional data refers to data generated when dealing with external parties, such as clients and suppliers.
    • Transactional data may be needed on a per-use basis or through several activities.
    • The data can also be accessed in real-time if needed.
    • Operational data refers to data that is used to support internal business activities, processes, or workflows.
    • This data is generated during a one-time activity or multiple times through a data hub or orchestration layer.
    • Depending on the need for speed, there can be a real-time aspect to the situation.
    • Examples: scheduling service data or performance data.
    • Reference data refers to simple lists of data that are typically static and help categorize other data using code tables.
    • Examples: list of countries or states, postal codes, general ledger chart of accounts, currencies, or product code.

    Recognize the fundamental prerequisites for MDM before diving into more specific readiness requirements

    Organizational buy-in

    • Ensure there is someone actively invested and involved in the progress of the project. Having senior management support, especially in the form of an executive sponsor or champion, is necessary to approve MDM budgets and resourcing.
    • MDM changes business processes and practices that affect many departments, groups, and people – this type of change may be disruptive so sponsorship from the top ensures your project will keep moving forward even during difficulties.
    • Consider developing a cross-functional master data team involving stakeholders from management, IT, and the business units. This group can ensure that the MDM initiative is aligned with and supports larger organizational needs and everyone understands their role.

    Understanding the existing data environment

    • Knowing the state of an organization’s data architecture, and which data sources are linked to critical business processes, is essential before starting an MDM project.
    • Identify the areas of data pain within your organization and establish the root cause. Determine what impact this is having on the business.

    Before starting to look at technology solutions, make sure you have organizational buy-in and an understanding of the existing data environment. These two prerequisites are the foundation for MDM success.

    Master data management provides opportunities to use data for analytical and operational purposes with greater accuracy

    MDM can be approached in two ways: analytical and operational.

    Think of it in the context of your own organization:

    • How will MDM improve the ability for accurate data to be shared across business processes (Operational MDM)?
    • How will MDM improve the quality of reports for management reporting and executive decision making (Analytical MDM)?

    An investment in MDM will improve the opportunities for using the organization’s most valuable data assets, including opportunities like:

    • Data is more easily shared across the organization’s environment with greater accuracy and trust.
    • Multiple instances of the same data are consistent.
    • MDM enables the ability to find the right data more quickly.

    9.5% of revenue was at risk when bad experiences were offered to customers.

    Source: Qualtrics XM Institute, 2022

    Master data management drives better customer experience

    85% In a survey of nearly 17,000 consumers and business buyers, 85% of customers expect consistent interactions across departments.

    Source: Salesforce, 2022

    Yet, 60% of customer say it generally feels like sales, service, and marketing teams do not share information.

    Source: Salesforce, 2022

    What is a business without the customer? Positive customer service experience drives customer retention, satisfaction, and revenue growth, and ultimately, determines the success of the organization. Effective MDM can improve customer experiences by providing consistent interactions and the ability to meet customer expectations.

    61% of customers say they would switch to a competitor after just one bad customer service experience.

    Source: Zendesk, 2022

    Common business operating models or strategies with master data problems

    Mergers and acquisitions (M&A)

    M&A involves activities related to the consolidation of two companies. From IT’s perspective, whether the organization maintains different IT systems and applications in parallel or undergoes data integration process, it is common to have multiple instances of the same customer or product entity across different systems between companies, leading to incomplete, duplicate, and conflicting data sets. The organization may face challenges in both operational and analytical aspects. For many, the objective is to create a list of master data to have a single view of the organization.

    Multiple-instance ERP or multinational organizations

    Multiple-instance ERP solutions are commonly used by businesses that operate globally to accommodate each country’s needs or financial systems (Brightwork Research). With MDM, having a single source of truth could be a great advantage in certain business units to collaborate globally, such as sharing inventory coding systems to allow common identity and productive resource allocation and shared customer information for analytical purposes.

    Common business operating models or strategies with master data problems (cont.)

    Multiple product lines of business

    An example for firms that sells multiple product lines could be Nike’s multiple product lines including footwear, clothing, and equipment. Keeping track of many product lines is a constant challenge for organizations in terms of inventory management, vendor database, and a tracking system. The ability to track and maintain your product data accurately and consistently is crucial for a successful supply chain (whether in a warehouse, distribution center, or retail office), which leads to improved customer satisfaction and increased sales.

    Info-Tech Insight
    A master data management solution will assist you in solving master data challenges if your organization is large or complex such as a multinational corporation or a company with multiple product lines, frequent mergers and acquisitions, or adopting a digital transformation strategy such as omnichannel.

    Omni-channel

    In e-commerce and retail industry, omnichannel means a business strategy that offers seamless shopping experiences across all channels, such as in-store, mobile, and online (Oracle). This also means the company needs to provide consistent information on orders, inventory, pricing, and promotions to customers and keep the customer records up to date. The challenges of omnichannel include having to synchronize data across channels and systems such as ERP, CRM, and social media. MDM becomes a solution for the success of an omnichannel strategy that refers to the same source of truth across business functions and channels.

    Assess business model using Info-Tech’s MDM Readiness Assessment Tool

    30 Minutes

    • The MDM Readiness Assessment Tool will help you make the decision to stop the MDM project now or to continue on the path to MDM.
    • Not all organizations need MDM. Don’t waste precious IT time and resources if your organization does not have a master data problem.

    The image contains screenshots of the MDM Readiness Assessment Tool.

    Download the MDM Readiness Assessment Tool

    Input Output
    • List of key MDM decision points
    • MDM readiness
    Materials Participants
    • Master Data Management Readiness Assessment Tool
    • Head of Information Management
    • CIO, CDO, or IT Executive

    Step 1.2

    Identify the Master Data Domains

    Objectives

    Determine which data domain contains the most critical master data in the organization for an MDM strategy.

    This step involves the following participants:

    Business Domain Representatives

    Data Stewards or Data Owners

    Information Management Team

    Outcomes of this step

    Determine the ideal data domain target for the organization based on where the business is experiencing the largest pains related to master data and where it will see the most benefit from MDM.

    Reference data makes tackling master data easier

    Reference data serves as a great starting place for an MDM project.

    • Reference data is the simple lists of data that are typically static and help categorize other data using code tables. Examples include lists of countries or states, postal codes, general ledger charts of accounts, currencies, or product codes.
    • Loading information into the warehouse or an MDM hub usually requires reconciling reference data from multiple sources. By getting reference data in order first, MDM will be easier to implement.
    • Reference data also requires a relatively small investment with good returns so the value of the project can easily be demonstrated to stakeholders.
    • One example of how reference data makes master data easier to tackle is a master list of an organization’s customers that needs an attribute of an address. By maintaining a list of postal codes or cities as reference data, this is made much easier to manage than simply allowing free text.

    Info-Tech Insight

    Organizations often have trouble getting started because of the difficulty of agreeing on the definition of master data within the enterprise. Reference data is an easy place to find that common ground.

    There are several key considerations when defining which data is master data in the organization

    A successful implementation of MDM depends on the careful selection of the data element to be mastered. As departments often have different interests, establishing a standard set of data elements can lead to a lot of discussion. When selecting what data should be considered master data, consider the following:

    • Complexity. As the number of elements in a set increases, the likelihood that the data is master data also increases.
    • Volatility. Master data tends to be less volatile. The more volatile data is, the more likely it is transactional data.
    • Risk. The more likely data may have a risk associated with it, the more likely it should be managed with MDM.
    • Value. The more valuable a data set is to the organization, the greater the chance it is master data.
    • Sharing. If the data set is used in multiple systems, it likely should be managed with an MDM system.

    Begin by documenting the existing data sources within the organization.

    Use Info-Tech’s Master Data Management Business Needs Assessment Tool to determine master data sources.

    Info-Tech Insight

    While the organization may have data that fits into more than one master data domain, it does not necessarily need to be mastered. Determine what master data entities your organization needs.

    Master data also fall into these four areas

    More perspectives to consider and define which data is your master data.

    Internally Created Entities

    Externally Created Entities

    Large Non-Recurring Transactions

    Categories/Relationships/ Hierarchies/Aggregational Patterns

    • Business objects and concepts at the core of organizational activities that are created and maintained only by this organization.
    • Examples: customers, suppliers, products, projects
    • Business objects and concepts at the core of organizational activities that are created outside of this organization, but it keeps its own master list of these entities with additional attributions.
    • Examples: equipment, materials, industry classifications
    • Factual records reflecting the organization’s activities.
    • Examples: large purchases, large sales, measuring equipment data, student academic performance
    • Lateral and hierarchical relationships across master entities.
    • Organization-wide standards for data / information organization and aggregation.
    • Examples: classifications of equipment and materials, legal relationships across legal entities, sales regions or sub-regions

    Master data types can be divided into four main domains

    Parties

    • Data about individuals, organizations, and the roles they play in business relationships.
    • In the commercial world this means customer, employee, vendor, partner, and competitor data.

    Product

    • Can focus on organization's internal products or services or the entire industry, including competitor products and services.
    • May include information about part/ingredient usage, versions, patch fixes, pricing, and bundles.

    Financial

    • Data about business units, cost centers, profit centers, general ledger accounts, budgets, projections, and projects
    • Typically, ERP systems serve as the central hub for this.

    Locations

    • Often seen as the domain that encompasses other domains. Typically includes geopolitical data such as sales territories.
    • Provides ability to track and share reference information about different geographies and create hierarchical relationships based on information.

    Single Domain vs. Multi-Domain

    • By focusing on a single master data domain, organizations can start with smaller, more manageable steps, rather than trying to tackle everything at once.
    • MDM solutions can be domain-specific or be designed to support multiple domains.
    • Multi-domain MDM is a solution that manages multiple types of master data in one repository. By implementing multi-domain from the beginning, an organization is better able to support growth across all dimensions and business units.

    Use Info-Tech’s Master Data Management Business Needs Assessment Tool to determine master data priorities

    2 hours

    Use the Master Data Management Business Needs Assessment Tool to assist you in determining the master data domains present in your organization and the suggested domain(s) for your MDM solution.

    The image contains screenshots of the Master Data Management Business Needs Assessment Tool.

    Download the MDM Business Needs Assessment Tool

    Input Output
    • Current data sources within the organization
    • Business requirements of master data
    • Prioritized list of master data domains
    • Project scope
    Materials Participants
    • Master Data Management Business Needs Assessment Tool
    • Data Stewards or Data Custodians
    • Information Management Team

    Step 1.3

    Create a Strategic Vision for Your MDM Program

    Objectives

    1. Understand the true goal of MDM – ensuring that the needs of the master data users in the organization are fulfilled.

    2. Create a plan to obtain organizational buy-in for the MDM initiative.

    3. Organize and officialize your project by documenting key metrics, responsibilities, and goals for MDM.

    This step involves the following participants:

    CEO, CDO, or CIO

    Business Domain Representatives

    Information Management Team

    Outcomes of this step

    Obtain business buy-in and direction for the MDM initiative.

    Create the critical foundation plans that will guide you in evaluating, planning, and implementing your immediate and long-term MDM goals.

    MDM is not just IT’s responsibility

    Make sure the whole organization is involved throughout the project.

    • Master data is created for the organization as a whole, so get business input to ensure IT decisions fit with corporate goals and objectives.
    • The ownership of master data is the responsibility of the business. IT is responsible for the MDM project’s technology, support, platforms, and infrastructure; however, the ownership of business rules and standards reside with the business.
    • MDM requires IT and the business to form a partnership. While IT is responsible for the technical component, the business will be key in identifying master data.
    • MDM belongs to the entire organization – not a specific department – and should be created with the needs of the whole organization in mind. As such, MDM needs to be aligned with company’s overall data strategy. Data strategy planning involves identifying and translating business objectives and capability goals into strategies for improving data usage by the business and enhancing the capabilities of MDM.

    Keep the priorities of the users of master data at the forefront of your MDM initiative.

    • To fully satisfy the needs of the users of master data, you have to know how the data is consumed. Information managers and architects must work with business teams to determine how organizational objectives are achieved by using master data.
    • Steps to understanding the users of master data and their needs:
    1. Identify and document the users of master data – some examples include business units such as marketing, sales, and innovation teams.
    2. Interview those identified to understand how their strategic goals can be enabled by MDM. Determine their needs and expectations.
    3. Determine how changes to the master data management strategy will bring about improvements to information sharing and increase the value of this critical asset.

    Info-Tech Insight

    Although it is easy to get distracted by the technical aspects of the MDM project – such as extraction and consolidation rules – the true goal of MDM is to make sure that the consumers of master data (such as business units, sales reps) have access to consistent, relevant, and trusted shared data.

    Interview business stakeholders to understand how IT’s implementation of MDM will enable better business decisions

    1 hours

    Instructions

    1. Identify which members of the business you would like to interview to gather an understanding of their current data issues and desired data usage. (Recommendation: Gather a diverse set of individuals to help build a broader and more holistic knowledge of data consumption wants or requirements.)
    2. Prepare your interview questions.
    3. Interview the identified members of the business.
    4. Debrief and document results.

    Tactical Tips

    • Include members of your team to help heighten their knowledge of the business.
    • Identify a team member to operate as the formal scribe.
    • Keep the discussion as free flowing as possible; it will likely enable the business to share more. Don’t get defensive – one of the goals of the interviews is to open communication lines and identify opportunities for change, not create tension between IT and the business.
    Input Output
    • Current master data pain points and issues
    • Desired master data usage
    • Prioritized list of master data management enablers
    • Understanding of organizational strategic plan
    Materials Participants
    • Interview questions
    • Whiteboard/flip charts
    • Information Management Team
    • Business Line Representatives

    Info-Tech Insight

    Prevent the interviews from being just a venue for the business to complain about data by opening the discussion of having them share current concerns and then focus the second half on what they would like to do with data and how they see master data assets supporting their strategic plans.

    Ensure buy-in for the MDM project by aligning the MDM vision and the drivers of the organization

    MDM exists to enable the success of the organization as a whole, not just as a technology venture. To be successful in the MDM initiative, IT must understand how MDM will help the critical aspects of the business. Likewise, the business must understand why it is important to them to ensure long-term support of the project.

    The image contains a screenshot example of the text above.

    “If an organization only wants to look at MDM as a tech project, it will likely be a failure. It takes a very strong business and IT partnership to make it happen.”

    – Julie Hunt, Software Industry Analyst, Hub Designs Magazine

    Use Info-Tech’s Master Data Management Business Case Presentation Template to help secure business buy-in

    1-2 hours

    The image contains screenshots of the Master Data Management Business Case Presentation Template.

    Objectives

    • This presentation should be used to help obtain momentum for the ongoing master data management initiative and continued IT- business collaboration.
    • Master data management and the state of processes around data can be a sensitive business topic. To overcome issues of resistance from the operational or strategic levels, create a well-crafted business case.
    Input Output
    • Business requirements
    • Goals of MDM
    • Pain points of inadequate MDM
    • Awareness built for MDM project
    • Target data domains
    • Project scope
    Materials Participants
    • Master Data Management Business Case Presentation Template
    • Data Stewards or Data Custodians
    • CEO, CDO, or CIO
    • Information Management Team

    Download the MDM Business Case Presentation Template

    Use Info-Tech’s project charter to support your team in organizing their master data management plans

    Use this master document to centralize the critical information regarding the objectives, staffing, timeline, budget, and expected outcome of the project.

    1. MDM Vision and Mission

    Overview

    Define the value proposition behind addressing master data strategies and developing the organization's master data management practice.

    Consider

    Why is this project critical for the business?

    Why should this project be done now, instead of delayed further down the road?

    2. Goals or Objectives

    Overview

    Your goals and objectives should be practical and measurable. Goals and objectives should be mapped back to the reasons for MDM that we identified in the Executive Brief.

    Example Objectives

    Align the organization’s IT and business capabilities in MDM to the requirements of the organization’s business processes and the data that supports it.

    3. Expected Outcomes

    Overview

    Master data management as a concept can change based on the organization and with definitions and expectations varying heavily for individuals. Ensure alignment at the outset of the project by outlining and attaining agreement on the expectations and expected outcomes (deliverables) of the project.

    Recommended Outcomes

    Outline of an action plan

    Documented data strategies

    4. Outline of Action Plan

    Overview

    Document the plans for your project in the associated sections of the project charter to align with the outcomes and deliverables associated with the project. Use the sample material in the charter and the “Develop Your Timeline for the MDM Project” section to support developing your project plans.

    Recommended Project Scope

    Align master data MDM plan with the business.

    Document current and future architectural state of MDM.

    Download the MDM Project Charter Template

    5. Identify the Resourcing Requirements

    Overview

    Create a project team that has representation of both IT and the business (this will help improve alignment and downstream implementation planning).

    Business Roles to Engage

    Data owners (for subject area data)

    Data stewards who are custodians of business data (related to subject areas evaluated)

    Data scientists or other power users who are heavy consumers of data

    IT Roles to Engage

    Data architect(s)

    Any data management professionals who are involved in modeling data, managing data assets, or supporting the systems in which the data resides.

    Database administrators or data warehousing architects with a deep knowledge of data operations.

    Individuals responsible for data governance.

    Phase 2: Build the MDM Practice and Platform

    Develop a Master Data Management Practice and Platform

    Step 2.1

    Document the Current Data State

    Objectives

    1. Understand roles that data strategy, data governance, and data architecture play in MDM.

    2. Document the organization’s current data state for MDM.

    This step involves the following participants:

    Data Stewards or Data Custodians

    Data or Enterprise Architect

    Information Management Team

    Outcomes of this step

    Document the organization’s current data state, understanding the business processes and movement of data across the company.

    Effective data governance will create the necessary roles and rules within the organization to support MDM

    • A major success factor for MDM falls under data governance. If you don’t establish data governance early on, be prepared to face major obstacles throughout your project. Governance includes data definitions, data standards, access rights, and quality rules and ensures that MDM continues to offer value.
    • Data governance involves an organizational committee or structure that defines the rules of how data is used and managed – rules around its quality, processes to remediate data errors, data sharing, managing data changes, and compliance with internal and external regulations.
    • What is required for governance of master data? Defined roles, including data stewards and data owners, that will be responsible for creating the definitions relevant to master data assets.

    The image contains a screenshot of the Data Governance Key to Data Enablement.

    For more information, see Info-Tech Research Group’s Establish Data Governance blueprint.

    Ensure MDM success by defining roles that represent the essential high-level aspects of MDM

    Regardless of the maturity of the organization or the type of MDM project being undertaken, all three representatives must be present and independent. Effective communication between them is also necessary.

    Technology Representative

    Governance Representative

    Business Representative

    Role ensures:

    • MDM technology requirements are defined.
    • MDM support is provided.
    • Infrastructure to support MDM is present.

    Role ensures:

    • MDM roles and responsibilities are clearly defined.
    • MDM standards are adhered to.

    Role ensures:

    • MDM business requirements are defined.
    • MDM business matching rules are defined.

    The following roles need to be created and maintained for effective MDM:

    Data Owners are accountable for:

    • Data created and consumed.
    • Ensuring adequate data risk management is in place.

    Data Stewards are responsible for:

    • The daily and routine care of all aspects of data systems.
    • Supporting the user community.
    • Collecting, collating, and evaluating issues and problems with data.
    • Managing standard business definitions and metadata for critical data elements.

    Another crucial aspect of implementing MDM governance is defining match rules for master data

    • Matching, merging, and linking data from multiple systems about the same item, person, group, etc. attempts to remove redundancy, improve data quality, and provide information that is more comprehensive.
    • Matching is performed by applying inference rules. Data cleansing tools and MDM applications often include matching engines used to match data.
      • Engines are dependent on clearly defined matching rules, including the acceptability of matches at different confidence levels.
    • Despite best efforts, match decisions sometimes prove to be incorrect. It is essential to maintain the history of matches so that matches can be undone when they are discovered to be incorrect.
    • Artificial intelligence (AI) for match and merge is also an option, where the AI engine can automatically identify duplicate master data records to create a golden record.

    Match-Merge Rules vs. Match-Link Rules

    Match-Merge Rules

    • Match records and merge the data from these records into a single, unified, reconciled, and comprehensive record. If rules apply across data sources, create a single unique and comprehensive record in each database.
    • Complex due to the need to identify so many possible circumstances, with different levels of confidence and trust placed on data values in different fields from different sources.
    • Challenges include the operational complexity of reconciling the data and the cost of reversing the operation if there is a false merge.

    Match-Link Rules

    • Identify and cross-reference records that appear to relate to a master record without updating the content of the cross-referenced record.
    • Easier to implement and much easier to reverse.
    • Simple operation; acts on the cross-reference table and not the individual fields of the merged master data record, even though it may be more difficult to present comprehensive information from multiple records.

    Data architecture will assist in producing an effective data integration model for the technology underlying MDM

    Data quality is directly impacted by architecture.

    • With an MDM architecture, access, replication, and flow of data are controlled, which increases data quality and consistency.
    • Without an MDM architecture, master data occurs in application silos. This can cause redundant and inconsistent data.

    Before designing the MDM architecture, consider:

    • How the business is going to use the master data.
    • Architectural style (this is often dependent on the existing IT architecture, but generally, organizations starting with MDM find a hub architecture easiest to work with).
    • Where master data is entered, updated, and stored.
    • Whether transactions should be processed as batch or real-time.
    • What systems will contribute to the MDM system.
    • Implementation style. This will help ensure the necessary applications have access to the master data.

    “Having an architectural oversight and reference model is a very important step before implementing the MDM solutions.”

    – Selwyn Samuel, Director of Enterprise Architecture

    Document the organization’s data architecture to generate an accurate picture of the current data state

    2-3 hours

    Populate the template with your current organization's data components and the business flow that forms the architecture.

    Think about the source of master data and what other systems will contribute to the MDM system.

    The image contains a screenshot of the MDM Architecture Design Template.

    Input Output
    • Business process streamline
    • Current data state
    Materials Participants
    • MDM Architecture Design Template ArchiMate file
    • Enterprise Architect
    • Data Architect

    Download the MDM Architecture Design Template ArchiMate file

    Step 2.2

    Document the Target Data State

    Objectives

    1. Understand four implementation styles for MDM deployments.

    2. Document target MDM implementation systems.

    This step involves the following participants:

    Data Stewards or Data Custodians

    Data or Enterprise Architect

    Information Management Team

    Outcomes of this step

    Document the organization’s target architectural state surrounding MDM, identifying the specific MDM implementation style.

    How the organization’s data flows through IT systems is a convenient way to define your MDM state

    Understanding the data sources present in the organization and how the business organizes and uses this data is critical to implementing a successful MDM strategy.

    Operational MDM

    • As you manage data in an operational MDM system, the data gets integrated back into the systems that were the source of the data in the first place. The “best records” are created from a combination of data elements from systems that create relevant data (e.g. billing system, call center, reservation system) and then the data is sent back to the systems to update it to the best record. This includes both batch and real-time processing data.

    Analytical MDM

    • Generates “best records” the same way that operational MDM does. However, the data doesn’t go back to the systems that generated the data but rather to a repository for analytics, decision management, or reporting system purposes.

    Discovery of master data is the same for both approaches, but the end use is very different.

    The approaches are often combined by technologically mature organizations, but analytical MDM is generally more expensive due to increased complexity.

    Central to an MDM program is the implementation of an architectural framework

    Info-Tech Research Group’s Reference MDM Architecture uses a top-down approach.

    A top-down approach shows the interdependent relationship between layers – one layer of functionality uses services provided by the layers below, and in turn, provides services to the layers above.

    The image contains a screenshot of the Architectural Framework.

    Info-Tech Research Group’s Reference MDM Architecture can meet the unique needs of different organizations

    The image contains a screenshot of Info-Tech Research Group's Reference MDM Architecture.

    The MDM service layers that make up the hub are:

    • Virtual Registry. The virtual registry is used to create a virtual view of the master data (this layer is not necessary for every MDM implementation).
    • Interface Services. The interface services work directly with the transport method (e.g. Web Service, Pub/Sub, Batch/FTP).
    • Rules Management. The rules management layer manages business rules and match rules set by the organization.
    • Lifecycle Management. This layer is responsible for managing the master data lifecycle. This includes maintaining relationships across domains, modeling classification and hierarchies within the domains, helping with master data quality through profiling rules, deduplicating and merging data to create golden records, keeping authoring logs, etc.
    • Base Services. The base services are responsible for managing all data (master, history, metadata, and reference) in the MDM hub.
    • Security. Security is the base layer and is responsible for protecting all layers of the MDM hub.

    An important architectural decision concerns where master data should live

    All MDM architectures will contain a system of entry, a system of record, and in most cases, a system of reference. Collectively, these systems identify where master data is authored and updated and which databases will serve as the authoritative source of master data records.

    System of Entry (SOE)

    System of Record (SOR)

    System of Reference (SORf)

    Any system that creates master data. It is the point in the IT architecture where one or more types of master data are entered. For example, an enterprise resource planning (ERP) application is used as a system of entry for information about business entities like products (product master data) and suppliers (supplier master data).

    The system designated as the authoritative data source for enterprise data. The true system of record is the system responsible for authoring and updating master data and this is normally the SOE. An ideal MDM system would contain and manage a single, up-to-date copy of all master data. This database would provide timely and accurate business information to be used by the relevant applications. In these cases, one or more SOE applications (e.g. customer relationship management or CRM) will be declared the SOR for certain types of data. The SOR can be made up of multiple physical subsystems.

    A replica of master data that can be synchronized with the SOR(s). It is updated regularly to resolve discrepancies between data sets, but will not always be completely up to date. Changes in the SOR are typically batched and then transmitted to the SORf. When a SORf is implemented, it acts as the authoritative source of enterprise data, given that it is updated and managed relative to the SOR. The SORf can only be used as a read-only source for data consumers.

    Central to an MDM program is the implementation of an architectural framework

    These styles are complementary and see increasing functionality; however, organizations do not need to start with consolidation.

    Consolidation

    Registry

    Coexistence

    Transactional

    What It Means

    The MDM is a system of reference (application systems serve as the systems of record). Data is created and stored in the applications and sent (generally in batch mode) to a centralized MDM system.

    The MDM is a system of reference. Master data is created and stored in the

    application systems, but key master data identifiers are linked with the MDM system, which allows a view of master data records to be assembled.

    The MDM is a system of reference. Master data is created and stored in application systems; however, an authoritative record of master data is also created (through matching) and stored in the MDM system.

    The MDM is a genuine source of record. All master data records are centrally authored and materialized in the MDM system.

    Use Case

    This style is ideal for:

    • Organizations that want to have access to master data for reporting.
    • Organizations that do not need real-time access to master data.

    This style is ideal for:

    • A view of key master data identifiers.
    • Near real-time master data reference.
    • Organizations that need access to key master data for operational systems.
    • Organizations facing strict data replication regulations.

    This style is ideal for:

    • A complete view of each master data entity.
    • Deployment of workflows for collaborative authoring.
    • A central reference system for master data.

    This style is ideal for:

    • Organizations that want true master data management.
    • Organizations that need complete, accurate, and consistent master data at all times.
    • Transactional access to master data records.
    • Tight control over master data.

    Method of Use

    Analytical

    Operational

    Analytical, operational, or collaborative

    Analytical, operational, or collaborative

    Consolidation implementation style

    Master data is created and stored in application systems and then placed in a centralized MDM hub that can be used for reference and reporting.

    The image contains a screenshot of the architectural framework and MDM hub.

    Advantages

    • Prepares master data for enterprise data warehouse and reporting by matching/merging.
    • Can serve as a basis for coexistence or transactional MDM.

    Disadvantages

    • Does not provide real-time reference because updates are sent to the MDM system in batch mode.
    • New data requirements will need to be managed at the system of entry.

    Registry implementation style

    Master data is created and stored in applications. Key identifiers are then linked to the MDM system and used as reference for operational systems.

    The image contains a screenshot of the architectural framework with a focus on registry implementation style.

    Advantages

    • Quick to deploy.
    • Can get a complete view of key master data identifiers when needed.
    • Data is always current since it is accessed from the source systems.

    Disadvantages

    • Depends on clean data at the source system level.
    • Can be complex to manage.
    • Except for the identifiers persisting in the MDM system, all master data records remain in the applications, which means there is not a complete view of all master data records.

    Coexistence implementation style

    Master data is created and stored in existing systems and then synced with the MDM system to create an authoritative record of master data.

    The image contains a screenshot of the architectural framework with a focus on the coexistence implementation style.

    Advantages

    • Easier to deploy workflows for collaborative authoring.
    • Creates a complete view for each master data record.
    • Increased master data quality.
    • Allows for data harmonization across systems.
    • Provides organizations with a central reference system.

    Disadvantages

    • Master data is altered in both the MDM system and source systems. Data may not be up to date until synchronization takes place.
    • Higher deployment costs because all master data records must be harmonized.

    Transactional implementation style

    All master data records are materialized in the MDM system, which provides the organization with a single, complete source of master data at all times.

    The image contains a screenshot of the architectural framework with a focus on the transactional implementation style.

    Advantages

    • Functions as a system of record, providing complete, consistent, accurate, and up-to-date data.
    • Provides a single location for updating and managing master data.

    Disadvantages

    • The implementation of this style may require changes to existing systems and business processes.
    • This implementation style comes with increased cost and complexity.

    All organizations are different; identify the architecture and implementation needs of your organization

    Architecture is not static – it must be able to adapt to changing business needs.

    • The implementation style an organization chooses is dependent on organizational factors such as the purpose of MDM and method of use.
    • Some master data domains may require that you start with one implementation style and later graduate to another style while retaining the existing data model, metadata, and matching rules. Select a starting implementation style that will best suit the organization.
    • Organizations with multi-domain master data may have to use multiple implementation styles. For example, data domain X may require the use of a registry implementation, while domain Y requires a coexistence implementation.

    Document your target data state surrounding MDM

    2-3 hours

    Populate the template with your target organization’s data architecture.

    Highlight new capabilities and components that MDM introduced based on MDM implementation style.

    The image contains a screenshot of the MDM Architecture Design Template.

    Input Output
    • Business process streamline
    • MDM architectural framework
    • Target data state
    Materials Participants
    • MDM Architecture Design Template ArchiMate File
    • Enterprise Architect
    • Data Architect
    • Head of Data

    Step 2.3

    Develop MDM Practice and Platform

    Objectives

    1. Review Info-Tech’s practice pattern and design your master data management practice.

    2. Design your master data management platform.

    3. Consider next steps for the MDM project.

    This step involves the following participants:

    Data Stewards or Data Custodians

    Data or Enterprise Architect

    Information Management Team

    Outcomes of this step

    Define the key services and outputs that must be delivered by establishing core capabilities, accountabilities, roles, and governance for the practice and platform.

    What does a master data management practice pattern look like?

    The master data management practice pattern describes the core capabilities, accountabilities, processes, and essential roles and the elements that provide oversight or governance of the practice, all of which are required to deliver on high-value services and deliverables or output for the organization.

    The image contains a screenshot to demonstrate the intentional relationships between the business and the master data.

    Download the Master Data Management Practice Pattern Template ArchiMate File

    Master data management data practice setup

    • Define the practice lead’s accountabilities and responsibilities.
    • Assign the practice lead.
    • Design the practice, defining the details of the practice (including the core capabilities, accountabilities, processes, and essential roles; the elements that provide oversight or governance of the practice; and the practice’s services and deliverables or output for the organization).
    • Define services and accountabilities:
    1. Define deployment and engagement model
    2. Define practice governance and metrics
    3. Define processes and deliverables
    4. Summarize capabilities
    5. Use activity slide to assign the skills to the role

    General approach to setting up data practices

    Guidelines for designing and establishing your various data practices.

    Understand master data management practice pattern

    A master data management practice pattern includes key services and outputs that must be delivered by establishing core capabilities, accountabilities, roles, and governance for the practice.

    Assumption:

    The accountabilities and responsibilities for the master data management practice have been established and assigned to a practice lead.

    1. Download and review Master Data Management Practice Pattern (Level 1 – Master Data Management Practice Pattern).
    2. Review and update master data management processes for your organization.

    Download the Master Data Management Practice Pattern Template ArchiMate File

    Info-Tech Insight

    An organization with heavy merger and acquisition activity poses a significant master data challenge. Prioritize your master data practice based on your organization’s ability to locate and maintain a single source of master data.

    The image contains a screenshot of the Master Data Management Process.

    Initiate your one-time master data management practice setup

    1. Ensure data governance committees are established.
    2. Align master data management working group responsibilities with data governance committee.
    3. Download and review Master Data Management Practice Pattern Setup (Level 1 – Master Data Management Practice Setup).
    4. Start establishing your master data practice:
    5. 4.1 Define services and accountabilities

      4.2 Define processes and deliverables by stakeholder

      4.3 Design practice operating model

      4.4 Perform skills inventory and design roles

      4.5 Determine practice governance and metrics

      4.6 Summarize practice capabilities

    6. Define key master data management deliverable and processes.

    The image contains a screenshot of the Process Template MDM Conflict Resolution.

    Download and Update:

    Process Template: MDM Conflict Resolution

    MDM operating model

    The operating model is a visualization of how MDM commonly operates and the value it brings to the organization. It illustrates the master data flow, which works from left to right, from source system to consumption layer. Another important component of the model is the business data glossary, which is part of your data governance plan, to define terminology and master data’s key characteristics across business units.

    The image contains a screenshot of the MDM Operating Model.

    Choosing the appropriate technology capabilities

    An MDM platform should include certain core technical capabilities:

    • Master data hub: Functions as a system of reference, providing an authoritative source of data in read-only format to systems downstream.
    • Data modeling: Ability to model complex relationships between internal application sources and other parties.
    • Workflow management: Ability to support flexible and comprehensive workflow-based capabilities.
    • Relationship and hierarchies: Ability to determine relationships and identify hierarchies within the same domain or across different domains of master data.
    • Information quality: Ability to profile, cleanse, match, link, identify, and reconcile master data in different data sources to create and maintain the “golden record.”
    • Loading, integration, synchronization: Ability to load data quality tools and integrate so there is a bidirectional flow of data. Enable data migration and updates that prevent duplicates within the incoming data and data found in the hub.
    • Security: Ability to control access of MDM and the ability to report on activities. Ability to configure and manage different rules and visibilities.
    • Ease of use: Including different user interfaces for technical and business roles.
    • Scalability and high performance/high availability: Ability to expand or shrink depending on the business needs and maintain a high service level.

    Other requirements may include:

    • MDM solution that can handle multiple domains on a single set of technology and hardware.
    • Offers a broad set of data integration connectors out of the box.
    • Offers flexible deployments (on-premises, cloud, as-a-service).
    • Supports all architectural implementation styles: registry, consolidation, coexistence, and transactional.
    • Data governance tools: workflow and business process management (BPM) functionality to link data governance with operational MDM.
    • Uses AI to automate MDM processes.

    Info-Tech Research Group’s MDM platform

    The image contains a screenshot of Info-Tech's MDM Platform.

    Info-Tech Research Group’s MDM platform summarizes an organization’s data environment and the technical capabilities that should be taken into consideration for your organization's MDM implementation.

    Design your master data management platform

    2-3 hours

    Instructions

    Download the Master Data Management Platform Template.

    The platform is not static. Adapt the template to your own needs based on your target data state, required technical capabilities, and business use cases.

    The image contains a screenshot of Info-Tech's MDM Platform.

    Input Output
    • Technology capabilities
    • Target data state
    • Master Data Management Platform
    Materials Participants
    • Master Data Management Platform Template
    • Data Architect
    • Enterprise Architect
    • Head of Data

    Download the MDM Platform Template

    Next steps for the MDM project

    There are several deployment options for MDM platforms; pick the one best suited to the organization’s business needs:

    On-Premises Solutions

    Cloud Solutions

    Hybrid Solutions

    Embrace the technology

    MDM has traditionally been an on-premises initiative. On-premises solutions have typically had different instances for various divisions. On-premises solutions offer interoperability and consistency.

    Many IT teams of larger companies prefer an on-premises implementation. They want to purchase a perpetual MDM software license, install it on hardware systems, configure and test the MDM software, and maintain it on an ongoing basis.

    Cloud MDM solutions can be application-specific or platform-specific, which involves using a software platform or web-based portal interface to connect internal and external data. Cloud is seen as a more cost-effective MDM solution as it doesn’t require a large IT staff to configure the system and can be paid for through a monthly subscription. Because many organizations are averse to storing their master data outside of their firewalls, some cloud MDM solutions manage the data where it resides (either software as a service or on-premises), rather than maintaining it in the cloud.

    MDM system resides both on premises and in the cloud. As many organizations have some applications on premises and others in the cloud, having a hybrid MDM solution is a realistic option for many. MDM can be leveraged from either on-premises or in the cloud solutions, depending on the current needs of the organization.

    • Vendor-supplied MDM solutions often provide complete technical functionality in the package and various deployment options.
    • Consider leverage Info-Tech’s SoftwareReviews to accelerate and improve your software selection process.

    Capitalizing on trends in the MDM technology space would increase your competitive edge

    AI improves master data management.

    • With MDM technology improving every year, there are a greater number of options to choose from than ever before. AI is one of the hottest trends in MDM.
    • By using machine learning (ML) techniques, AI can automate many activities surrounding MDM to ease manual processes and improve accuracy, such as automating master data profiling, managing workflow, identifying duplication, and suggesting match and merge proposals.
    • Some other powerful applications include product categorization and hierarchical management. The product is assigned to the correct level of the category hierarchy based on the probability that a block of words in a product title or description belongs to product categories (Informatica, 2021).

    Info-Tech Insight

    Leverage modern capabilities such as AI and ML to support large and complex MDM deployments.

    The image contains a screenshot of the AI Activities in MDM.

    Informatica, 2021

    Related Info-Tech Research

    Build Your Data Quality Program

    • Data needs to be good, but truly spectacular data may go unnoticed. Provide the right level of data quality, with the appropriate effort, for the correct usage. This blueprint will help you determine what “the right level of data quality” means and create a plan to achieve that goal for the business.

    Build a Data Architecture Roadmap

    • Optimizing data architecture requires a plan, not just a data model.

    Create a Data Management Roadmap

    • Streamline your data management program with our simplified framework.

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    • Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data.

    Build Your Data Practice and Platform

    • The true value of data comes from defining intentional relationships between the business and the data through a well-thought-out data platform and practice.

    Establish Data Governance

    • Establish data trust and accountability with strong governance.

    Research Authors and Contributors

    Authors:

    Name

    Position

    Company

    Ruyi Sun

    Research Specialist, Data & Analytics

    Info-Tech Research Group

    Rajesh Parab

    Research Director, Data & Analytics

    Info-Tech Research Group

    Contributors:

    Name

    Position

    Company

    Selwyn Samuel

    Director of Enterprise Architecture

    Furniture manufacturer

    Julie Hunt

    Consultant and Author

    Hub Designs Magazine and Julie Hunt Consulting

    David Loshin

    President

    Knowledge Integrity Inc.

    Igor Ikonnikov

    Principal Advisory Director

    Info-Tech Research Group

    Irina Sedenko

    Advisory Director

    Info-Tech Research Group

    Anu Ganesh

    Principal Research Director

    Info-Tech Research Group

    Wayne Cain

    Principal Advisory Director

    Info-Tech Research Group

    Reddy Doddipalli

    Senior Workshop Director

    Info-Tech Research Group

    Imad Jawadi

    Senior Manager, Consulting

    Info-Tech Research Group

    Andy Neill

    Associate Vice President

    Info-Tech Research Group

    Steve Wills

    Practice Lead

    Info-Tech Research Group

    Bibliography

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.
    “State of the Connected Customer, Fifth Edition.” Salesforce, 2022. Accessed Jan. 2023.
    “The new digital edge: Rethinking strategy for the postpandemic era.” McKinsey & Company, 26 May. 2021. Assessed Dec. 2022.
    “Value and resilience through better risk management.” Mckinsey & Company, 1 Oct. 2018. Assessed Dec. 2022.
    “Plotting a course through turbulent times (9TH ANNUAL B2B SALES & MARKETING DATA REPORT)” Dun & Bradstreet, 2022. Assessed Jan. 2023.
    ““How to Win on Customer Experience.”, Deloitte Digital, 2020. Assessed Dec. 2022.
    “CX Trends 2022.”, Zendesk, 2022. Assessed Jan. 2023
    .”Global consumer trends to watch out for in 2023.” Qualtrics XM Institute, 8 Nov. 2022. Assessed Dec. 2022
    “How to Understand Single Versus Multiple Software Instances.” Brightwork Research & Analysis, 24 Mar. 2021. Assessed Dec. 2022
    “What is omnichannel?” Oracle. Assessed Dec. 2022
    “How AI Improves Master Data Management (MDM).” Informatica, 30 May. 2021. Assessed Dec. 2022

    Build a Security Compliance Program

    • Buy Link or Shortcode: {j2store}257|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,879 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Most organizations spend between 25 and 40 percent of their security budget on compliance-related activities.
    • Despite this growing investment in compliance, only 28% of organizations believe that government regulations help them improve cybersecurity.
    • The cost of complying with cybersecurity and data protection requirements has risen to the point where 58% of companies see compliance costs as barriers to entering new markets.
    • However, recent reports suggest that while the costs of complying are higher, the costs of non-compliance are almost three times greater.

    Our Advice

    Critical Insight

    • Test once, attest many. Having a control framework allows you to satisfy multiple compliance requirements by testing a single control.
    • Choose your own conformance adventure. Conformance levels allow your organization to make informed business decisions on how compliance resources will be allocated.
    • Put the horse before the cart. Take charge of your audit costs by preparing test scripts and evidence repositories in advance.

    Impact and Result

    • Reduce complexity within the control environment by using a single framework to align multiple compliance regimes.
    • Provide senior management with a structured framework for making business decisions on allocating costs and efforts related to cybersecurity and data protection compliance obligations.
    • Reduces costs and efforts related to managing IT audits through planning and preparation.
    • This blueprint can help you comply with NIST, ISO, CMMC, SOC2, PCI, CIS, and other cybersecurity and data protection requirements.

    Build a Security Compliance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should manage your security compliance obligations, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    Workshop: Build a Security Compliance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Program

    The Purpose

    Establish the security compliance management program.

    Key Benefits Achieved

    Reviewing and adopting an information security control framework.

    Understanding and establishing roles and responsibilities for security compliance management.

    Identifying and scoping operational environments for applicable compliance obligations.

    Activities

    1.1 Review the business context.

    1.2 Review the Info-Tech security control framework.

    1.3 Establish roles and responsibilities.

    1.4 Define operational environments.

    Outputs

    RACI matrix

    Environments list and definitions

    2 Identify Obligations

    The Purpose

    Identify security and data protection compliance obligations.

    Key Benefits Achieved

    Identifying the security compliance obligations that apply to your organization.

    Documenting obligations and obtaining direction from management on conformance levels.

    Mapping compliance obligation requirements into your control framework.

    Activities

    2.1 Identify relevant security and data protection compliance obligations.

    2.2 Develop conformance level recommendations.

    2.3 Map compliance obligations into control framework.

    2.4 Develop process for operationalizing identification activities.

    Outputs

    List of compliance obligations

    Completed Conformance Level Approval forms

    (Optional) Mapped compliance obligation

    (Optional) Identification process diagram

    3 Implement Compliance Strategy

    The Purpose

    Understand how to build a compliance strategy.

    Key Benefits Achieved

    Updating security policies and other control design documents to reflect required controls.

    Aligning your compliance obligations with your information security strategy.

    Activities

    3.1 Review state of information security policies.

    3.2 Recommend updates to policies to address control requirements.

    3.3 Review information security strategy.

    3.4 Identify alignment points between compliance obligations and information security strategy.

    3.5 Develop compliance exception process and forms.

    Outputs

    Recommendations and plan for updates to information security policies

    Compliance exception forms

    4 Track and Report

    The Purpose

    Track the status of your compliance program.

    Key Benefits Achieved

    Tracking the status of your compliance obligations.

    Managing exceptions to compliance requirements.

    Reporting on the compliance management program to senior stakeholders.

    Activities

    4.1 Define process and forms for self-attestation.

    4.2 Develop audit test scripts for selected controls.

    4.3 Review process and entity control types.

    4.4 Develop self-assessment process.

    4.5 Integrate compliance management with risk register.

    4.6 Develop metrics and reporting process.

    Outputs

    Self-attestation forms

    Completed test scripts for selected controls

    Self-assessment process

    Reporting process

    Recommended metrics

    Establish Effective Security Governance & Management

    • Buy Link or Shortcode: {j2store}380|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $63,532 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The security team is unsure of governance needs and how to manage them.
    • There is a lack of alignment between key stakeholder groups
    • There are misunderstandings related to the role of policy and process.

    Our Advice

    Critical Insight

    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad–hoc decision making that undermines governance.

    Impact and Result

    • The first phase of this project will help you establish or refine your security governance and management by determining the accountabilities, responsibilities, and key interactions of your stake holder groups.
    • In phase two, the project will guide you through the implementation of essential governance processes: setting up a steering committee, determining risk appetite, and developing a policy exception-handling process.

    Establish Effective Security Governance & Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish Effective Security Governance and Management Deck – A step-by-step guide to help you establish or refine the governance model for your security program.

    This storyboard will take you through the steps to develop a security governance and management model and implement essential governance processes.

    • Establish Effective Security Governance & Management – Phases 1-2

    2. Design Your Governance Model – A security governance and management model to track accountabilities, responsibilities, stakeholder interactions, and the implementation of key governance processes.

    This tool will help you determine governance and management accountabilities and responsibilities and use them to build a visual governance and management model.

    • Security Governance Model Templates (Visio)
    • Security Governance Model Templates (PDF)
    • Security Governance Model Tool

    3. Organizational Structure Template – A tool to address structural issues that may affect your new governance and management model.

    This template will help you to implement or revise your organizational structure.

    • Security Governance Organizational Structure Template

    4. Information Security Steering Committee Charter & RACI – Templates to formalize the role of your steering committee and the oversight it will provide.

    These templates will help you determine the role a steering committee will play in your governance and management model.

    • Information Security Steering Committee Charter
    • Information Security Steering Committee RACI Chart

    5. Security Policy Lifecycle Template – A template to help you model your policy lifecycle.

    Once this governing document is customized, ensure the appropriate security policies are developed as well.

    • Security Policy Lifecycle Template

    6. Security Policy Exception Approval Process Templates – Templates to establish an approval process for policy exceptions and bolster policy governance and risk management.

    These templates will serve as the foundation of your security policy exception approval processes.

    • Security Policy Exception Approval Workflow (Visio)
    • Security Policy Exception Approval Workflow (PDF)
    • Policy Exception Tracker
    • Information Security Policy Exception Request Form

    Infographic

    Further reading

    Establish Effective Security Governance & Management

    The key is in stakeholder interactions, not policy and process.

    Analyst Perspective

    It's about stakeholder interactions, not policy and process.

    Many security leaders complain about a lack of governance and management in their organizations. They have policies and processes but find neither have had the expected impact and that the organization is teetering on the edge of lawlessness, with stakeholder groups operating in ways that interfere with each other (usually due to poorly defined accountabilities).

    Among the most common examples is security's relationship to the business. When these groups don't align, they tend to see each other as adversaries and make decisions in line with their respective positions: security endorses one standard, the business adopts another.

    The consequences of this are vast. Such an organization is effectively opposed to itself. No wonder policy and process have not resolved the issue.

    At a practical level, good governance stems from understanding how different stakeholder groups interact, providing inputs and outputs to each other and modeling who is accountable for what. But this implied accountability model needs to be formalized (perhaps even modified) before governance can help all stakeholder groups operate as strategic partners with clearly defined roles, responsibilities, and decision-making power. Only when policies and processes reflect this will they serve as effective tools to support governance.

    Logan Rohde, Senior Research Analyst, Security & Privacy

    Logan Rohde
    Senior Research Analyst, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    Ineffective governance and management processes, if they are adopted at all, can lead to:
    • An organization unsure of governance needs and how to manage them.
    • A lack of alignment between key stakeholder groups.
    • Misunderstandings related to the role of policy and process.
    Most governance and management initiatives stumble because they do not address governance as a set of interactions and influences that stakeholders have with and over each other, seeing it instead as policy, process, and risk management. Challenges include:
    • Senior management disinterest
    • Stakeholders operating in silos
    • Separating governance from management
    You will be able to establish a robust governance model to support the current and future state of your organization by accounting for these three essential parts:
    1. Determine governance accountabilities.
    2. Define management responsibilities.
    3. Model stakeholders' interactions, inputs, and outputs as part of business and security operations.

    Info-Tech Insight
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Your challenge

    This research is designed to help organizations who need to:

    • Establish security governance from scratch.
    • Improve security governance despite a lack of cooperation from the business.
    • Determine the accountabilities and responsibilities of each stakeholder group.

    This blueprint will solve the above challenges by helping you model your organization's governance structure and implement processes to support the essential governance areas: policy, risk, and performance metrics.

    Percentage of organizations that have yet to fully advance to a maturity-based approach to security

    70%

    Source: McKinsey, 2021

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • The business does not wish to be governed and does not seek to align with security on the basis of risk.
    • Various stakeholder groups essentially govern themselves, causing business functions to interfere with each other.
    • Security teams struggle to differentiate between governance and management and the purpose of each.

    Early adopter infrastructure

    63%
    Security leaders not reporting to the board about risk or incident detection and prevention.
    Source: LogRhythm, 2021

    46%
    Those who report that senior leadership is confident cybersecurity leaders understand business goals.
    Source: LogRhythm, 2021

    Governance isn't just policy and process

    Governance is often mistaken for an organization's formalized policies and processes. While both are important governance supports, they do not provide governance in and of themselves.

    For governance to work well, an organization needs to understand how stakeholder groups interact with each other. What inputs and outputs do they provide? Who is accountable? Who is responsible? These are the questions one needs to ask before designing a governance structure. Failing to account for any of these three elements tends to result in overlap, inefficiency, and a lack of accountability, creating flawed governance.

    Separate governance from management

    Oversight versus operations

    • COBIT emphasizes the importance of separating governance from management. These are complementary functions, but they refer to different parts of organizational operation.
    • Governance provides a decision-making apparatus based on predetermined requirements to ensure smooth operations. It is used to provide oversight and direction and hinges on established accountabilities
    • Simply put, governance refers to what an organization is and is not willing to permit in day-to-day operations, and it tends to make its presence known via the key areas of risk appetite, formal policy and process, and exception handling.
      • Note: These key areas do not provide governance in and of themselves. Rather, governance emerges in accordance with the decisions an organization has made regarding these areas. Sometimes, however, these "decisions" have not been formally or consciously made and the current state of the organization's operations becomes the default - even when it is not working well.
    • Management, by contrast, is concerned with executing business processes in accordance with the governance model, essentially, governance provides guidance for how to make decisions during daily management.

    "Information security governance is the guiding hand that organizes and directs risk mitigation efforts into a business-aligned strategy for the entire organization."

    Steve Durbin,
    Chief Executive,
    Information Security Forum, Forbes, 2023

    Models for governance and management

    Info-Tech's Governance and Management research uses the logic of COBIT's governance and management framework but distills this guidance into a practical, easy-to-implement series of steps, moving beyond the rudimentary logic of COBIT to provide an actionable and personalized governance model.

    Governance Cycle

    Management Cycle

    Clear accountabilities and responsibilities

    Complementary frameworks to simplify governance and management

    The distinction that COBIT draws between governance and management is roughly equivalent to that of accountability and responsibility, as seen in the RACI* model.

    There can be several stakeholders responsible for something, but only one party can be accountable.

    Use this guidance to help determine the accountabilities and responsibilities of your governance and management model.

    *Responsible, Accountable, Consulted, Informed

    COBIT RACI chart

    Security governance framework

    A security governance framework is a system that will design structures, processes, accountability definitions, and membership assignments that lead the security department toward optimal results for the business.

    Governance is performed in three ways:

    1 Evaluate 2 Direct 3 Monitor
    For governance to be effective it must account for stakeholder interests and business needs. Determining what these are is the vital first step. Governance is used to determine how things should be done within an organization. It sets standards and provides oversight so decisions can be made during day-to-day management. Governance needs change and inefficiencies need to be revised. Therefore, monitoring key performance indicators is an essential step to course correct as organizational needs evolve.

    "Governance specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks. Management recommends security strategies. Governance ensures that security strategies are aligned with business objectives and consistent with regulations."
    - EDUCAUSE

    Establish Effective Security Governance & Management

    SMART metrics

    Suggested targets to measure success

    Specific

    Measurable

    Achievable

    Relevant

    Time-Bound

    Examples
    Security's risk analyses will be included as part of the business decision-making process within three months after completing the governance initiative.
    Increase rate of security risk analysis using risk appetite within three months of project completion.
    Have stakeholder engagement supply input into security risk-management decisions within three months of completing phase one of blueprint.
    Reduce time to approve policy exceptions by 25%.
    Reduce security risk related to policy non-compliance by 50% within one year.
    Develop five KPIs to measure progress of governance and management within three months of completing blueprint.

    Info-Tech's methodology for security governance and management

    1. Design Your Governance Model 2. Implement Essential Governance Processes
    Phase Steps
    1. Evaluate
    2. Direct
    3. Monitor
    1. Implement Oversight
    2. Set Risk Appetite
    3. Implement Policy Lifecycle
    Phase Outcomes
    • Defined governance accountabilities
    • Defined management responsibilities
    • Record of key stakeholder interactions
    • Visual governance model
    • Key performance indicators (KPIs)
    • Established steering committee
    • Qualitative risk-appetite statements
    • Policy lifecycle
    • Policy exceptions-handling process

    Governance starts with mapping stakeholder inputs, outputs, and throughputs

    The key is in stakeholder interactions, not policy and process
    Good governance stems from a deep understanding of how stakeholder groups interact with each other and their respective accountabilities and responsibilities. Without these things, organizational functions tend to interfere with each other, blurring the lines between governance and management and promoting ad hoc decision making that undermines governance.

    Policy, process, and org. charts support governance but do not produce it on their own
    To be effective, these things need to be developed with the accountabilities and influence of the organizational functions that produce them.

    A lack of business alignment does not mean you're doomed to fail
    While the highest levels of governance maturity depend on strong security-business alignment, there are still tactics one can use to improve governance.

    All organizations have governance
    Sometimes it is poorly defined, ineffective, and occurs in the same place as management, but it exists at some level, acting as the decision-making apparatus for an organization (i.e. what can and cannot occur).

    Risk tolerances are variable across lines of business
    This can lead to misalignments between security and the business, as each may have their own tolerance for particular risks. The remedy is to understand the risk appetite of the business and allow this to inform security risk management decisions.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Governance Model Tool

    Security Governance Organizational Structure Template

    Information Security Steering Committee Charter & RACI

    Policy Exceptions-Handling Workflow

    Policy Exception Tracker and Request Form

    Key deliverable:

    Security Governance Model

    By the end of this blueprint, you will have created a personalized governance model to map your stakeholders' accountabilities, responsibilities, and key interactions.

    Blueprint benefits

    IT Benefits Business Benefits
    • Correct any overlapping and mismanaged security processes by assigning accountabilities and responsibilities to each stakeholder group.
    • Improve efficiency and effectiveness of the security program by separating governance from management.
    • Determine necessary inputs and outputs from stakeholder interactions to ensure the governance model functions as intended.
    • Improved support of business goals through security-business alignment.
    • Better risk management by defining risk appetite with security.
    • Increased stakeholder satisfaction via a governance model designed to meet their needs.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2
    Call #1: Scope requirements, objectives, and your specific challenges. Call #2: Determine governance requirements.
    Call #3: Review governance model.
    Call #4: Determine KPIs.
    Call #5: Stand up steering committee.
    Call #6: Set risk appetite.
    Call #7: Establish policy lifecycle.
    Call #8: Revise exception-handing process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 3 months.

    Workshop Overview

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities Evaluate Direct Monitor Implement Essential Governance Processes Next Steps and Wrap-Up (offsite)
    1.1 Prioritize governance accountabilities
    1.2 Prioritize management responsibilities
    1.3 Evaluate organizational structure
    2.1 Align with business
    2.2 Build security governance and management model
    2.3 Visualize security governance and management model
    3.1 Develop governance and management KPIs 4.1 Draft steering committee charter
    4.2 Complete steering committee RACI
    4.3 Draft qualitative risk statements
    4.4 Define policy management lifecycle
    4.5 Establish policy exception approval process
    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps
    Deliverables
    1. Prioritized list of accountabilities and responsibilities
    2. Revised organizational structure
    1. Security governance and management model
    1. Security Metrics Determination and Tracking Tool
    2. KPI Development Worksheet
    1. Steering committee charter and RACI
    2. Risk-appetite statements
    3. Policy management lifecycle
    4. Policy exception approval process

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Customize your journey

    The security governance and management blueprint pairs well with security design and security strategy.

    • The governance and management model you create in this blueprint will inform efforts to improve security, like revisiting security program design and your security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop Day 1 and Day 2
    Security Governance and Management

    Workshop Day 3 and Day 4
    Security Strategy Gap Analysis or Security Program Design Factors

    Phase 1

    Design Your Governance Model

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy lifecycle

    Establish Security Governance & Management

    This phase will walk you through the following activities:

    • Prioritize governance accountabilities
    • Prioritize management responsibilities
    • Evaluate current organizational structure
    • Align with the business
    • Build security governance and management model
    • Finalize governance and management model
    • Develop governance and management KPIs

    This phase involves the following participants:

    • CISO
    • CIO
    • Business representative

    Step 1.1

    Evaluate

    Activities
    1.1.1 Prioritize governance accountabilities
    1.1.2 Prioritize management responsibilities
    1.1.3 Evaluate current organizational structure

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    • Defined governance accountabilities
    • Defined management responsibilities

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Evaluate: Getting started

    Element Questions
    Compliance What voluntary or mandatory standards must be represented in my governance model?
    Legal What laws are the organization accountable to? Who is the accountable party?
    Business needs What does the business need to operate? What sort of informational or operational flows need to be accounted for?
    Culture How does the business operate? Are departments siloed or cooperative? Where does security fit in?
    Decision-making process How are decisions made? Who is involved? What information needs to be available to do so?
    Willingness to be governed Is the organization adverse to formal governance mechanisms? Are there any opportunities to improve alignment with the business?
    Relevant trends Are there recent developments (e.g. new privacy laws) that are likely to affect the organization in the future? Will this complicate or simplify governance modeling efforts?
    Stakeholder interests Who are the internal and external stakeholders that need to be represented in the governance model?

    The above is a summary of COBIT 2019 EDM01.01 Evaluate the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.1.1 Prioritize governance accountabilities

    1-2 hours

    Using the example on the next slide, complete the following steps.

    1. Download Info-Tech's Security Governance Model Tool using the link below and customize the stakeholder groups on tab 1 to reflect the makeup of your organization.
    2. Using the previous slide as a guide, evaluate your organization's internal and external pressures and discuss their possible impacts your governance and management model.
    3. Complete tab 2, Governance Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    4. Review the list and make any desired modifications to the prompts on tab 2 and then move on to Activity 1.1.2. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download the Security Governance Model Tool

    Input Output
    • List of governance pressures
  • Prioritized list of governance accountabilities
  • Materials Participants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Security Operations
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tabs 2 and 3

    Security Governance and Management Model Tool

    1.1.2 Prioritize management responsibilities

    1 hours

    Using the examples on the previous slide, complete the following steps.

    1. Complete tab 3, Management Prioritization, indicating your response to each prompt using the drop-down menus. The tool will score your responses and provide you with a prioritized list of governance accountabilities based on greatest need on tab 4, Governance Model Builder.
    2. Review the list and make any desired modifications to the prompts on tab 3 and then move on to Activity 1.1.3. (We will return to tab 4 in Step 2.1.) Remember to evaluate the results against the internal/external pressure analysis to ensure these details are reflected.

    Download Security Governance Model Tool

    InputOutput
    • Pressure analysis
    • Prioritized list of management responsibilities
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 4

    Security Governance and Management Model Tool Tab 4

    1.1.3 Evaluate current organizational structure

    1-3 hours

    1. Download and modify Info-Tech's Security Governance Organizational Structure Template to reflect the reporting structure at your organization. If such a document already exists, simply review it and move on to the next step below.
    2. Determine if the current organizational structure will negatively affect your ability to pursue the items in your prioritized lists from governance accountabilities and management responsibilities (e.g. conflicts of interest related to oversight or reporting), and discuss the feasibility of changing the current governance structure.
    3. Record these recommended changes and any other key points you'd like the business or other stakeholders to be aware of. We'll use this information in the business alignment exercise in Step 2.1

    Download the Security Governance Organizational Structure Template

    Input Output
    • Prioritized lists of governance accountabilities and management responsibilities
    • Updated organizational structure
    Materials Participants
    • Security Governance Organizational Structure Template
    • CISO

    Info-Tech resources

    Locate structural problems in advance

    • If you do not already have a diagram of your organization's reporting structure, use this template to create one. Examples are provided for high, medium, and low maturity.
    • The existing reporting structure will likely affect the governance model you create, as it may not be feasible to assign certain governance accountabilities and management responsibilities to certain stakeholders.
      • For example, it may make sense for the head of security to approve the security budget, but if they report to a CIO with greater authority that accountability will likely have to sit with the CIO instead.

    Download the Security Governance Organizational Structure Template

    Security Governance Organizational Structure

    Step 1.2

    Direct

    Activities
    1.2.1 Align with the business
    1.2.2 Build security governance and management model
    1.2.3 Finalize governance and management model

    This step involves the following participants:

    CISO

    CIO

    Business representative

    Outcomes of this step

    • Record of key stakeholder interactions
    • Visual governance model

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Direct: Getting started

    Element Questions
    Business alignment Do we have a full understanding of the business's approach to risk and security's role to support business objectives?
    Organizational security process How well do our current processes work? Are we missing any key processes?
    Steering committee Will we use a dedicated steering committee to oversee security governance, or will another stakeholder assume this role?
    Security awareness Does the organization have a strong security culture? Does an effort need to be made to educate stakeholder groups on the role of security in the organization?
    Roles and responsibilities Does the organization use RACI charts or another system to define roles and document duties?
    Communication flows Do we have a good understanding of how information flows between stakeholder groups? Are there any gaps that need to be addressed (e.g. regular board reporting)?

    The above is a summary of COBIT 2019 EDM01.02 Direct the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    Embed security governance within enterprise governance

    Design structures, processes, authority definitions, and steering committee assignments to drive optimal business results.

    Embed security governance within enterprise governance

    1.2.1 Align with the business

    1-3 hours

    1. Request a meeting with the business to present your findings from the previous activities in Step 1.1. As you prepare for the meeting, remember to following points:
    • The goal here is to align, not to command. You want the business to see the security team as a strategic ally that supports the pursuit of business goals.
    • Make recommendations and explain any security risks associated with the direction the business wants to take, but the goal is not to strongarm the business into adopting your perspective.
    • Above all, listen to the business to learn more about how they relate to governance and what their priorities are. This will help you adapt your governance model to better support business needs.

    Info-Tech Insight
    A lack of business participation does not mean your governance initiative is doomed. From this lack, we can still infer their attitudes toward security governance, and we can account for this in our governance model. This may limit the maturity your program can reach, but it doesn't prevent improvements from being made to your current security governance.

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Current organizational structure
    • List of recommendations or proposed changes
    • Security governance and management target state definition
    MaterialsParticipants
    • Means to capture key points of the conversation (e.g. notebook, recorded meeting)
    • CISO
    • CIO
    • Business representative

    1.2.2 Build security governance and management model

    1-2 hours

    Using the example on the next slide, complete the following steps:

    1. On tab 4, review the prioritized lists for governance accountabilities and management responsibilities and begin assigning them to the appropriate stakeholder groups.
    • Remember: Responsibilities can be assigned to up to four stakeholders, but there can be only one party listed as accountable.
  • Use the drop-down menus to record any interactions that occur between the groups (e.g. repots to, appoints, approves, oversees).
    • Documenting these interactions will help you ensure your governance program accounts for inputs and outputs that are required by, or that otherwise affect, your various stakeholder groups.

    Note: You may wish to review Info-Tech's governance model templates before completing this activity to get an idea of what you'll be working toward in this step. See slides 37-38.

    Download Security Governance Model Tool

    InputOutput
    • Prioritized lists of governance accountabilities and management responsibilities
    • Target state from business alignment exercise
    • Summary of governance model
    MaterialsParticipants
    • Security Governance Model Tool
    • CISO
    • CIO
    • Business representative (optional)

    Security Governance and Management Model Tool

    Tab 5

    Security Governance and Management Model Tool Tab 5

    Security Governance and Management Model Tool continued

    Tab 6

    Security Governance and Management Model Tool Tab 6

    1.2.3 Visualize your security governance and management model

    1-2 hours

    1. Download the Security Governance Model Templates using the link below and determine which of the three example models most closely resembles your own.
    2. Once you have chosen an example to work from, begin customizing it to reflect the governance model completed in Activity 1.2.2. See next slide for example.

    Note: You do not have to use these templates. If you prefer, you can use them as inspiration and design your own model.

    Download Security Governance Model Templates

    InputOutput
    • Results of Activity 2.1.2
    • Security governance and management model diagram
    MaterialsParticipants
    • Security Governance Model Templates
    • CISO

    Customize the template

    Customize the template

    Step 1.3

    Monitor

    Activities
    1.3.1 Develop governance and management KPIs

    This step involves the following participants:

    • CISO
    • CIO
    • Security team
    • Business representative

    Outcomes of this step

    Key performance indicators

    Design Your Governance Model

    Step 1.1 > Step 1.2 > Step 1.3

    Monitor: Getting started

    Element Questions
    Metrics Does the organization have a well-developed metrics program or will this need to be taken up as a separate effort? Have we considered what outcomes we are hoping to see as a result of implementing a new governance and management model?
    Existing and emerging threats What has changed or is likely to change in the future that may destabilize our governance program? What do we need to do to mitigate any security risks to our organizational governance and management?

    The above is a summary of COBIT 2019 EDM01.03 Monitor the governance system, along with Info-Tech-recommended questions to contextualize each element for your organization.

    1.3.1 Develop governance and management KPIs

    1-2 hours

    This activity is meant to provide a starting point for key governance metrics. To develop a comprehensive metrics program, see Info-Tech's Build a Security Metrics Program to Drive Maturity blueprint.

    1. Create a list of four to six outcomes you'd like to see as the result of your new governance model. Be as specific as you can; the better defied the outcome, the easier it will be to determine suitable KPI.
    2. For each desired outcome, determine what would best indicate that progress is being made toward that state.
    • Desired outcome: security team is consulted before critical business decisions are made.
    • Success criteria: the business evaluates Security's recommendations before starting new projects
    • Possible KPI: % of critical business decisions made with security consultation
    • See next slide for additional examples

    Note: Try to phrase each KPI using percents, which helps to add context to the metric and will make it easier to explain when reporting metrics in the future.

    Input Output
    • List of desired outcomes after new governance model implemented
    • Set of key performance indicators
    Materials Participants
    • Whiteboard
    • CISO
    • CIO
    • Security team
    • Business representative (optional)

    Example KPIs

    Desired Outcome Success Criteria Possible KPI
    Security team is consulted before critical business decisions are made The business evaluates Security's recommendations before starting new projects % of critical business decisions with Security consultation
    Greater alignment over risk appetite The business does not take on initiatives with excessive security risks % of incidents stemming from not following Security's risk management recommendations
    Reduced number of policy exceptions Policy exceptions are only granted when a clear need is present and a formal process is followed % of incidents stemming from policy exceptions
    Improved policy adherence Policies are understood and followed throughout the organization % of incidents stemming from policy violations

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    1. Improved business alignment
    2. Developing formal process to manage security risks
    3. Separating governance from management
    Metric Current Goal
    % of critical business decisions with Security consultation 20% 100%
    % of incidents stemming from not following Security's risk management recommendations 65% 0%
    % of incidents stemming from policy exceptions 35% 5%
    % of incidents stemming from policy violations 40% 5%
    % of ad hoc decisions made (i.e. not accounted for by governance model 85% 5%
    % of accepted security risks evaluated against risk appetite 50% 100%
    % of deferred steering committee decisions (i.e. decisions not made ASAP after issue arises) 50% 5%
    % of policies approved within target window (e.g. 1 month) 20% 100%

    Phase 2

    Implement Essential Governance Processes

    Phase 1
    1.1 Evaluate
    1.2 Direct
    1.3 Monitor

    Phase 2
    2.1 Implement Oversight
    2.2 Set Risk Appetite
    2.3 Implement Policy Lifecycle

    This phase will walk you through the following activities:

    • Draft Steering Committee Charter
    • Complete Steering Committee RACI
    • Draft qualitative risk statements
    • Model policy lifecycle
    • Establish exceptions-handling process

    This phase involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Establish Security Governance & Management

    Step 2.1

    Implement Oversight

    Activities
    2.1.1 Draft steering committee charter
    2.1.2 Complete steering committee RACI

    This step involves the following participants:

    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Outcomes of this step

    Steering Committee Charter and RACI

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.1.1 Draft steering committee charter

    1-3 hours

    This activity is meant to provide a starting point for your steering committee. If a more comprehensive approach is desired, see Info-Tech's Improve Security Governance With a Security Steering Committee blueprint.

    1. Download the template using the link below and review the various sections of the document
    2. Review slides 50-51 to help determine the scope of your steering committee's role. Discuss with other stakeholder groups, as necessary, to determine the steering committee's duties, how often the group will meet, and what the regular meeting agenda will be.
    3. Customize the template to suit your organization's needs.

    Download Information Security Steering Committee Charter

    Input Output
    • N/A
    • Steering Committee
    Materials Participants
    • Information Security Steering Committee Charter Template
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Steering committee membership

    Representation is key, but don't try to please everyone

    • For your steering committee to be effective, it should include representatives from across the organization. However, it is important not to overextend committee membership, which can interfere with decision making.
    • Participants should be selected based on the identified responsibilities of the security steering committee, and the number of people should be appropriate to the size and complexity of the organization.

    Example steering committee

    CISO
    CRO
    Internal Audit
    CIO
    Business Leaders
    HR
    Legal

    Download Information Security Steering Committee Charter

    Typical steering committee duties

    Strategic Oversight Policy Governance
    • Provide oversight and ensure alignment between information security governance and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review control audit reports and resulting remediation plans to ensure business alignment
    • Review the company's cyber insurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.
    • Review policy-exception requests to determine if potential security risks can be accepted or if a workaround exists.
    • Assess the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical steering committee duties

    Risk Governance Monitoring and Reporting
    • Review and approve the company's information risk governance structure.
    • Assess the company's high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise's information security risk tolerance.
    • Review the company's cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization's information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise's objectives.
    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber risks posed to the company and to review periodic reports on selected security risk topics as the committee deems appropriate.
    • Monitor and evaluate the quality and effectiveness of the company's technology security, capabilities for disaster recovery, data protection, cyber threat detection, and cyber incident response, and management of technology-related compliance risks.

    2.1.2 Complete steering committee RACI

    1-3 hours

    1. Download the RACI template and review the membership roles. Customize the template to match the makeup of your steering committee.
    2. Read through each task in the left-hand column and determine who will be involved:
    • R - responsible: the person doing the action (can be multiple)
    • A - accountable: the owner of the task, usually a department head who delegates the execution of the task (only assigned to one stakeholder)
    • C - consulted: stakeholders that offer some kind of guidance, advice, or recommendation (can be multiple)
    • I - Informed: stakeholders that receive status updates about the task (can be multiple)

    Note: All tasks must have accountability and responsibility assigned (sometimes a single stakeholder is accountable and responsible). However, not all tasks will have someone consulted or informed.

    Download Information Security Steering Committee RACI Chart

    InputOutput
    • N/A
    • Defined roles and responsibilities
    MaterialsParticipants
    • RACI Chart
    • CISO
    • CRO
    • CIO
    • HR
    • Internal Audit
    • Business representative
    • Legal

    Step 2.2

    Set Risk Appetite

    Activities
    2.2.1 Draft qualitative risk statements

    This step involves the following participants:

    • CISO
    • CIO
    • Business representative

    Outcomes of this step

    Qualitative risk appetite

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    Know your appetite for risk

    What is an organizational risk appetite?

    Setting risk appetite is a key governance function, as it structures how your organization will deal with the risks it will inevitably face - when they can be accepted, when they need to be mitigated, and when they must be rejected entirely.

    It is important to note that risk appetite and risk tolerance are not the same. Risk appetite refers to the amount of risk the organization is willing to accept as part of doing business, whereas risk tolerance has more to do with individual risks affecting one or more lines of business that exceed that appetite. Such risks are often tolerated as individual cases that can be mitigated to an acceptable level of risk even though it exceeds the risk-appetite threshold.

    Chart Risk Appetite

    2.1.2 Draft qualitative risk-appetite statements

    1-3 hours

    This activity is meant to provide a starting point for risk governance. To develop a comprehensive risk-management program, see Info-Tech's Combine Security Risk Management Components Into One Program blueprint.

    1. Draft statements that express your attitudes toward the kinds of risks your organization faces. The point is to set boundaries to better understand when risk mitigation may be necessary.
    2. Examples:
    • We will not accept risks that may cause us to violate SLAs.
    • We will avoid risks that may prevent the organization from operating normally.
    • We will not accept risks that may result in exposure of confidential information.
    • We will not accept risks that may cause significant brand damage.
    • We will not accept risks that pose undue risk to human life or safety.
    InputOutput
    • Definitions for high, medium, low impact and frequency
    • Set of qualitative risk-appetite statements
    MaterialsParticipants
    • Whiteboard
    • CISO
    • CIO
    • Business representative

    Step 2.3

    Implement Policy Lifecycle

    Activities
    2.3.1 Model your policy lifecycle
    2.3.2 Establish exception-approval process

    This step involves the following participants:

    • CISO
    • CIO

    Outcomes of this step

    Policy lifecycle

    Exceptions-handling process

    Implement Essential Governance Processes

    Step 2.1 > Step 2.2 > Step 2.3

    2.3.1 Model your policy lifecycle

    1-3 hours

    This activity is meant to provide a starting point for policy governance. To develop a comprehensive policy-management program, see Info-Tech's Develop and Deploy Security Policies blueprint.

    1. Review the sections within the Security Policy Lifecycle Template and delete any sections or subsections that do not apply to your organization.
    2. As necessary, modify the lifecycle and receive approved sign-off by your organization's leadership.
    3. Solicit feedback from stakeholders, specifically, IT department management and business stakeholders.

    Download the Security Policy Lifecycle Template

    InputOutput
    • N/A
    • Policy lifecycle
    MaterialsParticipants
    • Security Policy Lifecycle Template
    • CISO
    • CIO

    Develop the security policy lifecycle

    The security policy lifecycle is an integral component of the security policy program and adds value by:

    • Setting out a roadmap to define needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Defining roles and responsibilities for the security policy suite.
    • Aligning the business goals, security program goals, and policy objectives.

    Security Policy Lifecycle

    Diagram inspired by: ComplianceBridge, 2021

    2.3.2 Establish exception-approval process

    1-3 hours

    1. Download the Security Policy Exception Approval Template and customize it to match your exception-handling process. Be sure to account for the recommendations on the next slide.
    2. Use the Policy Exception Tracker to record and monitor granted exceptions.

    Download the Security Policy Exception Approval Workflow

    Download the Security Policy Exception Tracker

    Input Output
    • Answers to questions provided
    • Exception-handling process
    Materials Participants
    • Security Policy Exception Approval Workflow
    • Security Policy Exception Tracker
    • CISO
    • CIO

    Determine criteria to grant policy exception

    A key part of security risk and policy governance

    • Not all policies can be complied with all the time. As technology and business needs change, sometimes exceptions must be granted for operations to continue smoothly.
    • Exceptions can be either short or long term.
      • Short-term exceptions are often granted until a particular security gap can be closed, such as allowing staff to temporarily use new laptops that have yet to receive a required VPN for remote access.
      • Long-term exceptions usually occur when closing the gap entirely is not feasible. For example, a legacy system may be unable to meet evolving security standards, but there is no room in the budget to replace it.
    • Having a formal approval process for exceptions and a record of granted exceptions will help you to stay on top of security risk governance.

    Before granting an exception:

    1. Assess security risks associated with doing so: are they acceptable?
    2. Look for another way to resolve the issue: is a suitable workaround possible?
    3. Evaluate mitigating controls: is it possible to provide an equivalent level of security via other means?
    4. Assign risk ownership: who will be accountable if an incident arises from the exception?
    5. Determine appeals process: when disagreements arise, how will the final decision be made?

    Sources: University of Virginia; CIS

    Summary of Accomplishment

    Problem Solved

    You have now established a formal governance model for your organization - congratulations! Building this model and determining stakeholders' accountabilities and responsibilities is a big step.

    Remember to continue to use the evaluate-direct-monitor framework to make sure your governance model evolves as organizational governance matures and priorities shift.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Build Governance Model
    Build a customized security governance model for your organization.

    Develop policy lifecycle
    Develop a policy lifecycle and exceptions-handling process.

    Related Info-Tech Research

    Build an Information Security Strategy

    Design a Business-Focused Security Program

    Combine Security Risk Management Components Into One Program

    Research contributors and experts

    Michelle Tran, Consulting Industry

    Michelle Tran
    Consulting Industry

    One anonymous contributor

    Bibliography

    Durbin, Steve. "Achieving The Five Levels Of Information Security Governance." Forbes, 4 Apr. 2023. Accessed 4 Apr. 2023.

    Eiden, Kevin, et al. "Organizational Cyber Maturity: A Survey of Industries." McKinsey & Company, 4 Aug. 2021. Accessed 25 Apr. 2023.

    "Information Security Exception Policy." Center for Internet Security, 2020. Accessed 14 Apr. 2023.

    "Information Security Governance." EDUCAUSE, n.d. Accessed 27 Apr. 2023.

    ISACA. COBIT 2019 Framework: Governance and Management Objectives. GF Books, 2018.

    Policies & Procedures Team. "Your Policy for Policies: Creating a Policy Management Framework." ComplianceBridge, 30 Apr. 2021. Accessed 27 Apr. 2023.

    "Security and the C-Suite: Making Security Priorities Business Priorities." LogRhythm, Feb. 2021. Accessed 25 Apr 2023.

    University of Virginia. "Policy, Standards, and Procedures Exceptions Process." Information Security at UVA, 1 Jun. 2022. Accessed 14 Apr. 2023

    Optimize Lead Generation With Lead Scoring

    • Buy Link or Shortcode: {j2store}557|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Prospective buyer traffic into digital marketing platforms has exploded.
    • Many freemium/low-cost digital marketing platforms lack lead scoring and nurturing functionality.
    • As a result, the volume of unqualified leads being delivered to outbound sellers has increased dramatically.
    • This has reduced sales productivity, frustrated prospective buyers, and raised the costs of lead generation.

    Our Advice

    Critical Insight

    • Lead scoring is a must-have capability for high-tech marketers.
    • Without lead scoring, marketers will see increased costs of lead generation and decreased SQL-to-opportunity conversion rates.
    • Lead scoring increases sales productivity and shortens sales cycles.

    Impact and Result

    • Align Marketing, Sales, and Inside Sales on your ideal customer profile.
    • Re-evaluate the assets and activities that compose your current lead generation engine.
    • Develop a documented methodology to ignore, nurture, or contact right away the leads in your marketing pipeline.
    • Deliver more qualified leads to sellers, raising sales productivity and marketing/lead-gen ROI.

    Optimize Lead Generation With Lead Scoring Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize lead generation with lead scoring, review SoftwareReviews Advisory’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive aligned vision for lead scoring

    Outline your plan, form your team, and plan marketing tech stack support.

    • Optimize Lead Generation With Lead Scoring – Phase 1: Drive an Aligned Vision for Lead Scoring

    2. Build and test your lead scoring model

    Set lead flow thresholds, define your ideal customer profile and lead generation engine components, and weight, score, test, and refine them.

    • Optimize Lead Generation With Lead Scoring – Phase 2: Build and Test Your Lead Scoring Model
    • Lead Scoring Workbook

    3. Apply your model to marketing apps and go live with better qualified leads

    Apply your lead scoring model to your lead management app, test it, validate the results with sellers, apply advanced methods, and refine.

    • Optimize Lead Generation With Lead Scoring – Phase 3: Apply Your Model to Marketing Apps and Go Live With Better Qualified Leads
    [infographic]

    Workshop: Optimize Lead Generation With Lead Scoring

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Drive Aligned Vision for Lead Scoring

    The Purpose

    Drive an aligned vision for lead scoring.

    Key Benefits Achieved

    Attain an aligned vision for lead scoring.

    Identify the steering committee and project team and clarify their roles and responsibilities.

    Provide your team with an understanding of how leads score through the marketing funnel.

    Activities

    1.1 Outline a vision for lead scoring.

    1.2 Identify steering committee and project team members.

    1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.

    1.4 Align on marketing pipeline terminology.

    Outputs

    Steering committee and project team make-up

    Direction on tech stack to support lead generation

    Marketing pipeline definitions alignment

    2 Buyer Journey and Lead Generation Engine Mapping

    The Purpose

    Define the buyer journey and map the lead generation engine.

    Key Benefits Achieved

    Align the vision for your target buyer and their buying journey.

    Identify the assets and activities that need to compose your lead generation engine.

    Activities

    2.1 Establish a buyer persona.

    2.2 Map your buyer journey.

    2.3 Document the activities and assets of your lead generation engine.

    Outputs

    Buyer persona

    Buyer journey map

    Lead gen engine assets and activities documented

    3 Build and Test Your Lead Scoring Model

    The Purpose

    Build and test your lead scoring model.

    Key Benefits Achieved

    Gain team alignment on how leads score and, most importantly, what constitutes a sales-accepted lead.

    Develop a scoring model from which future iterations can be tested.

    Activities

    3.1 Understand the Lead Scoring Grid and set your thresholds.

    3.2 Identify your ideal customer profile, attributes, and subattribute weightings – run tests.

    Outputs

    Lead scoring thresholds

    Ideal customer profile, weightings, and tested scores

    Test profile scoring

    4 Align on Engagement Attributes

    The Purpose

    Align on engagement attributes.

    Key Benefits Achieved

    Develop a scoring model from which future iterations can be tested.

    Activities

    4.1 Weight the attributes of your lead generation engagement model and run tests.

    4.2 Apply weightings to activities and assets.

    4.3 Test engagement and profile scenarios together and make any adjustments to weightings or thresholds.

    Outputs

    Engagement attributes and weightings tested and complete

    Final lead scoring model

    5 Apply Model to Your Tech Platform

    The Purpose

    Apply the model to your tech platform.

    Key Benefits Achieved

    Deliver better qualified leads to Sales.

    Activities

    5.1 Apply model to your marketing management/campaign management software and test the quality of sales-accepted leads in the hands of sellers.

    5.2 Measure overall lead flow and conversion rates through your marketing pipeline.

    5.3 Apply lead nurturing and other advanced methods.

    Outputs

    Model applied to software

    Better qualified leads in the hands of sellers

    Further reading

    Optimize Lead Generation With Lead Scoring

    In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.

    EXECUTIVE BRIEF

    Analyst Perspective

    Improve B2B seller win rates with a lead scoring methodology as part of your modern lead generation engine.

    The image contains a picture of Jeff Golterman.

    As B2B organizations emerge from the lowered demands brought on by COVID-19, they are eager to convert marketing contacts to sales-qualified leads with even the slightest signal of intent, but many sales cycles are wasted when sellers receive unqualified leads. Delivering highly qualified leads to sellers is still more art than science, and it is especially challenging without a way to score a contact profile and engagement. While most marketers capture some profile data from contacts, many will pass a contact over to Sales without any engagement data or schedule a demo with a contact without any qualifying profile data. Passing unqualified leads to Sales suboptimizes Sales’ resources, raises the costs per lead, and often results in lost opportunities. Marketers need to develop a lead scoring methodology that delivers better qualified leads to Field Sales scored against both the ideal customer profile (ICP) and engagement that signals lower-funnel buyer interest. To be successful in building a compelling lead scoring solution, marketers must work closely with key stakeholders to align the ICP asset/activity with the buyer journey. Additionally, working early in the design process with IT/Marketing Operations to implement lead management and analytical tools in support will drive results to maximize lead conversion rates and sales wins.

    Jeff Golterman

    Managing Director

    SoftwareReviews Advisory

    Executive Summary

    Your Challenge

    The affordability and ease of implementation of digital marketing tools have driven global adoption to record levels. While many marketers are fine-tuning the lead generation engine components of email, social media, and web-based advertising to increase lead volumes, just 32% of companies pass well-qualified leads over to outbound marketers or sales development reps (SDRs). At best, lead gen costs stay high, and marketing-influenced win rates remain suboptimized. At worst, marketing reputation suffers when poorly qualified leads are passed along to sellers.

    Common Obstacles

    Most marketers lack a methodology for lead scoring, and some lack alignment among Marketing, Product, and Sales on what defines a qualified lead. In their rush to drive lead generation, marketers often fail to “define and align” on the ICP with stakeholders, creating confusion and wasted time and resources. In the rush to adopt B2B marketing and sales automation tools, many marketers have also skipped the important steps to 1) define the buyer journey and map content types to support, and 2) invest in a consistent content creation and sourcing strategy. The wrong content can leave prospects unmotivated to engage further and cause them to seek alternatives.

    Info-Tech’s Approach

    To employ lead scoring effectively, marketers need to align Sales, Marketing, and Product teams on the definition of the ICP and what constitutes a Sales-accepted lead. The buyer journey needs to be mapped in order to identify the engagement that will move a lead through the marketing lead generation engine. Then the project team can score prospect engagement and the prospect profile attributes against the ICP to arrive at a lead score. The marketing tech stack needs to be validated to support lead scoring, and finally Sales needs to sign off on results.

    SoftwareReviews Advisory Insight:

    Lead scoring is a must-have capability for high-tech marketers. Without lead scoring, marketers will see increased costs of lead gen, decreased SQL to opportunity conversion rates, decreased sales productivity, and longer sales cycles.

    Who benefits from a lead scoring project?

    This Research Is Designed for:

    • Marketers and especially campaign managers who are:
      • Looking for a more precise way to score leads and deploy outbound marketing resources to optimize contacts-to-MQL conversion rates.
      • Looking for a more effective way to profile contacts raised by your lead gen engine.
      • Looking to use their lead management software to optimize lead scoring.
      • Starting anew to strengthen their lead generation engine and want examples of a typical engine, ways to identify buyer journey, and perform lead nurturing.

    This Research Will Help You:

    • Explain why having a lead scoring methodology is important.
    • Identify a methodology that will call for identifying an ICP against which to score prospect profiles behind each contact that engages your lead generation engine.
    • Create a process of applying weightings to score activities during contact engagement with your lead generation engine. Apply both scores to arrive at a contact/lead score.
    • Compare your current lead gen engine to a best-in-class example in order to identify gaps and areas for improvement and exploration.

    This Research Will Also Assist:

    • CMOs, Marketing Operations leaders, heads of Product Marketing, and regional Marketing leads who are stakeholders in:
      • Finding alternatives to current lead scoring approaches.
        • Altering current or evaluating new marketing technologies to support a refreshed lead scoring approaches.

    This Research Will Help Them:

    • Align stakeholders on an overall program of identifying target customers, building common understanding of what constitutes a qualified lead, and determining when to use higher-cost outbound marketing resources.
    • Deploy high-value applications that will improve core marketing metrics.

    Insight summary

    Continuous adjustment and improvement of your lead scoring methodology is critical for long-term lead generation engine success.

    • Building a highly functioning lead generation engine is an ongoing process and one that requires continual testing of new asset types, asset design, and copy variations. Buyer profiles change over time as you launch new products and target new markets.
    • Pass better qualified leads to Field Sales and improve sales win rates by taking these crucial steps to implement a better lead generation engine and a lead scoring methodology:
      • Make the case for lead scoring in your organization.
      • Establish trigger points that separate leads to ignore, nurture, qualify, or outreach/contact.
      • Identify your buyer journey and ICP through collaboration among Sales, Marketing, and Product.
      • Assess each asset and activity type across your lead generation engine and apply a weighting for each.
      • Test lead scenarios within our supplied toolkit and with stakeholders. Adjust weightings and triggers that deliver lead scores that make sense.
      • Work with IT/Marketing Operations to emulate your lead scoring methodology within your marketing automation/campaign management application.
      • Explore advanced methods including nurturing.
    • Use the Lead Scoring Workbook collaboratively with other stakeholders to design your own methodology, test lead scenarios, and build alignment across the team.

    Leading marketers who successfully implement a lead scoring methodology develop it collaboratively with stakeholders across Marketing, Sales, and Product Management. Leaders will engage Marketing Operations, Sales Operations, and IT early to gain support for the evaluation and implementation of a supporting campaign management application and for analytics to track lead progress throughout the Marketing and Sales funnels. Leverage the Marketing Lead Scoring Toolkit to build out your version of the model and to test various scenarios. Use the slides contained within this storyboard and the accompanying toolkit as a means to align key stakeholders on the ICP and to weight assets and activities across your marketing lead generation engine.

    What is lead scoring?

    Lead scoring weighs the value of a prospect’s profile against the ICP and renders a profile score. The process then weighs the value of the prospects activities against the ideal call to action (CTA) and renders an activity score. Combining the profile and activity scores delivers an overall score for the value of the lead to drive the next step along the overall buyer journey.

    EXAMPLE: SALES MANAGEMENT SOFTWARE

    • For a company that markets sales management software the ideal buyer is the head of Sales Operations. While the ICP is made up of many attributes, we’ll just score one – the buyer’s role.
    • If the prospect/lead that we wish to score has an executive title, the lead’s profile scores “High.” Other roles will score lower based on your ICP. Alongside role, you will also score other profile attributes (e.g. company size, location).
    • With engagement, if the prospect/lead clicked on our ideal CTA, which is “request a proposal,” our engagement would score high. Other CTAs would score lower.
    The image contains a screenshot of two examples of lead scoring. One example demonstrates. Profile Scoring with Lead Profile, and the second image demonstrates Activity Scoring and Lead Engagement.

    SoftwareReviews Advisory Insight:

    A significant obstacle to quality lead production is disagreement on or lack of a documented definition of the ideal customer profile. Marketers successful in lead scoring will align key stakeholders on a documented definition of the ICP as a first step in improving lead scoring.

    Use of lead scoring is in the minority among marketers

    The majority of businesses are not practicing lead scoring!

    Up to 66% of businesses don’t practice any type of lead scoring.

    Source: LeadSquared, 2014

    “ With lead scoring, you don’t waste loads of time on unworthy prospects, and you don’t ignore people on the edge of buying.”

    Source: BigCommerce

    “The benefits of lead scoring number in the dozens. Having a deeper understanding of which leads meet the qualifications of your highest converters and then systematically communicating with them accordingly increases both ongoing engagement and saves your internal team time chasing down inopportune leads.”

    – Joey Strawn, Integrated Marketing Director, in IndustrialMarketer.com

    Key benefit: sales resource optimization

    Many marketing organizations send Sales too many unqualified leads

    • Leads – or, more accurately, contacts – are not all qualified. Some are actually nothing more than time-wasters for sellers.
    • Leading marketers peel apart a contact into at least two dimensions – “who” and “how interested.”
      • The “who” is compared to the ICP and given a score.
      • The “how interested” measures contact activity – or engagement – within our lead gen engine and gives it a score.
    • Scores are combined; a contact with a low score is ignored, medium is nurtured, and high is sent to sellers.
    • A robust ICP, together with engagement scoring and when housed within your lead management software, prioritizes for marketers which contacts to nurture and gets hot leads to sellers more quickly.

    Optimizing Sales Resources Using Lead Scoring

    The image contains a screenshot of a graph to demonstrate optimizing sales resources with lead scoring.

    Lead scoring drives greater sales effectiveness

    When contacts are scored as “qualified leads” and sent to sellers, sales win rates and ROI climb

    • Contacts can be scored properly once marketers align with Sales on the ICP and work closely with colleagues in areas like product marketing and field marketing to assign weightings to lead gen activities.
    • When more qualified leads get into the hands of the salesforce, their win rates improve.
    • As win rates improve, and sellers are producing more wins from the same volume of leads, sales productivity improves and ROI on the marketing investment increases.

    “On average, organizations that currently use lead scoring experience a 77% lift in lead generation ROI, over organizations that do not currently use lead scoring.”

    – MarketingSherpa, 2012

    Average Lead Generation ROI by Use of Lead Scoring

    The image contains a screenshot of a graph to demonstrate the average lead generation ROI by using of lead scoring. 138% are currenting using lead scoring, and 78% are not using lead scoring.
    Source: 2011 B2B Marketing Benchmark Survey, MarketingSherpa
    Methodology: Fielded June 2011, N=326 CMOs

    SoftwareReviews’ Lead Scoring Approach

    1. Drive Aligned Vision for Lead Scoring

    2. Build and Test Your Lead Scoring Model

    3. Apply to Your Tech Platform and Validate, Nurture, and Grow

    Phase
    Steps

    1. Outline a vision for lead scoring and identify stakeholders.
    2. Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.
    3. Align on marketing pipeline terminology, buyer persona and journey, and lead gen engine components.
    1. Understand the Lead Scoring Grid and establish thresholds.
    2. Collaborate with stakeholders on your ICP, apply weightings to profile attributes and values, and test your model.
    3. Identify the key activities and assets of your lead gen engine, weight attributes, and run tests.
    1. Apply model to your marketing management software.
    2. Test quality of sales-accepted leads by sellers and measure conversion rates through your marketing pipeline.
    3. Apply advanced methods such as lead nurturing.

    Phase Outcomes

    1. Steering committee and stakeholder selection
    2. Stakeholder alignment
    3. Team alignment on terminology
    4. Buyer journey map
    5. Lead gen engine components and asset types documented
    1. Initial lead-stage threshold scores
    2. Ideal customer profile, weightings, and tested scores
    3. Documented activities/assets across your lead generation engine
    4. Test results to drive adjusted weightings for profile attributes and engagement
    5. Final model to apply to marketing application
    1. Better qualified leads in the hands of sellers
    2. Advanced methods to nurture leads

    Key Deliverable: Lead Scoring Workbook

    The workbook walks you through a step-by-step process to:

    • Identify your team.
    • Identify the lead scoring thresholds.
    • Define your IPC.
    • Weight the activities within your lead generation engine.
    • Run tests using lead scenarios.

    Tab 1: Team Composition

    Consider core functions and form a cross-functional lead scoring team. Document the team’s details here.

    The image contains a screenshot of the Lead Scoring Workbook, Tab 1.

    Tab 2: Threshold Setting

    Set your initial threshold weightings for profile and engagement scores.

    The image contains a screenshot of the Lead Scoring Workbook, Tab 2.

    Tab 3:

    Establish Your Ideal Customer Profile

    Identify major attributes and attribute values and the weightings of both. You’ll eventually score your leads against this ICP.

    Record and Weight Lead Gen Engine Activities

    Identify the major activities that compose prospect engagement with your lead gen engine. Weight them together as a team.

    Test Lead Profile Scenarios

    Test actual lead profiles to see how they score against where you believe they should score. Adjust threshold settings in Tab 2.

    Test Activity Engagement Scores

    Test scenarios of how contacts navigate your lead gen engine. See how they score against where you believe they should score. Adjust thresholds on Tab 2 as needed.

    Review Combined Profile and Activity Score

    Review the combined scores to see where on your lead scoring matrix the lead falls. Make any final adjustments to thresholds accordingly.

    The image contains screenshots of the Lead Scoring Workbook, Tab 3.

    Several ways we help you build your lead scoring methodology

    DIY Toolkit Guided Implementation Workshop Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    • Begin your project using the step-by-step process outlined in this blueprint.
    • Leverage the accompanying workbook.
    • Launch inquiries with the analyst who wrote the research.
    • Kick off your project with an inquiry with the authoring analyst and your engagement manager.
    • Additional inquiries will guide you through each step.
    • Leverage the blueprint and toolkit.
    • Reach out to your engagement manager.
    • During a half-day workshop the authoring analyst will guide you and your team to complete your lead scoring methodology.
    • Reach out to your engagement manager.
    • We’ll lead the engagement to structure the process, gather data, interview stakeholders, craft outputs, and organize feedback and final review.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Collaborate on vision for lead scoring and the overall project.

    Call #2: Identify the steering committee and the rest of the team.

    Call #3: Discuss app/tech stack support for lead scoring. Understand key marketing pipeline terminology and the buyer journey.

    Call #4: Discuss your ICP, apply weightings, and run test scenarios.

    Call #5: Discuss and record lead generation engine components.

    Call #6: Understand the Lead Scoring Grid and set thresholds for your model.

    Call #7: Identify your ICP, apply weightings to attributes, and run tests.

    Call #8: Weight the attributes of engagement activities and run tests. Review the application of the scoring model on lead management software.

    Call #9: Test quality of sales-accepted leads in the hands of sellers. Measure lead flow and conversion rates through your marketing pipeline.

    Call #10: Review progress and discuss nurturing and other advanced topics.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.

    Workshop Overview

    Accelerate your project with our facilitated SoftwareReviews Advisory workshops

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Drive Aligned Vision for Lead Scoring

    Buyer Journey and Lead Gen Engine Mapping

    Build and Test Your Lead Scoring Model

    Align on Engagement Attributes

    Apply to Your Tech Platform

    Activities

    1.1 Outline a vision for lead scoring.

    1.2 Identify steering committee and project team members.

    1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.

    1.4 Align on marketing pipeline terminology.

    2.1 Establish a buyer persona (if not done already).

    2.2 Map your buyer journey.

    2.3 Document the activities and assets of your lead gen engine.

    3.1 Understand Lead Scoring Grid and set your thresholds.

    3.2 Identify ICP attribute and sub-attribute weightings. Run tests.

    4.1 Weight the attributes of your lead gen engagement model and run tests.

    4.2 Apply weightings to activities and assets.

    4.3 Test engagement and profile scenarios together and adjust weightings and thresholds as needed.

    5.1 Apply model to your campaign management software and test quality of sales-accepted leads in the hands of sellers.

    5.2. Measure overall lead flow and conversion rates through your marketing pipeline.

    5.3 Apply lead nurturing and other advanced methods.

    Deliverables

    1. Steering committee & project team composition
    2. Direction on tech stack to support lead gen
    3. Alignment on marketing pipeline definitions
    1. Buyer (persona if needed) journey map
    2. Lead gen engine assets and activities documented
    1. Lead scoring thresholds
    2. ICP, weightings, and tested scores
    3. Test profile scoring
    1. Engagement attributes and weightings tested and complete
    2. Final lead scoring model
    1. Model applied to your marketing management/ campaign management software
    2. Better qualified leads in the hands of sellers

    Phase 1

    Drive an Aligned Vision for Lead Scoring

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    • Solidify your vision for lead scoring.
    • Achieve stakeholder alignment.
    • Assess your tech stack.

    This phase involves the following stakeholders:

    • Field Marketing/Campaign Manager
    • CMO
    • Product Marketing
    • Product Management
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 1.1

    Establish a Cross-Functional Vision for Lead Scoring

    Activities

    1.1.1 Identify stakeholders critical to success

    1.1.2 Outline the vision for lead scoring

    1.1.3 Select your lead scoring team

    This step will walk you through the following activities:

    • Discuss the reasons why lead scoring is important.
    • Review program process.
    • Identify stakeholders and team.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder alignment on vision of lead scoring
    • Stakeholders described and team members recorded
    • A documented buyer journey and map of your current lead gen engine

    1.1.1 Identify stakeholders critical to success

    1 hour

    1. Meet to identify the stakeholders that should be included in the project’s steering committee.
    2. Finalize selection of steering committee members.
    3. Contact members to ensure their willingness to participate.
    4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results
    Input Output
    • Stakeholder interviews
    • List of business process owners (lead management, inside sales lead qualification, sales opportunity management, marketing funnel metric measurement/analytics)
    • Lead generation/scoring stakeholders
    • Steering committee members
    Materials Participants
    • N/A
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    SoftwareReviews Advisory Insight:

    B2B marketers that lack agreement among Marketing, Sales, Inside Sales, and lead management supporting staff of what constitutes a qualified lead will squander precious time and resources throughout the customer acquisition process.

    1.1.2 Outline the vision for lead scoring

    1 hour

    1. Convene a meeting of the steering committee and initiative team members who will be involved in the lead scoring project.
    • Using slides from this blueprint, understand the definition of lead scoring, the value of lead scoring to the organization, and the overall lead scoring process.
    • Understand the teams’ roles and responsibilities and help your Marketing Operations/IT colleagues understand some of the technical requirements needed to support lead scoring.
    • This is important because as the business members of the team are developing the lead scoring approach on paper, the technical team can begin to evaluate lead management apps within which your lead scoring model will be brought to life.
    Input Output
    • Slides to explain lead scoring and the lead scoring program
    • An understanding of the project among key stakeholders
    Materials Participants
    • Slides taken from this blueprint. We suggest slides from the Executive Brief (slides 3-16) and any others depending on the team’s level of familiarity.
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental leads from Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    SoftwareReviews Advisory Insight:

    While SMBs can implement some form of lead scoring when volume is very low and leads can be scored by hand, lead scoring and effective lead management cannot be performed without investment in digital platforms and lead management software and integration with customer relationship management (CRM) applications in the hands of inside and field sales staff. Marketers should plan and budget for the right combination of applications and tools to be in place for proper lead management.

    Lead scoring stakeholders

    Developing a common stakeholder understanding of the ICP, the way contact profiles are scored, and the way activities and asset engagement in your lead generation engine are scored will strengthen alignment between Marketing, Sales and Product Management.

    Title

    Key Stakeholders Within a Lead Generation/Scoring Initiative

    Lead Scoring Sponsor

    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, CEO (in SMB providers)

    Lead Scoring Initiative Manager

    • Typically a senior member of the marketing team
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Marketing Manager or a field marketing team member who has strong program management skills, has run large-scale B2B generation campaigns, and is familiar with the stakeholder roles and enabling technologies

    Business Leads

    • Works alongside the lead scoring initiative manager to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing lead
    • Marketing Director

    Digital, Marketing/Sales Ops/IT Team

    • Composed of individuals whose application and technology tools knowledge and skills are crucial to lead generation success
    • Responsible for understanding the business requirements behind lead generation and the requirements in particular to support lead scoring and the evaluation, selection, and implementation of the supporting tech stack – apps, website, analytics, etc.
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Marketing Application SMEs, Sales Application

    Steering Committee

    • Composed of C-suite/management-level individuals who act as the lead generation process decision makers
    • Responsible for validating goals and priorities, defining the scope, enabling adequate resourcing, and managing change especially among C-level leaders in Sales & Product
    • Executive Sponsor, Project Sponsor, CMO, Business Unit SMEs

    SoftwareReviews Advisory Insight:

    Marketers managing the lead scoring initiative must include Product Marketing, Sales, Inside Sales, and Product Management. And given that world-class B2B lead generation engines cannot run without technology enablement, Marketing Operations/IT – those that are charged with enabling marketing and sales – must also be part of the decision making and implementation process of lead scoring and lead generation.

    1.1.3 Select your lead scoring team

    30 minutes

    1. The CMO and other key stakeholders should discuss and determine who will be involved in the lead scoring project.
    • Business leaders in key areas – Product Marketing, Field Marketing, Digital Marketing, Inside Sales, Sales, Marketing Ops, Product Management, and IT – should be involved.
  • Document the members of your lead scoring team in tab 1 of the Lead Scoring Workbook.
    • The size of the team will vary depending on your initiative and size of your organization.
    InputOutput
    • Stakeholders
    • List of lead scoring team members
    MaterialsParticipants
    • Lead Scoring Workbook
    • Initiative Manager
    • CMO, Sponsoring Executive
    • Departmental Leads – Sales, Marketing, Product Marketing, Product Management (and others)
    • Marketing Applications Director
    • Senior Digital Business Analyst

    Download the Lead Scoring Workbook

    Lead scoring team

    Consider the core team functions when composing the lead scoring team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned lead management/scoring strategy. Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limit the size of the team to enable effective decision making while still including functional business units.

    Required Skills/Knowledge

    Suggested Team Members

    Business

    • Understanding of the customer
    • Understanding of brand
    • Understanding of multichannel marketing: email, events, social
    • Understanding of lead qualification
    • Field Marketing/Campaign Lead
    • Product Marketing
    • Sales Manager
    • Inside Sales Manager
    • Content Marketer/Copywriter

    IT

    • Campaign management application capabilities
    • Digital marketing
    • Marketing and sales funnel Reporting/metrics
    • Marketing Application Owners
    • CRM/Sales Application Owners
    • Marketing Analytics Owners
    • Digital Platform Owners

    Other

    • Branding/creative
    • Social
    • Change management
    • Creative Director
    • Social Media Marketer

    Step 1.2 (Optional)

    Assess Your Tech Stack for Lead Scoring

    Our model assumes you have:

    1.2.1 A marketing application/campaign management application in place that accommodates lead scoring.

    1.2.2 Lead management software integrated with the sales automation/CRM tool in the hands of Field Sales.

    1.2.3 Reporting/analytics that spans the entire lead generation pipeline/funnel.

    Refer to the following three slides if you need guidance in these areas.

    This step will walk you through the following activities:

    • Confirm that you have your tech stack in place.
    • Set up an inquiry with an Info-Tech analyst should you require guidance on evaluating lead pipeline reporting, CRM, or analytics applications.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Understanding of what new application and technology support is required to support lead scoring.

    SoftwareReviews Advisory Insight:

    Marketers that collaborate closely with Marketing Ops/IT early in the process of lead scoring design will be best able to assess whether current marketing applications and tools can support a full lead scoring capability.

    1.2.1 Plan technology support for marketing management apps

    Work with Marketing Ops and IT early to evaluate application enablement for lead management, including scoring

    A thorough evaluation takes months – start early

    • Work closely with Marketing Operations (or the team that manages the marketing apps and digital platforms) as early as possible to socialize your approach to lead scoring.
    • Work with them on a set of updated requirements for selecting a marketing management suite or for changes to existing apps and tools to support your lead scoring approach that includes lead tracking and marketing funnel analytics.
    • Access the Info-Tech blueprint Select a Marketing Management Suite, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews Marketing Management Data Quadrant during vendor evaluation and selection.

    SoftwareReviews Marketing Management Data Quadrant

    The image contains a screenshot of the Marketing Management Data Quadrant.

    1.2.2 Plan technology support for sales opportunity management

    Work with Marketing Ops and IT early to evaluate applications for sales opportunity management

    A thorough evaluation takes months – start early

    • Work closely with Sales Operations as early as possible to socialize your approach to lead scoring and how lead management must integrate with sales opportunity management to manage the entire marketing and sales funnel management process.
    • Work with them on a set of updated requirements for selecting a sales opportunity management application that integrates with your marketing management suite or for changes to existing apps and tools to support your lead management and scoring approach that support the entire marketing and sales pipeline with analytics.

    Access the Info-Tech blueprint Select and Implement a CRM Platform, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews CRM Data Quadrant during vendor evaluation and selection.

    SoftwareReviews Customer Relationship Management Data Quadrant

    The image contains a screenshot of the SoftwareReviews Customer Relationship Management Data Quadrant.

    1.2.3 Plan analytics support for marketing pipeline analysis

    Work with Marketing Ops early to evaluate analytics tools to measure marketing and sales pipeline conversions

    A thorough evaluation takes weeks – start early

    • Work closely with Marketing and Sales Operations as early as possible to socialize your approach to measuring the lifecycle of contacts through to wins across the entire marketing and sales funnel management process.
    • Work with them on a set of updated requirements for selecting tools that can support the measurement of conversion ratios from contact to MQL, SQL, and opportunity to wins. Having this data enables you to measure improvement in component parts to your lead generation engine.
    • Access the Info-Tech blueprint Select and Implement a Reporting and Analytics Solution, along with analyst inquiry support during the requirements definition, vendor evaluation and vendor selection phases. Use the SoftwareReviews Best Business intelligence & Analytics Software Data Quadrant as well during vendor evaluation and selection.

    SoftwareReviews Business Intelligence Data Quadrant

    The image contains a screenshot of the Software Reviews Business Intelligent Quadrant.

    Step 1.3

    Catalog Your Buyer Journey and Lead Gen Engine Assets

    Activities

    1.3.1 Review marketing pipeline terminology

    1.3.2 Describe your buyer journey

    1.3.3 Describe your awareness and lead generation engine

    This step will walk you through the following activities:

    • Discuss marketing funnel terminology.
    • Describe your buyer journey.
    • Catalog the elements of your lead generation engine.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on terminology, your buyer journey, and elements of your lead generation engine

    1.3.1 Review marketing pipeline terminology

    30 minutes

    1. We assume for this model the following:
      1. Our primary objective is to deliver more, and more-highly qualified, sales-qualified leads (SQLs) to our salesforce. The salesforce will accept SQLs and after further qualification turn them into opportunities. Sellers work opportunities and turn them into wins. Wins that had first/last touch attribution within the lead gen engine are considered marketing-influenced wins.
      2. This model assumes the existence of sales development reps (SDRs) whose mission it is to take marketing-qualified leads (MQLs) from the lead generation engine and further qualify them into SQLs.
      3. The lead generation engine takes contacts – visitors to activities, website, etc. – and scores them based on their profile and engagement. If the contact scores at or above the designated threshold, the lead generation engine rates it as an MQL and passes it along to Inside Sales/SDRs. If the contact scores above a certain threshold and shows promise, it is further nurtured. If the contact score is low, it is ignored.
    2. If an organization does not possess a team of SDRs or Inside Sales, you would adjust your version of the model to, for example, raise the threshold for MQLs, and when the threshold is reached the lead generation engine would pass the lead to Field Sales for further qualification.

    Stage

    Characteristics

    Actions

    Contact

    • Unqualified
    • No/low activity

    Nurture

    SDR Qualify

    Send to Sales

    Close

    MQL

    • Profile scores high
    • Engagement strong

    SQL

    • Profile strengthened
    • Demo/quote/next step confirmed

    Oppt’y

    • Sales acceptance
    • Sales opportunity management

    Win

    • Deal closed

    SoftwareReviews Advisory Insight:

    Score leads in a way that makes it crystal clear whether they should be ignored, further nurtured, further qualified, or go right into a sellers’ hands as a super hot lead.

    1.3.2 Describe your buyer journey

    1. Understand the concept of the buyer journey:
      1. Typically Product Marketing is charged with establishing deep understanding of the target buyer for each product or solution through a complete buyer persona and buyer journey map. The details of how to craft both are covered in the upcoming SoftwareReviews Advisory blueprint Craft a More Comprehensive Go-to-Market Strategy. However, we share our Buyer Journey Template here (on the next slide) to illustrate the connection between the buyer journey and the lead generation and scoring processes.
      2. Marketers and campaigners developing the lead scoring methodology will work closely with Product Marketing, asking them to document the buyer journey.
      3. The value of the buyer journey is to guide asset/content creation, nurturing strategy and therefore elements of the lead generation engine such as web experience, email, and social content and other elements of engagement.
      4. The additional value of having a buyer persona is to also inform the ICP, which is an essential element of lead scoring.
      5. For the purposes of lead scoring, use the template on the next slide to create a simple form of the buyer journey. This will guide lead generation engine design and the scoring of activities later in our blueprint.

    2 hours

    On the following slide:

    1. Tailor this template to suit your buyer journey. Text in green is yours to modify. Text in black is instructional.
    2. Your objective is to use the buyer journey to identify asset types and a delivery channel that once constructed/sourced and activated within your lead gen engine will support the buyer journey.
    3. Keep your buyer journey updated based on actual journeys of sales wins.
    4. Complete different buyer journeys for different product areas. Complete these collaboratively with stakeholders for alignment.

    SoftwareReviews Advisory Insight:

    Establishing a buyer journey is one of the most valuable tools that, typically, Product Marketing produces. Its use helps campaigners, product managers, and Inside and Field Sales. Leading marketers keep journeys updated based on live deals and characteristics of wins.

    Buyer Journey Template

    Personas: [Title] e.g. “BI Director”

    The image contains a screenshot of the describe persona level as an example.

    [Persona name] ([levels it includes from arrows above]) Buyer’s Journey for [solution type] Vendor Selection

    The image contains a screenshot of the Personas Type example to demonstrate a specific IT role, end use in a relevant department.

    1.3.3 Describe Your Awareness and Lead Gen Engine

    1. Understand the workings of a typical awareness and lead generation engine. Reference the image of a lead gen engine on the following slide when reviewing our guidance below:
      1. In our lead scoring example found in the Lead Scoring Workbook, tab 3, “Weight and Test,” we use a software company selling a sales automation solution, and the engagement activities match with the Typical Awareness and Lead Gen Engine found on the following slide. Our goal is to match a visual representation of a lead gen and awareness engine with the activity scoring portion of lead scoring.
      2. At the top of the Typical Awareness and Lead Generation Engine image, the activities are activated by a team of various roles: digital manager (new web pages), campaign manager (emails and paid media), social media marketer (organic and paid social), and events marketing manager (webinars).
      3. “Awareness” – On the right, the slide shows additional awareness activities driven by the PR/Corporate Comms and Analyst Relations teams.*
      4. The calls to action (CTAs) found in the outreach activities are illustrated below the timeline. The CTAs are grouped and are designed to 1) drive profile capture data via a main sales form fill, and 2) drive engagement that corresponds to the Education, Solution, and Selection buyer journey phases outlined on the prior slide. Ensure you have fast paths to get a hot lead – request a demo – directly to Field Sales when profiles score high.

    * For guidance on best practices in engaging industry analysts, contact your engagement manager to schedule an inquiry with our expert in this area. during that inquiry, we will share best practices and recommended analyst engagement models.

    Lead Scoring Workbook

    2 hours

    On the following slide:

    1. Tailor the slide to describe your lead generation engine as you will use it when you get to latter steps to describe the activities in your lead gen engine and weight them for lead scoring.
    2. Use the template to see what makes up a typical lead gen and awareness building engine. Record your current engine parts and see what you may be missing.
    3. Note: The “Goal” image in the upper right of the slide is meant as a reminder that marketers should establish a goal for SQLs delivered to Field Sales for each campaign.

    SoftwareReviews Advisory Insight:

    Marketing’s primary mission is to deliver marketing-influenced wins (MIWs) to the company. Building a compelling awareness and lead gen engine must be done with that goal in mind. Leaders are ruthless in testing – copy, email subjects, website navigation, etc. – to fine-tune the engine and staying highly collaborative with sellers to ensure high value lead delivery.

    Typical Awareness and Lead Gen Engine

    Understand how a typical lead generation engine works. Awareness activities are included as a reference. Use as a template for campaigns.

    The image contains a screenshot of a diagram to demonstrate how a lead generation engine works.

    Phase 2

    Build and Test Your Lead Scoring Model

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    1. Understand the Lead Scoring Grid and establish thresholds.
    2. Collaborate with stakeholders on your ICP, apply weightings to profile attributes and values, and test.
    3. Identify the key activities and assets of your lead gen engine, weight attributes, and run tests.

    This phase involves the following participants:

    • Field Marketing/Campaign Manager
    • Product Marketing
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 2.1

    Start Building Your Lead Scoring Model

    Activities

    2.1.1 Understand the Lead Scoring Grid

    2.1.2 Identify thresholds

    This step will walk you through the following activities:

    • Discuss the concept of the thresholds for scoring leads in each of the various states – “ignore,” “nurture,” “qualify,” “send to sales.”
    • Open the Lead Scoring Workbook and validate your own states to suit your organization.
    • Arrive at an initial set of threshold scores.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on stages
    • Stakeholder alignment on initial set of thresholds

    2.1.1 Understand the Lead Scoring Grid

    30 minutes

    1. Understand how lead scoring works and our grid is constructed.
    2. Understand the two important areas of the grid and the concept of how the contact’s scores will increase as follows:
      1. Profile – as the profile attributes of the contact approaches that of the ICP we want to score the contact/prospect higher. Note: Step 1.3 walks you through creating your ICP.
      2. Engagement – as the contact/prospect engages with the activities (e.g. webinars, videos, events, emails) and assets (e.g. website, whitepapers, blogs, infographics) in our lead generation engine, we want to score the contact/prospect higher. Note: You will describe your engagement activities in this step.
    3. Understand how thresholds work:
      1. Threshold percentages, when reached, trigger movement of the contact from one state to the next – “ignore,” “nurture,” “qualify with Inside Sales,” and “send to sales.”
    The image contains a screenshot of an example of the lead scoring grid, as described in the text above.

    2.1.2 Identify thresholds

    30 minutes

    We have set up a model Lead Scoring Grid – see Lead Scoring Workbook, tab 2, “Identify Thresholds.”

    Set your thresholds within the Lead Scoring Workbook:

    • Set your threshold percentages for ”Profile” and “Engagement.”
    • You will run test scenarios for each in later steps.
    • We suggest you start with the example percentages given in the Lead Scoring Workbook and plan to adjust them during testing in later steps.
    • Define the “Send to Sales,” “Qualify With Inside Sales,” “Nurture,” and “Ignore” zones.

    SoftwareReviews Advisory Insight:

    Clarify that all-important threshold for when a lead passes to your expensive and time-starved outbound sellers.

    The image contains a screenshot of the Lead Scoring Workbook, tab 2 demonstrating the Lead Scoring Grid.

    Lead Scoring Workbook

    Step 2.2

    Identify and Verify Your Ideal Customer Profile and Weightings

    Activities

    2.2.1 Identify your ideal customer profile

    2.2.2 Run tests to validate profile weightings

    This step will walk you through the following activities:

    • Identify the attributes that compose the ICP.
    • Identify the values of each attribute and their weightings.
    • Test different contact profile scenarios against what actually makes sense.
    • Adjust weightings if needed.

    This step involves the following participants:

    • Stakeholders

    Outcomes of this step

    • Stakeholder alignment on ICP
    • Stakeholder alignment on weightings given to attributes
    • Tested results to verify thresholds and cores

    2.2.1 Identify your ideal customer profile

    Collaborate with stakeholders to understand what attributes best describe your ICP. Assign weightings and subratings.

    2 hours

    1. Choose attributes such as job role, organization type, number of employees/potential seat holders, geographical location, interest area, etc., that describe the ideal profile of a target buyer. Best practice sees marketers choosing attributes based on real wins.
    2. Some marketers compare the email domain of the contact to a target list of domains. In the Lead Scoring Workbook, tab 3, “Weight and Test,” we provide an example profile for a “Sales Automation Software” ICP.
    3. Use the workbook as a template, remove our example, and create your own ICP attributes. Then weight the attributes to add up to 100%. Add in the attribute values and weight them. In the next step you will test scenarios.

    SoftwareReviews Advisory Insight:

    Marketers who align with colleagues in areas such as Product Marketing, Sales, Inside Sales, Sales Training/Enablement, and Product Managers and document the ICP give their organizations a greater probability of lead generation success.

    The image contains a screenshot of tab 3, demonstrating the weight and test with the example profile.

    Lead Scoring Workbook

    2.2.2 Run tests to validate profile weightings

    Collaborate with stakeholders to run different profile scenarios. Validate your model including thresholds.

    The image contains a screenshot of tab 3 to demonstrate the next step of running tests to validate profile weightings.

    SoftwareReviews Advisory Insight:

    Keep your model simple in the interest of fast implementation and to drive early learnings. The goal is not to be perfect but to start iterating toward success. You will update your scoring model even after going into production.

    2 hours

    1. Choose scenarios of contact/lead profile attributes by placing a “1” in the “Attribute” box shown at left.
    2. Place your estimate of how you believe the profile should score in the box to the right of “Estimated Profile State.” How does the calculated state, beneath, compare to the estimated state?
    3. In cases where the calculated state differs from your estimated state, consider weighting the profile attribute differently to match.
    4. If you find estimates and calculated states off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

    Lead Scoring Workbook

    Step 2.3

    Establish Key Lead Generation Activities and Assets

    Activities

    2.3.1 Establish activities, attribute values, and weights

    2.3.2 Run tests to evaluate activity ratings

    This step will walk you through the following activities:

    • Identify the activities/asset types in your lead gen engine.
    • Weight each attribute and define values to score for each one.
    • Run tests to ensure your model makes sense.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Final stakeholder alignment on which assets compose your lead generation engine
    • Scoring model tested

    2.3.1 Establish activities, attribute values, and weights

    2 hours

    1. Catalog the assets and activities that compose your lead generation engine outlined in Activity 1.3.3. Identify their attribute values and weight them accordingly.
    2. Consider weighting attributes and values according to how close that asset gets to conveying your ideal call to action. For example, if your ideal CTA is “schedule a demo” and the “click” was submitted in the last seven days, it scores 100%. Take time decay into consideration. If that same click was 60 days ago, it scores less – maybe 60%.
    3. Different assets convey different intent and therefore command different weightings; a video comparing your offering against the competition, considered a down funnel asset, scores higher than the company video, considered a top-of-the-funnel activity and “awareness.”
    The image contains a screenshot of the next step of establishing activities, attribute values, and weights.

    Lead Scoring Workbook

    2.3.2 Run tests to validate activity weightings

    Collaborate with stakeholders to run different engagement scenarios. Validate your model including thresholds.

    The image contains a screenshot of activity 2.3.2: run tests to validate activity weightings.

    SoftwareReviews Advisory Insight:

    Use data from actual closed deals and the underlying activities to build your model – nothing like using facts to inform your key decisions. Use common sense and keep things simple. Then update further when data from new wins appears.

    2 hours

    1. Test scenarios of contact engagement by placing a “1” in the “Attribute” box shown at left.
    2. Place your estimate of how you believe the engagement should score in the box to the right of “Estimated Engagement State.” How does the calculated state, beneath, compare to the estimated state?
    3. In cases where the calculated state differs from your estimated state, consider weighting the activity attribute differently to match.
    4. If you find that the estimates and calculated states are off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

    Lead Scoring Workbook

    Phase 3

    Apply Your Model to Marketing Apps and Go Live With Better Qualified Leads

    Phase 1

    Phase 2

    Phase 3

    1.1 Establish a cross-functional vision for lead scoring

    1.2 Asses your tech stack for lead scoring (optional)

    1.3 Catalog your buyer journey and lead gen engine assets

    2.1 Start building your lead scoring model

    2.2 Identify and verify your IPC and weightings

    2.3 Establish key lead generation activities and assets

    3.1 Apply model to your marketing management software

    3.2 Test the quality of sales-accepted leads

    3.3 Apply advanced methods

    This phase will walk you through the following activities:

    1. Apply model to your marketing management/campaign management software.
    2. Get better qualified leads in the hands of sellers.
    3. Apply lead nurturing and other advanced methods.

    This phase involves the following participants:

    • Field Marketing/Campaign Manager
    • Sales Leadership/Sales Operations
    • Inside Sales leadership
    • Marketing Operations/IT
    • Digital Platform leadership

    Step 3.1

    Apply Model to Your Marketing Management Software

    Activities

    3.1.1 Apply final model to your lead management software

    This step will walk you through the following activities:

    • Apply the details of your scoring model to the lead management software.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Marketing management software or campaign management application is now set up/updated with your lead scoring approach.

    3.1.1 Apply final model to your lead management software

    Now that your model is complete and ready to go into production, input your lead scoring parameters into your lead management software.

    The image contains a screenshot of activity 3.1.1 demonstrating tab 4 of the Lead Scoring Workbook.

    3 hours

    1. Go to the Lead Scoring Workbook, tab 4, “Model Summary” for a formatted version of your lead scoring model. Double-check print formatting and print off a copy.
    2. Use the copy of your model to show to prospective technology providers when asking them to demonstrate their lead scoring capabilities.
    3. Once you have finalized your model, use the printed output from this tab to ease your process of transposing the corresponding model elements into your lead management software.

    Lead Scoring Workbook

    Step 3.2

    Test the Quality of Sales-Accepted Leads

    Activities

    3.2.1 Achieve sales lead acceptance

    3.2.2 Measure and optimize

    This step will walk you through the following activities:

    • Suggest that the Inside Sales and Field Sales teams should assess whether to sign off on quality of leads received.
    • Campaign managers and stakeholders should now be able to track lead status more effectively.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Sales leadership should be able to sign off that leads are better qualified.
    • With marketing pipeline analytics in place, campaigners can start to measure lead flow and conversion rates.

    3.2.1 Achieve sales lead acceptance

    Collaborate with sellers to validate your lead scoring approach.

    1 hour

    1. Gather a set of SQLs – leads that have been qualified by Inside Sales and delivered to Field Sales. Have Field Sales team members convey whether these leads were properly qualified.
    2. Where leads are deemed not properly qualified, determine if the issue was a) a lack of proper qualification by the Inside Sales team, or b) the lead generation engine, which should have further nurtured the lead or ignored it outright.
    3. Work collaboratively with Inside Sales to update your lead scoring model and/or Inside Sales practice.

    Stage

    Characteristics

    Actions

    Contact

    • Unqualified
    • No/low activity

    Nurture

    SDR Qualify

    Send to Sales

    Close

    MQL

    • Profile scores high
    • Engagement strong

    SQL

    • Profile strengthened
    • Demo/quote/next step confirmed

    Oppt’y

    • Sales acceptance
    • Sales opportunity management

    Win

    • Deal closed

    SoftwareReviews Advisory Insight:

    Marketers that collaborate with Sales – and in this case, a group of sellers as a sales advisory team – well in advance of sales acceptance to design lead scoring will save time during this stage, build trust with sellers, and make faster decisions related to lead management/scoring.

    3.2.2 Measure and optimize

    Leverage analytics that help you optimize your lead scoring methodology.

    Ongoing

    1. Work with Marketing Ops/IT team to design and implement analytics that enable you to:
    2. Meet frequently with your stakeholder team to review results.
    3. Learn from the wins: see how they actually scored and adjust thresholds and/or asset/activity weightings.
    4. Learn from losses: fix ineffective scoring, activities, assets, form-fill strategies, and engagement paths.
    5. Test from both wins and losses if demographic weightings are delivering accurate scores.
    6. Analyze those high scoring leads that went right to sellers but did not close. This could point to a sales training or enablement challenge.
    The image contains a screenshot of the lead scoring dashboard.

    Analytics will also drive additional key insights across your lead gen engine:

    • Are volumes increasing or decreasing? What percentage of leads are in what status (A1-D4)?
    • What nurturing will re-engage stalled leads that score high in profile but low in engagement (A3, B3)?
    • Will additional profile data capture further qualify leads with high engagement (C1, C2)?
    • And beyond all of the above, what leads move to Inside Sales and convert to SQLs, opportunities, and eventually marketing-influenced wins?

    Step 3.3

    Apply Advanced Methods

    Activities

    3.3.1 Employ lead nurturing strategies

    3.3.2 Adjust your model over time to accommodate more advanced methods

    This step will walk you through the following activities:

    • Apply lead nurturing to your lead gen engine.
    • Adjust your engine over time with more advanced methods.

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Marketers can begin to test lead nurturing strategies and other advanced methods.

    3.3.1 Employ lead nurturing strategies

    A robust content marketing competence with compelling assets and the capture of additional profile data for qualification are key elements of your nurturing strategy.

    The image contains a screenshot of the Lead Scoring Grid with a focus on Nurture.

    SoftwareReviews Advisory Insight:

    Nurturing success combines the art of crafting engaging copy/experiences and the science of knowing just where a prospect is within your lead gen engine. Great B2B marketers demonstrate the discipline of knowing when to drive engagement and/or additional profile attribute capture using intent while not losing the prospect to over-profiling.

    Ongoing

    1. The goal of lead nurturing is to move the collection of contacts/leads that are scoring, for example, in the A3, B3, C1, C2, and C3 cells into A2, B2, and B1 cells.
    2. How is this best done? To nurture leads that are A3 and B3, entice the prospect with engagement that leads to the bottom of funnel – e.g. “schedule a demo” or “schedule a consultation” via a compelling asset. See the example on the following slide.
    3. To nurture C1 and C2, we need to qualify them further, so entice with an asset that leads to deeper profile knowledge.
    4. For C3 leads, we need both profile and activity nurturing.

    Lead nurturing example

    The image contains an example of a lead nurturing example.

    SoftwareReviews Advisory Insight:

    When nurturing, choose/design content as to what “intent” it satisfies. For example, a head-to-head comparison with a key competitor signals “Selection” phase of the buyer journey. Content that helps determine what app-type to buy signals “Solution”. A company video, or a webinar replay, may mean your buyer is “educating themselves.

    3.3.2 Adjust your model over time to accommodate more advanced methods

    When getting started or within a smaller marketing team, focus on the basics outlined thus far in this blueprint. Larger and/or more experienced teams are able to employ more advanced methods.

    Ongoing

    Advanced Methods

    • Invest in technologies that interpret lead scores and trigger next-step actions, especially outreach by Inside and/or Field Sales.
    • Use the above to route into nurturing environments where additional engagement will raise scores and trigger action.
    • Recognize that lead value decays with time to time additional outreach/activities and to reduce lead scores over time.
    • Always be testing different engagement, copy, and subsequent activities to optimize lead velocity through your lead gen engine.
    • Build intent sensitivity into engagement activities; e.g. test if longer demo video engagement times imply ”contact me for a demo” via a qualification outreach. Update scores manually to drive learnings.
    • Vary engagement paths by demographics to deliver unique digital experiences. Use firmographics/email domain to drive leads through a more tailored account-based marketing (ABM) experience.
    • Reapply learnings from closed opportunities/wins to drive updates to buyer journey mapping and your ICP.

    Frequently used acronyms

    ABM

    Account-Based Marketing

    B2B

    Business to Business

    CMO

    Chief Marketing Officer

    CRM

    Customer Relationship Management

    ICP

    Ideal Customer Profile

    MIW

    Marketing-Influenced Win

    MQL

    Marketing-Qualified Lead

    SDR

    Sales Development Representative

    SQL

    Sales-Qualified Lead

    Works cited

    Arora, Rajat. “Mining the Real Gems from you Data – Lead Scoring and Engagement Scoring.” LeadSquared, 27 Sept. 2014. Web.

    Doyle, Jen. “2012 B2B Marketing Benchmark Report: Research and insights on attracting and converting the modern B2B buyer.” MarketingSherpa, 2012. Web.

    Doyle, Jen, and Sergio Balegno. “2011 MarketingSherpa B2B Marketing Benchmark Survey: Research and Insights on Elevating Marketing Effectiveness from Lead Generation to Sales Conversion.” MarketingSherpa, 2011.

    Kirkpatrick, David. “Lead Scoring: CMOs realize a 138% lead gen ROI … and so can you.” marketingsherpa blog, 26 Jan 2012. Web.

    Moser, Jeremy. “Lead Scoring Is Important for Your Business: Here’s How to Create Scoring Model and Hand-Off Strategy.” BigCommerce, 25 Feb. 2019. Web.

    Strawn, Joey. “Why Lead Scoring Is Important for B2Bs (and How You Can Implement It for Your Company.” IndustrialMarketer.com, 17 Aug. 2016. Web.

    Get Started With Customer Advocacy

    • Buy Link or Shortcode: {j2store}565|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Getting started with customer advocacy (CA) is no easy task. Many customer success professionals carry out ad hoc customer advocacy activities to address immediate needs but lack a more strategic approach.

    Our Advice

    Critical Insight

    • Customer success leaders must reposition their CA program around growth; the recognition that customer advocacy is a strategic growth initiative is necessary to succeed in today’s competitive market.
    • Get key stakeholders on board early – especially Sales!
    • Always link your CA efforts back to retention and growth.
    • Make building genuine relationships with your advocates the cornerstone of your CA program.

    Impact and Result

    • Enable the organization to identify and develop meaningful relationships with top customers and advocates.
    • Understand the concepts and benefits of CA and how CA can be used to improve marketing and sales and fuel growth and competitiveness.
    • Follow SoftwareReviews’ methodology to identify where to start to apply CA within the organization.
    • Develop a customer advocacy proof of concept/pilot program to gain stakeholder approval and funding to get started with or expand efforts around customer advocacy.

    Get Started With Customer Advocacy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get Started With Customer Advocacy Executive Brief – An overview of why customer advocacy is critical to your organization and the recommended approach for getting started with a pilot program.

    Understand the strategic benefits and process for building a formal customer advocacy program. To be successful, you must reposition CA as a strategic growth initiative and continually link any CA efforts back to growth.

    • Get Started With Customer Advocacy Storyboard

    2. Define Your Advocacy Requirements – Assess your current customer advocacy efforts, identify gaps, and define your program requirements.

    With the assessment tool and steps outlined in the storyboard, you will be able to understand the gaps and pain points, where and how to improve your efforts, and how to establish program requirements.

    • Customer Advocacy Maturity Assessment Tool

    3. Win Executive Approval and Launch Pilot – Develop goals, success metrics, and timelines, and gain approval for your customer advocacy pilot.

    Align on pilot goals, key milestones, and program elements using the template and storyboard to effectively communicate with stakeholders and gain executive buy-in for your customer advocacy pilot.

    • Get Started With Customer Advocacy Executive Presentation Template

    Infographic

    Further reading

    Get Started With Customer Advocacy

    Develop a customer advocacy program to transform customer satisfaction into revenue growth.

    EXECUTIVE BRIEF

    Analyst perspective

    Customer advocacy is critical to driving revenue growth

    The image contains a picture of Emily Wright.

    Customer advocacy puts the customer at the center of everything your organization does. By cultivating a deep understanding of customer needs and how they define value and by delivering positive experiences throughout the customer journey, organizations inspire and empower customers to become evangelists for their brands or products. Both the client and solution provider enjoy satisfying and ongoing business outcomes as a result.

    Focusing on customer advocacy is critical for software solutions providers. Business-to-business (B2B) buyers are increasingly looking to their peers and third-party resources to arm themselves with information on solutions they feel they can trust before they choose to engage with solution providers. Your satisfied customers are now your most trusted and powerful resource.

    Customer advocacy helps build strong relationships with your customers, nurtures brand advocacy, gives your marketing messaging credibility, and differentiates your company from the competition; it’s critical to driving revenue growth. Companies that develop mature advocacy programs can increase Customer Lifetime Value (CLV) by 16% (Wharton Business School, 2009), increase customer retention by 35% (Deloitte, 2011), and give themselves a strong competitive advantage in an increasingly competitive marketplace.

    Emily Wright
    Senior Research Analyst, Advisory
    SoftwareReviews

    Executive summary

    Your Challenge

    Ad hoc customer advocacy (CA) efforts and reference programs, while still useful, are not enough to drive growth. Providers increase their chance for success by assessing if they face the following challenges:

    • Lack of referenceable customers that can turn into passionate advocates, or a limited pool that is at risk of burnout.
    • Lack of references for all key customer types, verticals, etc., especially in new growth segments or those that are hard to recruit.
    • Lack of a consistent program for gathering customer feedback and input to make improvements and increase customer satisfaction.
    • Lack of executive and stakeholder (e.g. Sales, Customer Success, channel partners, etc.) buy-in for the importance and value of customer advocacy.

    Building a strong customer advocacy program must be a high priority for customer service/success leaders in today’s highly competitive software markets.

    Common Obstacles

    Getting started with customer advocacy is no easy task. Many customer success professionals carry out ad hoc customer advocacy activities to address immediate needs but lack a more strategic approach. What separates them from success are several nagging obstacles:

    • Efforts lack funding and buy-in from stakeholders.
    • Senior management doesn’t fully understand the business value of a customer advocacy program.
    • Duplicate efforts are taking place between Sales, Marketing, product teams, etc., because ownership, roles, and responsibilities have not been determined.
    • Relationships are guarded/hoarded by those who feel they own the relationship (e.g. Sales, Customer Success, channel partners, etc.).
    • Customer-facing staff often lack the necessary skills to foster customer advocacy.

    SoftwareReviews’ Approach

    This blueprint will help leaders of customer advocacy programs get started with developing a formalized pilot program that will demonstrate the value of customer advocacy and lay a strong foundation to justify rollout. Through SoftwareReviews’ approach, customer advocacy leaders will:

    • Enable the organization to identify and develop meaningful relationships with top customers and advocates.
    • Understand the concepts and benefits of CA and how CA can be used to improve marketing and sales and fuel growth and competitiveness.
    • Follow SoftwareReviews’ methodology to identify where to start to apply CA within the organization.
    • Develop a customer advocacy proof of concept/pilot program to gain stakeholder approval and funding to get started with or expand efforts around customer advocacy.

    What is customer advocacy?

    “Customer advocacy is the act of putting customer needs first and working to deliver solution-based assistance through your products and services." – Testimonial Hero, 2021

    Customer advocacy is designed to keep customers loyal through customer engagement and advocacy marketing campaigns. Successful customer advocacy leaders experience decreased churn while increasing return on investment (ROI) through retention, acquisition, and cost savings.

    Businesses that implement customer advocacy throughout their organizations find new ways of supporting customers, provide additional customer value, and ensure their brands stand unique among the competition.

    Customer Advocacy Is…

    • An integral part of any marketing and/or business strategy.
    • Essential to improving and maintaining high levels of customer satisfaction.
    • Focused on delivering value to customers.
    • Not only a set of actions, but a mindset that should be fostered and reinforced through a customer-centric culture.
    • Mutually beneficial relationships for both company and customer.

    Customer Advocacy Is Not…

    • Only referrals and testimonials.
    • Solely about what you can get from your advocates.
    • Brand advocacy. Brand advocacy is the desired outcome of customer advocacy.
    • Transactional. Brand advocates must be engaged.
    • A nice-to-have.
    • Solved entirely by software. Think about what you want to achieve and how a software solution can you help you reach those goals.

    SoftwareReviews Insight

    Customer advocacy has evolved into being a valued company asset versus a simple referral program – success requires an organization-wide customer-first mindset and the recognition that customer advocacy is a strategic growth initiative necessary to succeed in today’s competitive market.

    Customer advocacy: Essential to high retention

    When customers advocate for your company and products, they are eager to retain the value they receive

    • Customer acts of advocacy correlate to high retention.
    • Acts of advocacy won’t happen unless customers feel their interests are placed ahead of your company’s, thereby increasing satisfaction and customer success. That’s the definition of a customer-centric culture.
    • And yet your company does receive significant benefits from customer advocacy:
      • When customers advocate and renew, your costs go down and margins rise because it costs less to keep a happy customer than it does to bring a new customer onboard.
      • When renewal rates are high, customer lifetime value increases, also increasing profitability.

    Acquiring a new customer can cost five times more than retaining an existing customer (Huify, 2018).

    Increasing customer retention by 5% can increase profits by 25% to 95% (Bain & Company, cited in Harvard Business Review, 2014).

    SoftwareReviews Insight

    Don’t overlook the value of customer advocacy to retention! Despite the common knowledge that it’s far easier and cheaper to sell to an existing customer than to sell to a new prospect, most companies fail to leverage their customer advocacy programs and continue to put pressure on Marketing to focus their budgets on customer acquisition.

    Customer advocacy can also be your ultimate growth strategy

    In your marketing and sales messaging, acts of advocacy serve as excellent proof points for value delivered.

    Forty-five percent of businesses rank online reviews as a top source of information for selecting software during this (top of funnel) stage, followed closely by recommendations and referrals at 42%. These sources are topped only by company websites at 54% (Clutch, 2020).

    With referrals coming from customer advocates to prospects via your lead gen engine and through seller talk tracks, customer advocacy is central to sales, marketing, and customer experience success.

    ✓ Advocates can help your new customers learn your solution and ensure higher adoption and satisfaction.
    ✓ Advocates can provide valuable, honest feedback on new updates and features.

    The image contains a picture to demonstrate the cycle of customer advocacy. The image has four circles, with one big circle in the middle and three circles surrounding with arrows pointing in both directions in between them. The middle circle is labelled customer advocacy. The three circles are labelled: sales, customer success, marketing.

    “A customer advocacy program is not just a fancy buzz word or a marketing tool that’s nice to have. It’s a core discipline that every major brand needs to integrate into their overall marketing, sales and customer success strategies if they expect to survive in this trust economy. Customer advocacy arguably is the common asset that runs throughout all marketing, sales and customer success activities regardless of the stage of the buyer’s journey and ties it all together.” – RO Innovation, 2017

    Positive experience drives acts of advocacy

    More than price or product, experience now leads the way in customer advocacy and retention

    Advocacy happens when customers recommend your product. Our research shows that the biggest drivers of likeliness to recommend and acts of customer advocacy are the positive experiences customers have with vendors and their products, not product features or cost savings. Customers want to feel that:

    1. Their productivity and performance is enhanced and the vendor is helping them to innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.

    The image contains a graph to demonstrate the correlation of likeliness to recommend a satisfaction driver. Where anything above a 0.5 indicates a strong driver of satisfaction.

    Note that anything above 0.5 indicates a strong driver of satisfaction.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    SoftwareReviews Insight

    True customer satisfaction comes from helping customers innovate, enhancing their performance, inspiring them to continually improve, and being reliable, respectful, trustworthy, and conscious of their time. These true drivers of satisfaction should be considered in your customer advocacy and retention efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, drive advocacy, and ultimately, power business growth. Talk to a SoftwareReviews advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Yet challenges exist for customer advocacy program leaders

    Customer success leaders without a strong customer advocacy program feel numerous avoidable pains:

    • Lack of compelling stories and proof points for the sales team, causing long sales cycles.
    • Heavy reliance on a small pool of worn-out references.
    • Lack of references for all needed customer types, verticals, etc.
    • Lack of a reliable customer feedback process for solution improvements.
    • Overspending on acquiring new customers due to a lack of customer proof points.
    • Missed opportunities that could grow the business (customer lifetime value, upsell/cross-sell, etc.).

    Marketing, customer success, and sales teams experiencing any one of the above challenges must consider getting started with a more formalized customer advocacy program.

    Obstacles to customer advocacy programs

    Leaders must overcome several barriers in developing a customer advocacy program:

    • Stakeholders are often unclear on the value customer advocacy programs can bring and require proof of benefits to invest.
    • Efforts are duplicated among sales, marketing, product, and customer success teams, given ownership and collaboration practices are ill-defined or nonexistent.
    • There is a culture of guarding or hoarding customer relationships by those who feel they own the relationship, or there’s high turnover among employees who own the customer relationships.
    • The governance, technology, people, skills, and/or processes to take customer advocacy to the next level are lacking.
    • Leaders don’t know where to start with customer advocacy, what needs to be improved, or what to focus on first.

    A lack of customer centricity hurts organizations

    12% of people believe when a company says they put customers first. (Source: HubSpot, 2019)

    Brands struggle to follow through on brand promises, and a mismatch between expectations and lived experience emerges. Customer advocacy can help close this gap and help companies live up to their customer-first messaging.

    42% of companies don’t conduct any customer surveys or collect feedback. (Source: HubSpot, 2019)

    Too many companies are not truly listening to their customers. Companies that don’t collect feedback aren’t going to know what to change to improve customer satisfaction. Customer advocacy will orient companies around their customer and create a reliable feedback loop that informs product and service enhancements.

    Customer advocacy is no longer a nice-to-have but a necessity for solution providers

    B2B buyers increasingly turn to peers to learn about solutions:

    “84% of B2B decision makers start the buying process with a referral.” (Source: Influitive, Gainsight & Pendo, 2020)

    “46% of B2B buyers rely on customer references for information before purchasing.” (Source: RO Innovation, 2017)

    “91% of B2B purchasers’ buying decisions are influenced by word-of-mouth recommendations.” (Source: ReferralRock, 2022)

    “76% of individuals admit that they’re more likely to trust content shared by ‘normal’ people than content shared by brands.” (Source: TrustPilot, 2020)

    By ignoring the importance of customer advocacy, companies and brands are risking stagnation and missing out on opportunities to gain competitive advantage and achieve growth.

    Getting Started With Customer Advocacy: SoftwareReviews' Approach

    1 BUILD
    Build the business case
    Identify your key stakeholders, steering committee, and working team, understand key customer advocacy principles, and note success barriers and ways to overcome them as your first steps.

    2 DEVELOP
    Develop your advocacy requirements
    Assess your current customer advocacy maturity, identify gaps in your current efforts, and develop your ideal advocate profile.

    3 WIN
    Win executive approval and implement pilot
    Determine goals and success metrics for the pilot, establish a timeline and key project milestones, create advocate communication materials, and finally gain executive buy-in and implement the pilot.

    SoftwareReviews Insight
    Building and implementing a customer advocacy pilot will help lay the foundation for a full program and demonstrate to executives and key stakeholders the impact on revenue, retention, and CLV that can be achieved through coordinated and well-planned customer advocacy efforts.

    Customer advocacy benefits

    Our research benefits customer advocacy program managers by enabling them to:

    • Explain why having a centralized, proactive customer advocacy program is important.
    • Clearly communicate the benefits and business case for having a formalized customer advocacy program.
    • Develop a customer advocacy pilot to provide a proof of concept (POC) and demonstrate the value of customer advocacy.
    • Assess the maturity of your current customer advocacy efforts and identify what to improve and how to improve to grow your customer advocacy function.

    "Advocacy is the currency for business and the fuel for explosive growth. Successful marketing executives who understand this make advocacy programs an essential part of their go-to-market strategy. They also know that advocacy isn't something you simply 'turn on': ... ultimately, it's about making human connections and building relationships that have enduring value for everyone involved."
    - Dan Cote, Influitive, Dec. 2021

    Case Study: Advocate impact on sales at Genesys

    Genesys' Goal

    Provide sales team with compelling customer reviews, quotes, stories, videos, and references.

    Approach to Advocacy

    • Customers were able to share their stories through Genesys' customer hub GCAP as quotes, reviews, etc., and could sign up to host reference forum sessions for prospective customers.
    • Content was developed that demonstrated ROI with using Genesys' solutions, including "top-tier logos, inspiring quotes, and reference forums featuring some of their top advocates" (Influitive, 2021).
    • Leveraged customer advocacy-specific software solution integration with the CRM to easily identify reference recommendations for Sales.

    Advocate Impact on Sales

    According to Influitive (2021), the impacts were:

    • 386% increase in revenue influences from references calls
    • 82% of revenue has been influence by reference calls
    • 78 reference calls resulted in closed-won opportunities
    • 250 customers and prospects attended 7 reference forums
    • 112 reference slides created for sales enablement
    • 100+ quotes were collect and transformed into 78 quote slides

    Who benefits from getting started with customer advocacy?

    This Research Is Designed for:

    • Customer advocacy leaders and marketers who are looking to:
      • Take a more strategic, proactive, and structured approach to customer advocacy.
      • Find a more effective and reliable way to gather customer feedback and input on products and services.
      • Develop and nurture a customer-oriented mindset throughout the organization.
      • Improve marketing credibility both within the company and outside to prospective customers.

    This Research Will Help You:

    • Explain why having a centralized, proactive customer advocacy program is important.
    • Clearly communicate the benefits and business case for having a formalized customer advocacy program.
    • Develop a customer advocacy pilot to provide a proof of concept (POC) and demonstrate the value of customer advocacy.
    • Assess the maturity of your current customer advocacy efforts and identify what to improve and how to improve to grow your customer advocacy function.

    This Research Will Also Assist:

    • Customer success leaders and sales directors who are responsible for:
      • Gathering customer references and testimonials.
      • Referral or voice of the customer (VoC) programs.

    This Research Will Help Them:

    • Align stakeholders on an overall program of identifying ideal advocates.
    • Coordinate customer advocacy efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and service provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for getting started with customer advocacy

    Phase Steps

    1. Build the business case

    1. Identify your key stakeholders, steering committee, and working team
    2. Understand the concepts and benefits of customer advocacy as they apply to your organization
    3. Outline barriers to success, risks, and risk mitigation tactics

    2. Develop your advocacy requirements

    1. Assess your customer advocacy maturity using the SoftwareReviews CA Maturity Assessment Tool
    2. Identify gaps/pains in current CA efforts and add tasks to your action plan
    3. Develop ideal advocate profile/identify target advocate segment(s)

    3. Create implementation plan and pitch CA pilot

    1. Determine pilot goals and success metrics
    2. Establish timeline and create advocate communication materials
    3. Gain executive buy-in and implement pilot

    Phase Outcomes

    1. Common understanding of CA concepts and benefits
    2. Buy-in from CEO and head of Sales
    3. List of opportunities, risks, and risk mitigation tactics
    1. Identification of gaps in current customer advocacy efforts and/or activities
    2. Understanding customer advocacy readiness
    3. Identification of ideal advocate profile/target segment
    4. Basic actions to bridge gaps in CA efforts
    1. Clear objective for CA pilot
    2. Key metrics for program success
    3. Pilot timelines and milestones
    4. Executive presentation with business case for CA

    Insight summary

    Customer advocacy is a critical strategic growth initiative
    Customer advocacy (CA) has evolved into being a highly valued company asset as opposed to a simple referral program, but not everyone in the organization sees it that way. Customer success leaders must reposition their CA program around growth instead of focusing solely on retention and communicate this to key stakeholders. The recognition that customer advocacy is a strategic growth initiative is necessary to succeed in today’s competitive market.

    Get key stakeholders on board early – especially Sales!
    Work to bring the CEO and the head of Sales on your side early. Sales is the gatekeeper – they need to open the door to customers to turn them into advocates. Clearly reposition CA for growth and communicate that to the CEO and head of Sales; wider buy-in will follow.

    Identify the highest priority segment for generating acts of advocacy
    By focusing on the highest priority segment, you accomplish a number of things: generating growth in a critical customer segment, proving the value of customer advocacy to key stakeholders (especially Sales), and setting a strong foundation for customer advocacy to build upon and expand the program out to other segments.

    Always link your CA efforts back to retention and growth
    By clearly demonstrating the impact that customer advocacy has on not only retention but also overall growth, marketers will gain buy-in from key stakeholders, secure funding for a full CA program, and gain the resources needed to expand customer advocacy efforts.

    Focus on providing value to advocates
    Many organizations take a transactional approach to customer advocacy, focusing on what their advocates can do for them. To truly succeed with CA, focus on providing your advocates with value first and put them in the spotlight.

    Make building genuine relationships with your advocates the cornerstone of your CA program
    "57% of small businesses say that having a relationship with their consumers is the primary driver of repeat business" (Factory360).

    Guided Implementation

    What does our GI on getting started with building customer advocacy look like?

    Build the Business Case

    Call #1: Identify key stakeholders. Map out motivations and anticipate any concerns or objections. Determine steering committee and working team. Plan next call – 1 week.

    Call #2: Discuss concepts and benefits of customer advocacy as they apply to organizational goals. Plan next call – 1 week.

    Call #3: Discuss barriers to success, risks, and risk mitigation tactics. Plan next call – 1 week.

    Call #4: Finalize CA goals, opportunities, and risks and develop business case. Plan next call – 2 weeks.

    Develop Your Advocacy Requirements

    Call #5: Review the SoftwareReviews CA Maturity Assessment Tool. Assess your current level of customer advocacy maturity. Plan next call – 1 week.

    Call #6: Review gaps and pains in current CA efforts. Discuss tactics and possible CA pilot program goals. Begin adding tasks to action plan. Plan next call – 2 weeks.

    Call #7: Discuss ideal advocate profile and target segments. Plan next call – 2 weeks.

    Call #8: Validate and finalize ideal advocate profile. Plan next call – 1 week.

    Win Executive Approval and Implement Pilot

    Call #9: Discuss CA pilot scope. Discuss performance metrics and KPIs. Plan next call – 3 days.

    Call #10: Determine timeline and key milestones. Plan next call –2 weeks.

    Call #11: Develop advocate communication materials. Plan next call – 3 days.

    Call #12: Review final business case and coach on executive presentation. Plan next call – 1 week.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.


    Customer Advocacy Workshop

    Pre-Workshop Day 1 Day 2 Day 3 Day 4 Day 5 Post-Workshop
    Activities Identify Stakeholders & CA Pilot Team Build the Business Case Assess Current CA Efforts Develop Advocacy Goals & Ideal Advocate Profile Develop Project Timelines, Materials, and Exec Presentation Next Steps and Wrap-Up (offsite) Pitch CA Pilot
    0.1 Identify key stakeholders to involve in customer advocacy pilot and workshop; understand their motivations and anticipate possible concerns. 1.1 Review key CA concepts and identify benefits of CA for the organization.
    1.2 Outline barriers to success, risks, and risk mitigation tactics.
    2.1 Assess your customer advocacy maturity using the SoftwareReviews CA Maturity Assessment Tool.
    2.2 Identify gaps/pains in current CA efforts.
    2.3 Prioritize gaps from diagnostic and any other critical pain points.
    3.1 Identify and document the ideal advocate profile and target customer segment for pilot.
    3.2 Determine goal(s) and success metrics for program pilot.
    4.1 Develop pilot timelines and key milestones.
    4.2 Outline materials needed and possible messaging.
    4.3 Build the executive buy-in presentation.
    5.1 Complete in-progress deliverables from the previous four days. 6.1 Present to executive team and stakeholders.
    6.2 Gain executive buy-in and key stakeholder approval.
    6.3 Execute CA pilot.
    Deliverables
    1. Rationale for CA pilot; clear benefits, and how they apply to the organization.
    2. Documented barriers to success, risks, and risk mitigation tactics.
    1. CA Maturity Assessment results.
    2. Identification of gaps in current customer advocacy efforts and/or activities.
    1. Documented ideal advocate profile/target customer segment.
    2. Clear goal(s) and success metrics for CA pilot.
    1. Documented pilot timelines and key milestones.
    2. Draft/outlines of advocate materials.
    3. Draft executive presentation with business case for CA.
    1. Finalized implementation plan for CA pilot.
    2. Finalized executive presentation with business case for CA.
    1. Buy-in from decision makers and key stakeholders.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Get started!

    Know your target market and audience, deploy well-designed strategies based on shared values, and make meaningful connections with people.

    Phase 1
    Build the Business Case

    Phase 2
    Develop Your Advocacy Requirements

    Phase 3
    Win Executive Approval and Implement Pilot

    Phase 1: Build the Business Case

    Steps
    1.1 Identify your key stakeholders, steering committee, and working team
    1.2 Understand the concepts and benefits of customer advocacy as they apply to your organization
    1.3 Outline barriers to success, risks, and risk mitigation tactics

    Phase Outcome

    • Common understanding of CA concepts and benefits
    • Buy-in from CEO and head of Sales
    • List of barriers to success, risks, and risk mitigation tactics

    Build the business case

    Step 1.1 Identify your key stakeholders, steering committee, and working team

    Total duration: 2.5-8.0 hours

    Objective
    Identify, document, and finalize your key stakeholders to know who to involve and how to get them onboard by truly understanding the forces of influence.

    Output

    • Robust stakeholder list with key stakeholders identified.
    • Steering committee and working team decided.

    Participants

    • Customer advocacy lead
    • Identified stakeholders
    • Workstream leads

    MarTech
    None

    Tools

    1.1.1 Identify Stakeholders
    (60-120 min.)

    Identify
    Using the guidance on slide 28, identify all stakeholders who would be involved or impacted by your customer advocacy pilot by entering names and titles into columns A and B on slide 27 "Stakeholder List Worksheet."

    Document
    Document as much information about each stakeholder as possible in columns C, D, E, and F into the table on slide 27.

    1.1.2 Select Steering Committee & Working Team
    (60-90 min.)

    Select
    Using the guidance on slides 28 and 29 and the information collected in the table on slide 27, identify the stakeholders that are steering committee members, functional workstream leads, or operations; document in column G on slide 27.

    Document
    Open the Executive Presentation Template to slides 5 and 6 and document your final steering committee and working team selections. Be sure to note the Executive Sponsor and Program Manager on slide 5.

    Tips & Reminders

    1. It is critical to identify "key stakeholders"; a single missed key stakeholder can disrupt an initiative. A good way to ensure that nobody is missed is to first uncover as many stakeholders as possible and later decide how important they are.
    2. Ensure steering committee representation from each department this initiative would impact or that may need to be involved in decision-making or problem-solving endeavors.

    Consult Info-Tech's Manage Stakeholder Relations blueprint for additional guidance on identifying and managing stakeholders, or contact one of our analysts for more personalized assistance and guidance.

    Stakeholder List Worksheet

    *Possible Roles
    Executive Sponsor
    Program Manager
    Workstream Lead
    Functional Lead
    Steering Committee
    Operations
    A B C D E F G
    Name Position Decision Involvement
    (Driver / Approver / Contributor / Informe
    Direct Benefit?
    (Yes / No)
    Motivation Concerns *Role in Customer Advocacy Pilot
    E.g. Jane Doe VP, Customer Success A N
    • Increase customer retention
    • Customer advocate burnout
    Workstream Lead

    Customer advocacy stakeholders

    What to consider when identifying stakeholders required for CA:
    Customer advocacy should be done as a part of a cross-functional company initiative. When identifying stakeholders, consider:

    • Who can make the ultimate decision on approving the CA program?
    • Who are the senior leadership members you need buy-in from?
    • Who do you need to support the CA program?
    • Who is affected by the CA program?
    • Who will help you build the CA program?
    • Where and among who is there enthusiasm for customer advocacy?
    • Consider stakeholders from Customer Success, Marketing, Sales, Product, PR & Social, etc.
    Key Roles Supporting an Effective Customer Advocacy Pilot
    Executive Sponsor
    • Owns the function at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, and in SMB providers, the CEO
    Program Manager
    • Typically, a senior member of the marketing team
    • Responsible for organizing the customer advocacy pilot, preparing summary executive-level communications, and approval requests
    • Program manages the customer advocacy pilot, and in many cases, the continued formal program
    • Product Marketing Director, or other Marketing Director, who has strong program management skills, has run large-scale marketing or product programs, and is familiar with the stakeholder roles and enabling technologies
    Functional / Workstream Leads
    • Works alongside the Program Manager on planning and implementing the customer advocacy pilot and ensures functional workstreams are aligned with pilot objectives
    • Typical customer advocacy pilots will have a team comprised of representatives from Marketing, Sales, and Customer Success
    Steering Committee
    • Comprised of C-suite/management-level individuals that guide key decisions, approve requests, and mitigate any functional conflicts
    • Responsible for validating goals and priorities, enabling adequate resourcing, and critical decision making
    • CMO, CRO/Head of Sales, Head of Customer Success
    Operations
    • Comprised of individuals whose application and tech tools knowledge and skills support integration of customer advocacy functions into existing tech stack/CRM (e.g. adding custom fields into CRM)
    • Responsible for helping select technology that enables customer advocacy program activities
    • CRM, Marketing Applications, and Analytics Managers, IT Managers

    Customer advocacy working team

    Consider the skills and knowledge required for planning and executing a customer advocacy pilot.

    Workstream leads should have strong project management and collaboration skills and deep understanding of both product and customers (persona, journeys, satisfaction, etc.).

    Required Skills Suggested Functions
    • Project management
    • CRM knowledge
    • Marketing automation experience
    • MarTech knowledge
    • Understanding of buyer persona and journey
    • Product knowledge
    • Understanding of executive-level goals for the pilot
    • Content creation
    • Customer advocacy experience, if possible
    • Customer satisfaction
    • Email and event marketing experience
    • Customer Success
    • Marketing
    • Sales
    • Product
    • PR/Corporate Comms.

    Build the business case

    Step 1.2 Understand key concepts and benefits of customer advocacy

    Total duration: 2.0-4.0 hours

    Objective
    Understand customer advocacy and what benefits you seek from your customer advocacy program, and get set up to best communicate them to executives and decision makers.

    Output

    • Documented customer advocacy benefits

    Participants

    • Customer advocacy lead

    MarTech
    None

    Tools

    1.2.1 Discuss Key Concepts
    (60-120 min.)

    Envision
    Schedule a visioning session with key stakeholders and share the Get Started With Customer Advocacy Executive Brief (slides 3-23 in this deck).

    Discuss how key customer advocacy concepts can apply to your organization and how CA can contribute to organizational growth.

    Document
    Determine the top benefits sought from the customer advocacy program pilot and record them on slides 4 and 12 in the Executive Presentation Template.

    Finalize
    Work with the Executive Sponsor to finalize the "Message from the CMO" on slide 4 in the Executive Presentation Template.

    Tips & Reminders

    Keep in mind that while we're starting off broadly, the pilot for your customer advocacy program should be narrow and focused in scope.

    Build the business case

    Step 1.3 Understand barriers to success, risks, and risk mitigation tactics

    Total duration: 2.0-8.0 hours

    Objective
    Anticipate threats to pilot success; identify barriers to success, any possible risks, and what can be done to reduce the chances of a negative pilot outcome.

    Output

    • Awareness of barriers
    • Tactics to mitigate risk

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    1.3.1 Brainstorm Barriers to Success & Possible Risks
    (60-120 min.)

    Identify
    Using slide 7 of the Executive Presentation Template, brainstorm any barriers to success that may exist and risks to the customer advocacy program pilot success. Consider the people, processes, and technology that may be required.

    Document
    Document all information on slide 7 of the Executive Presentation Template.

    1.3.2 Develop Risk Mitigation Tactics
    (60-300 min.)

    Develop
    Brainstorm different ways to address any of the identified barriers to success and reduce any risks. Consider the people, processes, and technology that may be required.

    Document
    Document all risk mitigation tactics on slide 7 of the Executive Presentation Template.

    Tips & Reminders
    There are several types of risk to explore. Consider the following when brainstorming possible risks:

    • Damage to brand (if advocate guidance not provided)
    • Legal (compliance with regulations and laws around contact, incentives, etc.)
    • Advocate burnout
    • Negative advocate feedback

    Phase 2: Develop Your Advocacy Requirements

    Steps
    2.1 Assess your customer advocacy maturity
    2.2 Identify and document gaps and pain points
    2.3 Develop your ideal advocate profile

    Phase Outcome

    • Identification of gaps in current customer advocacy efforts or activities
    • Understanding of customer advocacy readiness and maturity
    • Identification of ideal advocate profile/target segment
    • Basic actions to bridge gaps in CA efforts

    Develop your advocacy requirements

    Step 2.1 Assess your customer advocacy maturity

    Total duration: 2.0-8.0 hours

    Objective
    Use the Customer Advocacy Maturity Assessment Tool to understand your organization's current level of customer advocacy maturity and what to prioritize in the program pilot.

    Output

    • Current level of customer advocacy maturity
    • Know areas to focus on in program pilot

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    2.1.1 Diagnose Current Customer Advocacy Maturity
    (60-120 min.)

    Diagnose
    Begin on tab 1 of the Customer Advocacy Maturity Assessment Tool and read all instructions.

    Navigate to tab 2. Considering the current state of customer advocacy efforts, answer the diagnostic questions in the Diagnostic tab of the Customer Advocacy Maturity Assessment Tool.

    After completing the questions, you will receive a diagnostic result on tab 3 that will identify areas of strength and weakness and make high-level recommendations for your customer advocacy program pilot.

    2.1.2 Discuss Results
    (60-300 min.)

    Discuss
    Schedule a call to discuss your customer advocacy maturity diagnostic results with a SoftwareReviews Advisor.

    Prioritize the recommendations from the diagnostic, noting which will be included in the program pilot and which require funding and resources to advance.

    Transfer
    Transfer results into slides 8 and 11 of the Executive Presentation Template.

    Tips & Reminders
    Complete the diagnostic with a handful of key stakeholders identified in the previous phase. This will help provide a more balanced and accurate assessment of your organization’s current level of customer advocacy maturity.

    Develop your advocacy requirements

    Step 2.2 Identify and document gaps and pain points

    Total duration: 2.5-8.0 hours

    Objective
    Understand the current pain points within key customer-related processes and within any current customer advocacy efforts taking place.

    Output

    • Prioritized list of pain points that could be addressed by a customer advocacy program.

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    2.2.1 Identify Pain Points
    (60-120 min.)

    Identify
    Identify and list current pain points being experienced around customer advocacy efforts and processes around sales, marketing, customer success, and product feedback.

    Add any gaps identified in the diagnostic to the list.

    Transfer
    Transfer key information into slide 9 of Executive Presentation Template.

    2.2.2 Prioritize Pain Points
    (60-300 min.)

    Prioritize
    Indicate which pains are the most important and that a customer advocacy program could help improve.

    Schedule a call to discuss the outputs of this step with a SoftwareReviews Advisor.

    Document
    Document priorities on slide 9 of Executive Presentation Template.

    Tips & Reminders

    Customer advocacy won't solve for everything; it's important to be clear about what pain points can and can't be addressed through a customer advocacy program.

    Develop your advocacy requirements

    Step 2.3 Develop your ideal advocate profile

    Total duration: 3.0-9.0 hours

    Objective
    Develop an ideal advocate persona profile that can be used to identify potential advocates, guide campaign messaging, and facilitate advocate engagement.

    Output

    • Ideal advocate persona profile

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    May require the use of:

    • CRM or marketing automation platform
    • Available and up-to-date customer database

    Tools

    2.3.1 Brainstorm Session Around Ideal Advocate Persona
    (60-150 min.)

    Brainstorm
    Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template.

    Choose your ideal advocate for the pilot based on your most important audience. Start with firmographics like company size, industry, and geography.

    Next, consider satisfaction levels and behavioral attributes, such as renewals, engagement, usage, and satisfaction scores.

    Identify motivations and possible incentives for advocate activities.

    Document
    Use slide 10 of the Executive Presentation Template to complete this exercise.

    2.3.2 Review and Refine Advocate Persona
    (60-300 min.)

    Review & Refine
    Place the Executive Presentation Template in a shared drive for team collaboration. Encourage the team to share persona knowledge within the shared drive version.

    Hold any necessary follow-up sessions to further refine persona.

    Validate
    Interview advocates that best represent your ideal advocate profile on their type of preferred involvement with your company, their role and needs when it comes to your solution, ways they'd be willing to advocate, and rewards sought.

    Confirm
    Incorporate feedback and inputs into slide 10 of the Executive Presentation Template. Ensure everyone agrees on persona developed.

    Tips & Reminders

    1. When identifying potential advocates, choose based on your most important audience.
    2. Ensure you're selecting those with the highest satisfaction scores.
    3. Ideally, select candidates that have, on their own, advocated previously such as in social posts, who may have acted as a reference, or who have been highly visible as a positive influence at customer events.
    4. Knowing motivations will determine the type of acts of advocacy they would be most willing to perform and the incentives for participating in the program.

    Consider the following criteria when identifying advocates and developing your ideal advocate persona:

    Demographics Firmographics Satisfaction & Needs/Value Sought Behavior Motivation
    Role - user, decision-maker, etc. Company size: # of employees Satisfaction score Purchase frequency & repeat purchases (renewals), upgrades Career building/promotion
    Department Company size: revenue NPS score Usage Collaboration with peers
    Geography CLV score Engagement (e.g. email opens, response, meetings) Educate others
    Industry Value delivered (outcomes, occasions used, etc.) Social media interaction, posts Influence (on product, service)
    Tenure as client Benefits sought
    Account size ($) Minimal and resolved service tickets, escalations
    1. When identifying potential advocates, choose based on your most important audience/segments. 2. Ensure you're selecting those with the highest satisfaction, NPS, and CLV scores. 3. When identifying potential advocates, choose based on high engagement and interaction, regular renewals, and high usage. 4. Knowing motivations will determine the type of acts of advocacy they would be most willing to perform and incentives for participating in the program.

    Phase 3: Win Executive Approval and Implement Pilot

    Steps
    3.1 Determine pilot goals and success metrics
    3.2 Establish timeline and create advocate communication materials
    3.3 Gain executive buy-in and implement pilot

    Phase Outcome

    • Clear objective for CA pilot
    • Key metrics for program success
    • Pilot timelines and milestones
    • Executive presentation with business case for CA

    Win executive approval and implement pilot

    Step 3.1 Determine pilot goals and success metrics

    Total duration: 2.0-4.0 hours

    Objective
    Set goals and determine the scope for the customer advocacy program pilot.

    Output

    • Documented business objectives for the pilot
    • Documented success metrics

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    May require to use, set up, or install platforms like:

    • Register to a survey platform
    • CRM or marketing automation platform

    Tools

    3.1.1 Establish Pilot Goals
    (60-120 min.)

    Set
    Organize a meeting with department heads and review organizational and individual department goals.

    Using the Venn diagram on slide 39 in this deck, identify customer advocacy goals that align with business goals. Select the highest priority goal for the pilot.

    Check that the goal aligns with benefits sought or addresses pain points identified in the previous phase.

    Document
    Document the goals on slides 9 and 16 of the Executive Presentation Template.

    3.1.2 Establish Pilot Success Metrics
    (60-120 min.)

    Decide
    Decide how you will measure the success of your program pilot using slide 40 in this document.

    Document
    Document metrics on slide 16 of the Executive Presentation Template.

    Tips & Reminders

    1. Don't boil the ocean. Pick the most important goal that can be achieved through the customer advocacy pilot to gain executive buy-in and support or resources for a formal customer advocacy program. Once successfully completed, you'll be able to tackle new goals and expand the program.
    2. Keep your metrics simple, few in number, and relatively easy to track

    Connect customer advocacy goals with organizational goals

    List possible customer advocacy goals, identifying areas of overlap with organizational goals by taking the following steps:

    1. List organizational/departmental goals in the green oval.
    2. List possible customer advocacy program goals in the purple oval.
    3. Enter goals that are covered in both the Organizational Goals and Customer Advocacy Goals sections into the Shared Goals section in the center.
    4. Highlight the highest priority goal for the customer advocacy program pilot to tackle.
    Organizational Goals Shared Goals Customer Advocacy Goals
    Example Example: Gain customer references to help advance sales and improve win rates Example: Develop pool of customer references
    [insert goal] [insert goal] Example: Gather customer feedback
    [insert goal] [insert goal] [insert goal]
    [insert goal] [insert goal] [insert goal]

    Customer advocacy success metrics for consideration

    This table provides a starting point for measuring the success of your customer advocacy pilot depending on the goals you've set.

    This list is by no means exhaustive; the metrics here can be used, or new metrics that would better capture success measurement can be created and tracked.

    Metric
    Revenue influenced by reference calls ($ / % increase)
    # of reference calls resulting in closed-won opportunities
    # of quotes collected
    % of community growth YoY
    # of pieces of product feedback collected
    # of acts of advocacy
    % membership growth
    % product usage amongst community members
    # of social shares, clicks
    CSAT score for community members
    % of registered qualified leads
    # of leads registered
    # of member sign-ups
    # of net-new referenceable customers
    % growth rate of products used by members
    % engagement rate
    # of published third-party reviews
    % increase in fulfilled RFPs

    When selecting metrics, remember:
    When choosing metrics for your customer advocacy pilot, be sure to align them to your specific goals. If possible, try to connect your advocacy efforts back to retention, growth, or revenue.

    Do not choose too many metrics; one per goal should suffice.

    Ensure that you can track the metrics you select to measure - the data is available and measuring won't be overly manual or time-consuming.

    Win executive approval and implement pilot

    Step 3.2 Establish timeline and create advocate communication materials

    Total duration: 2.5-8.0 hours

    Objective
    Outline who will be involved in what roles and capacities and what tasks and activities need to completed.

    Output

    • Timeline and milestones
    • Advocate program materials

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    None

    Tools

    3.2.1 Establish Timeline & Milestones
    (30-60 min.)

    List & Assign
    List all key tasks, phases, and milestones on slides 13, 14, and 15 in the Executive Presentation Template.

    Include any activities that help close gaps or address pain points from slide 9 in the Executive Presentation Template.

    Assign workstream leads on slide 15 in the Executive Presentation Template.

    Finalize all tasks and activities with working team.

    3.2.2 Design & Build Advocate Program Materials
    (180-300 min.)

    Decide
    Determine materials needed to recruit advocates and explain the program to advocate candidates.

    Determine the types of acts of advocacy you are looking for.

    Determine incentives/rewards that will be provided to advocates, such as access to new products or services.

    Build
    Build out all communication materials.

    Obtain incentives.

    Tips & Reminders

    1. When determining incentives, use the validated ideal advocate profile for guidance (i.e. what motivates your advocates?).
    2. Ensure to leave a buffer in the timeline if the need to adjust course arises.

    Win executive approval and implement pilot

    Step 3.3 Implement pilot and gain executive buy-in

    Total duration: 2.5-8.0 hours

    Objective
    Successfully implement the customer advocacy pilot program and communicate results to gain approval for full-fledged program.

    Output

    • Deliver Executive Presentation
    • Successful customer advocacy pilot
    • Provide regular updates to stakeholders, executives

    Participants

    • Customer advocacy lead
    • Workstream leads

    MarTech
    May require the use of:

    • CRM or Marketing Automation Platform
    • Available and up-to-date customer database

    Tools

    3.3.1 Complete & Deliver Executive Presentation
    (60-120 min.)

    Present
    Finalize the Executive Presentation.

    Hold stakeholder meeting and introduce the program pilot.

    3.3.2 Gain Executive Buy-in
    (60-300 min.)

    Pitch
    Present the final results of the customer advocacy pilot using the Executive Presentation Template and gain approval.

    3.3.3 Implement the Customer Advocacy Program Pilot
    (30-60 min.)

    Launch
    Launch the customer advocacy program pilot. Follow the timelines and activities outlined in the Executive Presentation Template. Track/document all advocate outreach, activity, and progress against success metrics.

    Communicate
    Establish a regular cadence to communicate with steering committee, stakeholders. Use the Executive Presentation Template to present progress and resolve roadblocks if/as they arise.

    Tips & Reminders

    1. Continually collect feedback and input from advocates and stakeholders throughout the process.
    2. Don't be afraid to make changes on the go if it helps to achieve the end goal of your pilot.
    3. If the pilot program was successful, consider scaling it up and rolling it out to more customers.

    Summary of Accomplishment

    Mission Accomplished

    • You successfully launched your customer advocacy program pilot and demonstrated clear benefits and ROI. By identifying the needs of the business and aligning those needs with key customer advocacy activities, marketers and customer advocacy leaders can prioritize the most important tasks for the pilot while also identifying potential opportunities for expansion pending executive approval.
    • SoftwareReviews' comprehensive and tactical approach takes you through the steps to build the foundation for a strategic customer advocacy program. Our methodology ensures that a customer advocacy pilot is developed to deliver the desired outcomes and ROI, increasing stakeholder buy-in and setting up your organization for customer advocacy success.

    If you would like additional support, contact us and we'll make sure you get the professional expertise you need.

    Contact your account representative for more information.
    info@softwarereviews.com
    1-888-670-8889

    Related SoftwareReviews Research

    Measure and Manage the Customer Satisfaction Metrics That Matter the Most
    Understand what truly keeps your customer satisfied. Measure what matters to improve customer experience and increase satisfaction and advocacy.

    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish process and cadence for effective satisfaction measurement and monitoring.
    • Know where resources are needed most to improve satisfaction levels and increase retention.

    Develop the Right Message to Engage Buyers
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production.

    • Create more compelling and relevant content that aligns with a buyer's needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Create a Buyer Persona and Journey
    Get deeper buyer understanding and achieve product-market fit, with easier access to market and sales.

    • Reduce time and resources wasted chasing the wrong prospects.
    • Increase open and click-through rates.
    • Perform more effective sales discovery.
    • Increase win rate.

    Bibliography

    "15 Award-Winning Customer Advocacy Success Stories." Influitive, 2021. Accessed 8 June 2023.

    "Advocacy Marketing." Influitive, June 2016. Accessed 26 Oct. 2021.

    Andrews, Marcus. "42% of Companies Don’t Listen to their Customers. Yikes." HubSpot, June 2019. Accessed 2 Nov. 2021.

    "Before you leap! Webcast." Point of Reference, Sept. 2019. Accessed 4 Nov. 2021.

    "Brand Loyalty: 5 Interesting Statistics." Factory360, Jan. 2016. Accessed 2 Nov. 2021.

    Brenner, Michael. "The Data Driven Guide to Customer Advocacy." Marketing Insider Group, Sept. 2021. Accessed 3 Feb. 2022.

    Carroll, Brian. "Why Customer Advocacy Should Be at the Heart of Your Marketing." Marketing Insider Group, Sept. 2017. Accessed 3 Feb. 2022.

    Cote, Dan. "Advocacy Blooms and Business Booms When Customers and Employees Engage." Influitive, Dec. 2021. Accessed 3 Feb. 2022.

    "Customer Success Strategy Guide." ON24, Jan. 2021. Accessed 2 Nov. 2021.

    Dalao, Kat. "Customer Advocacy: The Revenue-Driving Secret Weapon." ReferralRock, June 2017. Accessed 7 Dec. 2021.

    Frichou, Flora. "Your guide to customer advocacy: What is it, and why is it important?" TrustPilot, Jan. 2020. Accessed 26 Oct. 2021.

    Gallo, Amy. "The Value of Keeping the Right Customers." Harvard Business Review, Oct. 2014. Accessed 10 March 2022.

    Huhn, Jessica. "61 B2B Referral Marketing Statistics and Quotes." ReferralRock, March 2022. Accessed 10 March 2022.

    Kemper, Grayson. "B2B Buying Process: How Businesses Purchase B2B Services and Software." Clutch, Feb. 2020. Accessed 6 Jan. 2022.

    Kettner, Kyle. "The Evolution of Ambassador Marketing." BrandChamp.io, Oct. 2018. Accessed 2 Nov. 2021.

    Landis, Taylor. "Customer Retention Marketing vs. Customer Acquisition Marketing." OutboundEngine, April 2022. Accessed 23 April 2022.

    Miels, Emily. "What is customer advocacy? Definition and strategies." Zendesk Blog, June 2021. Accessed 27 Oct. 2021.

    Mohammad, Qasim. "The 5 Biggest Obstacles to Implementing a Successful B2B Customer Advocacy Program." HubSpot, June 2018. Accessed 6 Jan. 2022.

    Murphy, Brandon. "Brand Advocacy and Social Media - 2009 GMA Conference." Deloitte, Dec. 2009. Accessed 8 June 2023.

    Patel, Neil. "Why SaaS Brand Advocacy is More Important than Ever in 2021." Neil Patel, Feb. 2021. Accessed 4 Nov. 2021.

    Pieri, Carl. "The Plain-English Guide to Customer Advocacy." HubSpot, Apr. 2020. Accessed 27 Oct. 2021.

    Schmitt, Philipp; Skiera, Bernd; Van den Bulte, Christophe. "Referral Programs and Customer Value." Wharton Journal of Marketing, Jan. 2011. Accessed 8 June 2023.

    "The Complete Guide to Customer Advocacy." Gray Group International, 2020. Accessed 15 Oct. 2021.

    "The Customer-powered Enterprise: Playbook." Influitive, Gainsight & Pendo. 2020. Accessed 26 Oct. 2021.

    "The Winning Case for a Customer Advocacy Solution." RO Innovation, 2017. Accessed 26 Oct. 2021.

    Tidey, Will. "Acquisition vs. Retention: The Importance of Customer Lifetime Value." Huify, Feb. 2018. Accessed 10 Mar. 2022.

    "What a Brand Advocate Is and Why Your Company Needs One." RockContent, Jan. 2021. Accessed 7 Feb. 2022.

    "What is Customer Advocacy? A Definition and Strategies to Implement It." Testimonial Hero, Oct. 2021. Accessed 26 Jan. 2022.

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    PHASE 1
    Review IT Risk Fundamentals and Governance
    PHASE 2
    Identify and Assess IT Risk
    PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.
    Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:

    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.
    • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.
    • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses

    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.
    Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.
    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.

    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event

    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    Security
    • Malware
    • Internally originated attack
    Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.

    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”
    Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response

    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    Assess Likelihood

    15%

    Moderate

    X

    Assess Likelihood

    $100,000

    High

    =

    Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
  • 2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification
    • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    Example:
    Scale for the use of cost assessment  of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)
    Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)
    Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.
    • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
      • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)
    3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.
    • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    (ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Implement Crisis Management Best Practices

    • Buy Link or Shortcode: {j2store}415|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $50,532 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • There’s a belief that you can’t know what crisis will hit you next, so you can’t prepare for it. As a result, resilience planning stops at more-specific planning such as business continuity planning or IT disaster recovery planning.
    • Business contingency and IT disaster recovery plans focus on how to resume normal operations following an incident. The missing piece is the crisis management plan – the overarching plan that guides the organization’s initial response, assessment, and action.
    • Organizations without a crisis management plan are far less able to minimize the impact of other crises such as a security breach, health & safety incident, or attacks on their reputation.

    Our Advice

    Critical Insight

    • Effective crisis management has a long-term demonstrable impact on your organization, long after the crisis is resolved. While all organizations can expect a short-term negative impact when a crisis hits, if the crisis is managed well, the research shows that your market capitalization can actually increase long term.
    • Crisis communication is more science than art and should follow a structured approach. Crisis communication is about more than being a good writer or having a social media presence. There are specific messages that must be included, and specific audiences to target, to get the results you need.
    • IT has a critical role in non-IT crises (as well as IT crises). Many crises are IT events (e.g. security breach). For non-IT events, IT is critical in supporting crisis communication and the operational response (e.g. COVID-19 and quickly ramping up working-from-home).

    Impact and Result

    • You can anticipate the types of crisis your organization may face in the future and build flexible plans that can be adapted in a crisis to meet the needs of the moment.
    • Identify potential crises that present a high risk to your organization.
    • Document emergency response and crisis response plans that provide a framework for addressing a range of crises.
    • Establish crisis communication guidelines to avoid embarrassing and damaging communications missteps.

    Implement Crisis Management Best Practices Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement crisis management best practices, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify potential crises and your crisis management team

    Identify, analyze, and prioritized potential crises based on risk to the organization. Set crisis management team roles and responsibilities. Adopt a crisis management framework.

    • Example Crisis Management Process Flowcharts (Visio)
    • Example Crisis Management Process Flowcharts (PDF)
    • Business Continuity Teams and Roles Tool

    2. Document your emergency and crisis response plans

    Document workflows for notification, situational assessment, emergency response, and crisis response.

    • Emergency Response Plan Checklist
    • Emergency Response Plan Summary
    • Emergency Response Plan Staff Instructions
    • Pandemic Response Plan Example
    • Pandemic Policy

    3. Document crisis communication guidelines

    Develop and document guidelines that support the creation and distribution of crisis communications.

    • Crisis Communication Guidelines and Templates

    4. Complete and maintain your crisis management plan

    Summarize your crisis management and response plans, create a roadmap to implement potential improvement projects, develop training and awareness initiatives, and schedule maintenance to keep the plan evergreen.

    • Crisis Management Plan Summary Example
    • BCP Project Roadmap Tool
    • Organizational Learning Guide
    [infographic]

    Workshop: Implement Crisis Management Best Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Potential Crises and Your Crisis Management Team

    The Purpose

    Identify and prioritize relevant potential crises.

    Key Benefits Achieved

    Enable crisis management pre-planning and identify gaps in current crisis management plans.

    Activities

    1.1 Identify high-risk crises.

    1.2 Assign roles and responsibilities on the crisis management team.

    1.3 Review Info-Tech’s crisis management framework.

    Outputs

    List of high-risk crises.

    CMT membership and responsibilities.

    Adopt the crisis management framework and identify current strengths and gaps.

    2 Document Emergency Response and Crisis Management Plans

    The Purpose

    Outline emergency response and crisis response plans.

    Key Benefits Achieved

    Develop and document procedures that enable rapid, effective, and reliable crisis and emergency response.

    Activities

    2.1 Develop crisis notification and assessment procedures.

    2.2 Document your emergency response plans.

    2.3 Document crisis response plans for potential high-risk crises.

    Outputs

    Documented notification and assessment workflows.

    Emergency response plans and checklists.

    Documented crisis response workflows.

    3 Document Crisis Communication Guidelines

    The Purpose

    Define crisis communication guidelines aligned with an actionable crisis communications framework.

    Key Benefits Achieved

    Document workflows and guidelines support crisis communications.

    Activities

    3.1 Establish the elements of baseline crisis communications.

    3.2 Identify audiences for the crisis message.

    3.3 Modify baseline communication guidelines based on audience and organizational responsibility.

    3.4 Create a vetting process.

    3.5 Identify communications channels.

    Outputs

    Baseline communications guidelines.

    Situational modifications to crisis communications guidelines.

    Documented vetting process.

    Documented communications channels

    4 Complete and Maintain Your Crisis Management Plan

    The Purpose

    Summarize the crisis management plan, establish an organizational learning process, and identify potential training and awareness activities.

    Key Benefits Achieved

    Plan ahead to keep your crisis management practice evergreen.

    Activities

    4.1 Review the CMP Summary Template.

    4.2 Create a project roadmap to close gaps in the crisis management plan.

    4.3 Outline an organizational learning process.

    4.4 Schedule plan reviews, testing, and updates.

    Outputs

    Long-term roadmap to improve crisis management capabilities.

    Crisis management plan maintenance process and awareness program.

    Get Started With FinOps

    • Buy Link or Shortcode: {j2store}473|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Runaway cloud costs are wrecking the CIO’s budget, but cloud costs are hard to reign in because vendors are not always up front about the true costs, it’s easy to oversubscribe to services and quickly run up costs with pay-as-you-go service, and cloud bills are complex.
    • While IT isn’t the business owner for cloud services, they often carry the cost of overruns on their budget, and don’t have the skills or influence to more effectively manage cloud costs.
    • Truly optimizing cloud spend and maximizing business value from cloud requires insight and collaboration from IT/engineering, finance, and business owners, but those teams are often siloed and manage their cloud usage or spend differently.

    Our Advice

    Critical Insight

    • The business units that need to collaborate to make FinOps work are often siloed, with different processes, data, metrics and cloud expertise. Coordinating their efforts to encourage shared responsibility can be a big obstacle to overcome.
    • FinOps requires a cultural shift to empower every cloud user to take accountability for cloud cost optimization.
    • To get started with FinOps, it’s essential to first break down those silos and get the multiple teams involved on the same page. Everyone must understand how FinOps is part of their responsibilities.

    Impact and Result

    • Implementing FinOps will lead to improved visibility and control over cloud spend, optimized resource allocation and reduced cloud waste, enhanced transparency, improved forecasting and budgeting, and increased accountability over cloud costs across business units.
    • This blueprint will help you get started with FinOps by identifying the roles involved in FinOps, defining the key activities that must be conducted, and assigning ownership to each task. This will help foster a shared responsibility for FinOps and encourage everyone to work toward common goals.

    Get Started With FinOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get Started With FinOps Deck – A guide to defining and assigning the roles and activities involved in FinOps.

    This storyboard will help you define FinOps roles and structure of the FinOps and other teams, identify key activities, and assign ownership to each. It will also provide guidance on analyzing the results of the RACI chart.

    • Get Started With FinOps Storyboard

    2. FinOps RACI Chart – A tool to help you assess the current state of FinOps activities and assign ownership to each.

    This tool will help you assess the current state of FinOps activities and assign ownership to each activity. Use the outputs of the exercise to define how roles across the organization will be involved in FinOps and where to focus efforts in maturing in FinOps.

    • FinOps RACI Chart
    [infographic]

    Further reading

    Get Started With FinOps

    FinOps goes beyond identifying cloud savings. It empowers every cloud user to maximize the value of their spend.

    Executive Brief

    Analyst Perspective

    The first step of FinOps is collectively realizing that maximizing value is every cloud user's responsibility.

    Natalie Sansone

    Natalie Sansone, PhD
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    As cloud adoption increases, and with it the complexity of cloud environments, managing and optimizing cloud spend has become both a top challenge and priority for IT organizations. In response, the practice of FinOps has emerged to help organizations maximize the value they get from the cloud. As its popularity surges, organizations are told they must do FinOps, but many feel their practice is not yet mature. One of their biggest obstacles is empowering engineers and other cloud users to work toward this shared goal with other teams.

    To grow and mature your FinOps practice, your first challenge is breaking down silos, encouraging collaboration across varying business units, and getting all cloud users to be accountable for their cloud usage and spend and to understand the shared goals of FinOps. Beyond finding ways to reduce cloud costs, FinOps is a cultural shift that enables better collaboration between distributed teams. It allows them to leverage data to identify opportunities to maximize business value from cloud investments.

    Whether you’re starting the FinOps journey or looking to mature your practice, this blueprint will help you organize by defining the required role and tasks. Then you can work through a collective exercise to ensure everyone understands who is involved and responsible for each activity. You’ll gain the information you need and be better positioned to continuously improve and mature your processes, but success begins with everyone understanding that FinOps is a shared responsibility.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Runaway cloud costs are wrecking the CIO’s budget, but these are hard to rein in because cloud vendors are not always upfront about the true costs. It’s easy to oversubscribe to services and quickly run up costs with pay-as-you-go service and complex bills.
    • While IT isn’t the business owner for cloud services, they often carry the cost of overruns on their budget, and don’t have the skills or influence to more effectively manage cloud costs.
    • Truly optimizing cloud spend and maximizing its business value requires insight and collaboration from IT/engineering, finance, and business owners, but those teams are often siloed and manage their cloud usage/spend differently.
    • IT leaders are instructed to implement a FinOps practice, but don’t truly understand what that is, who needs to be involved, or where to start.
    • Business units that must collaborate to make FinOps work are often siloed and have different processes, data, metrics, and cloud expertise. Coordinating efforts to encourage shared responsibility can be a challenge. FinOps requires a cultural shift to empower every cloud user to take accountability for cost optimization.
    • Lack of visibility into cloud usage, spending patterns, and cost drivers along with inadequate tools to get the required data to drive decision making. This leads to hindered progress.
    • Implementing FinOps will improve visibility and control over cloud spend, optimize resource allocation and reduce waste, enhance transparency, improve forecasting and budgeting, and improve cost accountability across business units.
    • To get started with FinOps, first it’s essential to break down those silos and coordinate the multiple teams involved. Everyone must understand how FinOps is part of their responsibilities.
    • This blueprint will help you identify the roles involved in FinOps, define the key activities that must be conducted, and assign ownership to each task. This will help foster a shared responsibility for FinOps and encourage everyone to work toward common goals.

    Info-Tech Insight

    FinOps is not just about driving cloud savings. It’s a cultural shift empowering every cloud user to maximize the value of their spend. The first step of FinOps is therefore to help everyone understand their share of responsibility.

    What is FinOps?

    Definition

    “FinOps is an evolving cloud financial management discipline and cultural practice that enables organizations to get maximum business value by helping engineering, finance, technology, and business teams to collaborate on data-driven spending decisions.”

    Definition Updated: November 2021 by the FinOps Foundation Technical Advisory Council

    The ultimate purpose of FinOps is to bring business value to your organization by reducing cloud waste.

    • FinOps is the people, processes, and tools you use to eliminate waste and ensure you get the most value from your cloud spend.
    • FinOps is the framework within which teams can operate to ensure they are optimizing their use of cloud resources.
    • FinOps brings financial accountability to cloud spend.
    • FinOps is a culture practice where everyone collaborates and takes ownership for their cloud usage while being supported and governed by a central group. It breaks down silos so teams that haven’t worked closely together in the past collaborate toward shared goals.
    • It brings financial accountability and cultural change to cloud spend by enabling distributed teams to better collaborate and leverage data to decide where/when to invest in cloud for maximum business value.
    • FinOps is not done by an individual or just one team. It’s a change in the way that many disparate teams work together, from engineering to finance to business teams.

    Common misconceptions about FinOps

    FinOps is not

    FinOps is

    • Only about saving money
    • Only focused on activities related to cost optimization
    • IT financial management, which involves tracking and analyzing all costs associated with IT services
    • An activity (or set of activities) done by one person or team
    • Short for financial operations
    • About maximizing value. FinOps is optimizing cloud costs to provide maximum business value and support scalability (sometimes this means investing more money in cloud)
    • FinOps also involves building a culture of accountability, visibility, and collaboration around cloud usage and cost
    • Focused specifically on managing/optimizing cloud costs
    • A cultural shift around how disparate teams work together, people from all areas of the organization can play a role
    • The term is a portmanteau (combination) of Finance and (Dev)Ops, emphasizing the collaboration between business and engineering teams1
    1 “What is FinOps?” FinOps Foundation, 2023

    FinOps’ popularity has exploded in recent years

    2012 - The practice of FinOps begins to emerge through early scalers in public cloud like Adobe and Intuit

    2017 - Many IT departments begin to use the cloud for limited use cases, but very few enterprises are all in the cloud

    2019 - Many companies begin moving to a cloud-first strategy, shifting IT spend from capital to operational expenditure (CapEx to OpEx), complicating cloud bills

    February 2019 - The FinOps Foundation is born out of Cloudability’s Customer Advisory Board meeting where many cloud practitioners discuss the need for a community of practitioners

    June 2020 - The FinOps Foundation merges with Linux Foundation and sets the standard for cloud financial management

    Sources: Carr, 2022; Linux Foundation, 2023, Storment & Fuller, 2023.

    The image contains a graph that demonstrates the increasing number of people listing FinOps as a skill.

    Where did the term come from?

    The term FinOps has risen in popularity over the last few years. Originally, organizations used the term cloud cost management, then cloud cost optimization, then more broadly, cloud financial management. The latter has now been largely replaced by FinOps.

    Why is FinOps so essential? (1/2)

    The shift from fixed to variable spend has changed the way organizations must manage and report on costs.

    In the traditional data center era:

    • The enterprise procured infrastructure through large capital refreshes of data center hardware.
    • Infrastructure teams tried their best to avoid running out of storage before the next hardware refresh. Equipment was intentionally oversized to accommodate unexpected growth.
    • IT teams would not worry about how much infrastructure resources they consumed, provided they stayed within planned capacity limits. If capacity ran low, resource usage would be adjusted.
    • The business might not like laying out large capital expenditures, but it had full visibility into the cost and got to approve spending in advance using financial controls.
    • Monthly costs were well-understood and monthly or infrequent reporting was acceptable because day-to-day costs did not vary.
    • Mature organizations might chargeback or showback costs to application teams based on number of virtual machines or other measures, but traditional on-premises chargeback wouldn't save money overall.

    Why is FinOps so essential? (2/2)

    The shift from fixed to variable spend has changed the way organizations must manage and report on costs.

    In the cloud era:

    • Infrastructure resources must no longer be provisioned in advance through spending capital budgets.
    • Capacity management isn’t a major concern. Spare capacity is always available, and savings can result from not paying for unnecessary capacity.
    • Cloud services often offer pay-as-you-go pricing models, allowing more control and flexibility to pay only for the resources you consume.
    • When services use more resources than they need, running costs increase. Cost reductions are realized through reducing the size of allocated resources.
    • The variable consumption model can reduce operating costs but can make budgeting and forecasting difficult. IT and the business can no longer predict what they will pay for infrastructure resources.
    • Billing is no longer straightforward and monthly. Resources are individually charged in micro amounts. Costs must be regularly reviewed as unexpected or forgotten resource usage can add up significantly.

    Managing cloud spend remains a challenge for many organizations

    Given the variable nature of cloud costs and complex pricing structures, it can be easy to overspend without mature FinOps processes in place. Indeed, 82% of organizations cite managing cloud spend as one of their top challenges.

    Respondents reported that public cloud spend was over budget by an average of 18%, up from 13% the previous year.

    Source: Flexera 2023 State of the Cloud Report, n=750

    Organization's top cloud challenges.

    While FinOps adoption has rapidly increased, maturity has not

    Most organizations understand the value of FinOps but are not mature in their practice.

    NetApp’s 2023 State of CloudOps Report found that:

    96% say FinOps is important to their cloud strategy

    9% have a mature FinOps practice

    92% report that they struggle with FinOps

    Source: NetApp, 2023 State of CloudOps Report, n=310 IT decision makers in the United States responsible for public cloud infrastructure investments.

    Flexera’s 2023 State of the Cloud report found that 72% of organizations have a dedicated FinOps team.

    Flexera’s annual report also found that year over year, cloud cost responsibilities are increasingly shifting away from Finance/Accounting and Vendor Management teams and over to FinOps teams as they emerge and mature.

    Source: Flexera, 2023 State of the Cloud Report, n=750 decision-makers and users around the world

    Reduce Shadow IT With a Service Request Catalog

    • Buy Link or Shortcode: {j2store}302|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,999 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.
    • Renewal Management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.
    • Over-purchasing: Contracts may be renewed without a clear picture of usage, potentially renewing unused applications.

    Our Advice

    Critical Insight

    There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Impact and Result

    Our blueprint will help you design a service that draws the business to use it. If it is easier for them to buy from IT than it is to find their own supplier, they will use IT.

    A heavy focus on customer service, design optimization, and automation will provide a means for the business to get what they need, when they need it, and provide visibility to IT and security to protect organizational interests.

    This blueprint will help you:

    • Design the request service
    • Design the request catalog
    • Build the request catalog
    • Market the service

    Reduce Shadow IT With a Service Request Catalog Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Reduce Shadow IT With a Service Request Catalog – A step-by-step document that walks you through creation of a request service management program.

    Use this blueprint to create a service request management program that provides immediate value.

    • Reduce Shadow IT With a Service Request Catalog Storyboard

    2. Nonstandard Request Assessment – A template for documenting requirements for vetting and onboarding new applications.

    Use this template to define what information is needed to vet and onboard applications into the IT environment.

    • Nonstandard Request Assessment

    3. Service Request Workflows – A library of workflows used as a starting point for creating and fulfilling requests for applications and equipment.

    Use this library of workflows as a starting point for creating and fulfilling requests for applications and equipment in a service catalog.

    • Service Request Workflows

    4. Application Portfolio – A template to organize applications requested by the business and identify which items are published in the catalog.

    Use this template as a starting point to create an application portfolio and request catalog.

    • Application Portfolio

    5. Reduce Shadow IT With a Service Request Catalog Communications Template – A presentation and communications plan to announce changes to the service and introduce a catalog.

    Use this template to create a presentation and communications plan for launching the new service and service request catalog.

    • Reduce Shadow IT with a Service Request Catalog Communications Template
    [infographic]

    Workshop: Reduce Shadow IT With a Service Request Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Service

    The Purpose

    Collaborate with the business to determine service model.

    Collaborate with IT teams to build non-standard assessment process.

    Key Benefits Achieved

    Designed a service for service requests, including new product intake.

    Activities

    1.1 Identify challenges and obstacles.

    1.2 Complete customer journey map.

    1.3 Design process for nonstandard assessments.

    Outputs

    Nonstandard process.

    2 Design the Catalog

    The Purpose

    Design the service request catalog management process.

    Key Benefits Achieved

    Ensure the catalog is kept current and is integrated with IT service catalog if applicable.

    Activities

    2.1 Determine what will be listed in the catalog.

    2.2 Determine process to build and maintain the catalog, including roles, responsibilities, and workflows.

    2.3 Define success and determine metrics.

    Outputs

    Catalog scope.

    Catalog design and maintenance plan.

    Defined success metrics

    3 Build and Market the Catalog

    The Purpose

    Determine catalog contents and how requests will be fulfilled.

    Key Benefits Achieved

    Catalog framework and service level agreements will be defined.

    Create communications documents.

    Activities

    3.1 Determine how catalog items will be displayed.

    3.2 Complete application categories for catalog.

    3.3 Create deployment categories and SLAs.

    3.4 Design catalog forms and deployment workflows.

    3.5 Create roadmap.

    3.6 Create communications plan.

    Outputs

    Catalog workflows and SLAs.

    Roadmap.

    Communications deck.

    4 Breakout Groups – Working Sessions

    The Purpose

    Create an applications portfolio.

    Prepare to populate the catalog.

    Key Benefits Achieved

    Portfolio and catalog contents created.

    Activities

    4.1 Using existing application inventory, add applications to portfolio and categorize.

    4.2 Determine which applications should be in the catalog.

    4.3 Determine which applications are packaged and can be easily deployed.

    Outputs

    Application Portfolio.

    List of catalog items.

    Further reading

    Reduce Shadow IT With a Service Request Catalog

    Foster business partnerships with sourcing-as-a-service.

    Analyst Perspective

    Improve the request management process to reduce shadow IT.

    In July 2022, Ivanti conducted a study on the state of the digital employee experience, surveying 10,000 office workers, IT professionals, and C-suite executives. Results of this study indicated that 49% of employees are frustrated by their tools, and 26% of employees were considering quitting their jobs due to unsuitable tech. 42% spent their own money to gain technology to improve their productivity. Despite this, only 21% of IT leaders prioritized user experience when selecting new tools.

    Any organization’s workers are expected to be productive and contribute to operational improvements or customer experience. Yet those workers don’t always have the tools needed to do the job. One option is to give the business greater control, allowing them to choose and acquire the solutions that will make them more productive. Info-Tech's blueprint Embrace Business-Managed Applications takes you down this path.

    However, if the business doesn’t want to manage applications, but just wants have access to better ones, IT is positioned to provide services for application and equipment sourcing that will improve the employee experience while ensuring applications and equipment are fully managed by the asset, service, and security teams.

    Improving the request management and deployment practice can give the business what they need without forcing them to manage license agreements, renewals, and warranties.

    Photo of Sandi Conrad

    Sandi Conrad
    ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations,
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are looking to improve request management processes and reduce shadow IT.

    Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.

    Renewal management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.

    Over-purchasing and over-spending: Contracts may be renewed without a clear picture of utilization, potentially renewing unused applications. Applications or equipment may be purchased at retail price where corporate, government, or educational discounts exist.

    Info-Tech Insight

    To increase the visibility of the IT environment, IT needs to transform the request management process to create a service that makes it easier for the business to access the tools they need rather than seeking them outside of the organization.

    609
    Average number of SaaS applications in large enterprises

    40%
    On average, only 60% of provisioned SaaS licenses are used, with the remaining 40% unused.

    — Source: Zylo, SaaS Trends for IT Leaders, 2022

    Common obstacles

    Too many layers of approvals and a lack of IT workers makes it difficult to rethink service request fulfillment.

    Delays: The business may not be getting the applications they need from IT to do their jobs or must wait too long to get the applications approved.

    Denials: Without IT’s support, the business is finding alternative options, including SaaS applications, as they can be bought and used without IT’s input or knowledge.

    Threats: Applications that have not been vetted by security or installed without their knowledge may present additional threats to the organization.

    Access: Self-serve isn’t mature enough to support an applications catalog.

    A diagram that shows the number of SaaS applications being acquired outside of IT is increasing year over year, and that business units are driving the majority of SaaS spend.

    8: average number of applications entering the organization every 30 days

    — Source: Zylo, SaaS Trends for Procurement, 2022

    Info-Tech’s approach

    Improve the request management process to create sourcing-as-a-service for the business.

    • Improve customer service
    • Reduce shadow IT
    • Gain control in a way that keeps the business happy

    1. Design the service

    Collaborate with the business

    Identify the challenges and obstacles

    Gain consensus on priorities

    Design the service

    2. Design the catalog

    Determine catalog scope

    Create a process to build and maintain the catalog

    Define metrics for the request management process

    3. Build the catalog

    Determine descriptions for catalog items

    Create definitions for license types, workflows, and SLAs

    Create application portfolio

    Design catalog forms and workflows

    4. Market the service

    Create a roadmap

    Determine messaging

    Build a communications plan

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Communications Presentation

    Photo of Communications Presentation

    Application Portfolio

    Photo of Application Portfolio

    Visio Library

    Photo of Visio Library

    Nonstandard Request Assessment

    Photo of Nonstandard Request Assessment

    Create a request management process and service catalog to improve delivery of technology to the business

    Enterprise Architecture Trends

    • Buy Link or Shortcode: {j2store}584|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The digital transformation journey brings business and technology increasingly closer.
    • Because the two become more and more intertwined, the role of the enterprise architecture increases in importance, aligning the two in providing additional efficiencies.
    • The current need for an accelerated digital transformation elevates the importance of enterprise architecture.

    Our Advice

    Critical Insight

    • Enterprise architecture is impacted and has an increasing role in the following areas:
      • Business agility
      • Security
      • Innovation
      • Collaborative EA
      • Tools and automation

    Impact and Result

    EA’s role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    Enterprise Architecture Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Architecture Trends Deck – A trend report to support executives as they digitally transform the enterprise.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions, while embracing unprecedented opportunities to scale, stimulating innovation, in order to increase the organization’s competitive advantage.

    • Enterprise Architecture Trends Report

    Infographic

    Further reading

    Enterprise Architecture Trends

    Supporting Executives to Digitally Transform the Enterprise

    Analyst Perspective

    Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Accelerated digital transformation elevates the importance of EA

    The Digital transformation journey brings Business and technology increasingly closer.

    Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

    THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

    More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

    Most organizations still see a significant gap between the business and IT.

    Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

    Accelerated Digital Transformation

    • Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
      EA creates alignment between business and IT to improve business nimbleness.
    • Security More sophisticated attacks require more EA coordination.
      EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
    • Innovation EA's role in an innovation increases synergies at the enterprise level.
      EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
    • Collaborative EA Collaborative EA requires new ways of working.
      Enterprise collaboration gains new meaning, replacing stiff governance.
    • Tools & automation Tools-based automation becomes increasingly common.
      Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

    Info-Tech Insight

    EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    EA Enabling Business Agility

    Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

    Approaches:
    A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

    Build a Strong Technology Foundation for Customer Experience Management

    • Buy Link or Shortcode: {j2store}526|cart{/j2store}
    • member rating overall impact: 8.6/10 Overall Impact
    • member rating average dollars saved: $340,152 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Technology is a fundamental enabler of an organization’s customer experience management (CXM) strategy. However, many IT departments fail to take a systematic approach when building a portfolio of applications for supporting marketing, sales, and customer service functions.
    • The result is a costly, ineffective, and piecemeal approach to CXM application deployment (including high-profile applications like CRM).

    Our Advice

    Critical Insight

    • IT must work in lockstep with their counterparts in marketing, sales, and customer service to define a unified vision and strategic requirements for enabling a strong CXM program.
    • To deploy applications that specifically align with the needs of the organization’s customers, IT leaders must work with the business to define and understand customer personas and common interaction scenarios. CXM applications are mission critical and failing to link them to customer needs can have a detrimental effect on customer satisfaction and ultimately, revenue.
    • IT must act as a valued partner to the business in creating a portfolio of CXM applications that are cost effective.
    • Organizations should create a repeatable framework for CXM application deployment that addresses critical issues, including the integration ecosystem, customer data quality, dashboards and analytics, and end-user adoption.

    Impact and Result

    • Establish strong application alignment to strategic requirements for CXM that is based on concrete customer personas.
    • Improve underlying business metrics across marketing, sales, and service, including customer acquisition, retention, and satisfaction metrics.
    • Better align IT with customer experience needs.

    Build a Strong Technology Foundation for Customer Experience Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong technology foundation for CXM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive value with CXM

    Understand the benefits of a robust CXM strategy.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 1: Drive Value with CXM
    • CXM Strategy Stakeholder Presentation Template
    • CXM Strategy Project Charter Template

    2. Create the framework

    Identify drivers and objectives for CXM using a persona-driven approach and deploy the right applications to meet those objectives.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 2: Create the Framework
    • CXM Business Process Shortlisting Tool
    • CXM Portfolio Designer

    3. Finalize the framework

    Complete the initiatives roadmap for CXM.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 3: Finalize the Framework
    [infographic]

    Workshop: Build a Strong Technology Foundation for Customer Experience Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Vision for CXM Technology Enablement

    The Purpose

    Establish a consistent vision across IT, marketing, sales, and customer service for CXM technology enablement.

    Key Benefits Achieved

    A clear understanding of key business and technology drivers for CXM.

    Activities

    1.1 CXM fireside chat

    1.2 CXM business drivers

    1.3 CXM vision statement

    1.4 Project structure

    Outputs

    CXM vision statement

    CXM project charter

    2 Conduct the Environmental Scan and Internal Review

    The Purpose

    Create a set of strategic requirements for CXM based on a thorough external market scan and internal capabilities assessment.

    Key Benefits Achieved

    Well-defined technology requirements based on rigorous, multi-faceted analysis.

    Activities

    2.1 PEST analysis

    2.2 Competitive analysis

    2.3 Market and trend analysis

    2.4 SWOT analysis

    2.5 VRIO analysis

    2.6 Channel map

    Outputs

    Completed external analysis

    Strategic requirements (from external analysis)

    Completed internal review

    Channel interaction map

    3 Build Customer Personas and Scenarios

    The Purpose

    Augment strategic requirements through customer persona and scenario development.

    Key Benefits Achieved

    Functional requirements aligned to supporting steps in customer interaction scenarios.

    Activities

    3.1 Persona development

    3.2 Scenario development

    3.3 Requirements definition for CXM

    Outputs

    Personas and scenarios

    Strategic requirements (based on personas)

    4 Create the CXM Application Portfolio

    The Purpose

    Using the requirements identified in the preceding modules, build a future-state application inventory for CXM.

    Key Benefits Achieved

    A cohesive, rationalized portfolio of customer interaction applications that aligns with identified requirements and allows investment (or rationalization) decisions to be made.

    Activities

    4.1 Build business process maps

    4.2 Review application satisfaction

    4.3 Create the CXM application portfolio

    4.4 Prioritize applications

    Outputs

    Business process maps

    Application satisfaction diagnostic

    Prioritized CXM application portfolio

    5 Review Best Practices and Confirm Initiatives

    The Purpose

    Establish repeatable best practices for CXM applications in areas such as data management and end-user adoption.

    Key Benefits Achieved

    Best practices for rollout of new CXM applications.

    A prioritized initiatives roadmap.

    Activities

    5.1 Create data integration map

    5.2 Define adoption best practices

    5.3 Build initiatives roadmap

    5.4 Confirm initiatives roadmap

    Outputs

    Integration map for CXM

    End-user adoption plan

    Initiatives roadmap

    Further reading

    Build a Strong Technology Foundation for Customer Experience Management

    Design an end-to-end technology strategy to enhance marketing effectiveness, drive sales, and create compelling customer service experiences.

    ANALYST PERSPECTIVE

    Technology is the catalyst to create – and keep! – your customers.

    "Customers want to interact with your organization on their own terms, and in the channels of their choice (including social media, mobile applications, and connected devices). Regardless of your industry, your customers expect a frictionless experience across the customer lifecycle. They desire personalized and well-targeted marketing messages, straightforward transactions, and effortless service. Research shows that customers value – and will pay more for! – well-designed experiences.

    Strong technology enablement is critical for creating customer experiences that drive revenue. However, most organizations struggle with creating a cohesive technology strategy for customer experience management (CXM). IT leaders need to take a proactive approach to developing a strong portfolio of customer interaction applications that are in lockstep with the needs of their marketing, sales, and customer service teams. It is critical to incorporate the voice of the customer into this strategy.

    When developing a technology strategy for CXM, don’t just “pave the cow path,” but instead move the needle forward by providing capabilities for customer intelligence, omnichannel interactions, and predictive analytics. This blueprint will help you build an integrated CXM technology roadmap that drives top-line revenue while rationalizing application spend."

    Ben Dickie

    Research Director, Customer Experience Strategy

    Info-Tech Research Group

    Framing the CXM project

    This Research Is Designed For:

    • IT leaders who are responsible for crafting a technology strategy for customer experience management (CXM).
    • Applications managers who are involved with the selection and implementation of critical customer-centric applications, such as CRM platforms, marketing automation tools, customer intelligence suites, and customer service solutions.

    This Research Will Help You:

    • Clearly link your technology-enablement strategy for CXM to strategic business requirements and customer personas.
    • Build a rationalized portfolio of enterprise applications that will support customer interaction objectives.
    • Adopt standard operating procedures for CXM application deployment that address issues such as end-user adoption and data quality.

    This Research Will Also Assist:

    • Business leaders in marketing, sales, and customer service who want to deepen their understanding of CXM technologies, and apply best practices for using these technologies to drive competitive advantage.
    • Marketing, sales, and customer service managers involved with defining requirements and rolling out CXM applications.

    This Research Will Help Them:

    • Work hand-in-hand with counterparts in IT to deploy high-value business applications that will improve core customer-facing metrics.
    • Understand the changing CXM landscape and use the art of the possible to transform the internal technology ecosystem and drive meaningful customer experiences.

    Executive summary

    Situation

    • Customer expectations for personalization, channel preferences, and speed-to-resolution are at an all-time high.
    • Your customers are willing to pay more for high-value experiences, and having a strong customer CXM strategy is a proven path to creating sustainable value for the organization.

    Complication

    • Technology is a fundamental enabler of an organization’s CXM strategy. However, many IT departments fail to take a systematic approach to building a portfolio of applications to support Marketing, Sales, and Customer Service.
    • The result is a costly, ineffective, and piecemeal approach to CXM application deployment (including high profile applications like CRM).

    Resolution

    • IT must work in lockstep with their counterparts in marketing, sales, and customer service to define a unified vision, strategic requirements and roadmap for enabling strong customer experience capabilities.
    • In order to deploy applications that don’t simply follow previously established patterns but are aligned with the specific needs of the organization’s customers, IT leaders must work with the business to define and understand customer personas and common interaction scenarios. CXM applications are mission critical and failing to link them to customer needs can have a detrimental effect on customer satisfaction – and ultimately revenue.
    • IT must act as a valued partner to the business in creating a portfolio of CXM applications that are cost effective.
    • Organizations should create a repeatable framework for CXM application deployment that addresses critical issues, including the integration ecosystem, customer data quality, dashboards and analytics, and end-user adoption.

    Info-Tech Insight

    1. IT can’t hide behind the firewall. IT must understand the organization’s customers to properly support marketing, sales, and service efforts.
    2. IT – or Marketing – must not build the CXM strategy in a vacuum if they want to achieve a holistic, consistent, and seamless customer experience.
    3. IT must get ahead of shadow IT. To be seen as an innovator within the business, IT must be a leading enabler in building a rationalized and integrated CXM application portfolio.

    Guide to frequently used acronyms

    CXM - Customer Experience Management

    CX - Customer Experience

    CRM - Customer Relationship Management

    CSM - Customer Service Management

    MMS - Marketing Management System

    SMMP - Social Media Management Platform

    RFP - Request for Proposal

    SaaS - Software as a Service

    Customers’ expectations are on the rise: meet them!

    Today’s consumers expect speed, convenience, and tailored experiences at every stage of the customer lifecycle. Successful organizations strive to support these expectations.

    67% of end consumers will pay more for a world-class customer experience. 74% of business buyers will pay more for strong B2B experiences. (Salesforce, 2018)

    5 CORE CUSTOMER EXPECTATIONS

    1. More personalization
    2. More product options
    3. Constant contact
    4. Listen closely, respond quickly
    5. Give front-liners more control

    (Customer Experience Insight, 2016)

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    Realize measurable value by enabling CXM

    Providing a seamless customer experience increases the likelihood of cross-sell and up-sell opportunities and boosts customer loyalty and retention. IT can contribute to driving revenue and decreasing costs by providing the business with the right set of tools, applications, and technical support.

    Contribute to the bottom line

    Cross-sell, up-sell, and drive customer acquisition.

    67% of consumers are willing to pay more for an upgraded experience. (Salesforce, 2018)

    80%: The margin by which CX leaders outperformer laggards in the S&P 500.(Qualtrics, 2017)

    59% of customers say tailored engagement based on past interactions is very important to winning their business. (Salesforce, 2018)

    Enable cost savings

    Focus on customer retention as well as acquisition.

    It is 6-7x more costly to attract a new customer than it is to retain an existing customer. (Salesforce Blog, 2019)

    A 5% increase in customer retention has been found to increase profits by 25% to 95%. (Bain & Company, n.d.)

    Strategic CXM is gaining traction with your competition

    Organizations are prioritizing CXM capabilities (and associated technologies) as a strategic investment. Keep pace with the competition and gain a competitive advantage by creating a cohesive strategy that uses best practices to integrate marketing, sales, and customer support functions.

    87% of customers share great experiences they’ve had with a company. (Zendesk, n.d.)

    61% of organizations are investing in CXM. (CX Network, 2015)

    53% of organizations believe CXM provides a competitive advantage. (Harvard Business Review, 2014)

    Top Investment Priorities for Customer Experience

    1. Voice of the Customer
    2. Customer Insight Generation
    3. Customer Experience Governance
    4. Customer Journey Mapping
    5. Online Customer Experience
    6. Experience Personalization
    7. Emotional Engagement
    8. Multi-Channel Integration/Omnichannel
    9. Quality & Customer Satisfaction Management
    10. Customer/Channel Loyalty & Rewards Programs

    (CX Network 2015)

    Omnichannel is the way of the future: don’t be left behind

    Get ahead of the competition by doing omnichannel right. Devise a CXM strategy that allows you to create and maintain a consistent, seamless customer experience by optimizing operations within an omnichannel framework. Customers want to interact with you on their own terms, and it falls to IT to ensure that applications are in place to support and manage a wide range of interaction channels.

    Omnichannel is a “multi-channel approach to sales that seeks to provide the customer with a seamless transactional experience whether the customer is shopping online from a desktop or mobile device, by telephone, or in a bricks and mortar store.” (TechTarget, 2014)

    97% of companies say that they are investing in omnichannel. (Huffington Post, 2015)

    23% of companies are doing omnichannel well.

    CXM applications drive effective multi-channel customer interactions across marketing, sales, and customer service

    The success of your CXM strategy depends on the effective interaction of various marketing, sales, and customer support functions. To deliver on customer experience, organizations need to take a customer-centric approach to operations.

    From an application perspective, a CRM platform generally serves as the unifying repository of customer information, supported by adjacent solutions as warranted by your CXM objectives.

    CXM ECOSYSTEM

    Customer Relationship Management Platform

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Application spotlight: Customer experience platforms

    Description

    CXM solutions are a broad range of tools that provide comprehensive feature sets for supporting customer interaction processes. These suites supplant more basic applications for customer interaction management. Popular solutions that fall under the umbrella of CXM include CRM suites, marketing automation tools, and customer service applications.

    Features and Capabilities

    • Manage sales pipelines, provide quotes, and track client deliverables.
    • View all opportunities organized by their current stage in the sales process.
    • View all interactions that have occurred between employees and the customer, including purchase order history.
    • Manage outbound marketing campaigns via multiple channels (email, phone, social, mobile).
    • Build visual workflows with automated trigger points and business rules engine.
    • Generate in-depth customer insights, audience segmentation, predictive analytics, and contextual analytics.
    • Provide case management, ticketing, and escalation capabilities for customer service.

    Highlighted Vendors

    Microsoft Dynamics

    Adobe

    Marketo

    sprinklr

    Salesforce

    SugarCRM

    Application spotlight: Customer experience platforms

    Key Trends

    • CXM applications have decreased their focus on departmental silos to make it easier to share information across the organization as departments demand more data.
    • Vendors are developing deeper support of newer channels for customer interaction. This includes providing support for social media channels, native mobile applications, and SMS or text-based services like WhatsApp and Facebook Messenger.
    • Predictive campaigns and channel blending are becoming more feasible as vendors integrate machine learning and artificial intelligence into their applications.
    • Content blocks are being placed on top of scripting languages to allow for user-friendly interfaces. There is a focus on alleviating bottlenecks where content would have previously needed to go through a specialist.
    • Many vendors of CXM applications are placing increased emphasis on strong application integration both within and beyond their portfolios, with systems like ERP and order fulfillment.

    Link to Digital Strategy

    • For many organizations that are building out a digital strategy, improving customer experience is often a driving factor: CXM apps enable this goal.
    • As part of a digital strategy, create a comprehensive CXM application portfolio by leveraging both core CRM suites and point solutions.
    • Ensure that a point solution aligns with the digital strategy’s technology drivers and user personas.

    CXM KPIs

    Strong CXM applications can improve:

    • Lead Intake Volume
    • Lead Conversion Rate
    • Average Time to Resolution
    • First-Contact Resolution Rate
    • Customer Satisfaction Rate
    • Share-of-Mind
    • Share-of-Wallet
    • Customer Lifetime Value
    • Aggregate Reach/Impressions

    IT is critical to the success of your CXM strategy

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder-to-shoulder with the business to develop a technology framework for CXM.

    Top 5 Challenges with CXM for Marketing

    1. Maximizing customer experience ROI
    2. Achieving a single view of the customer
    3. Building new customer experiences
    4. Cultivating a customer-focused culture
    5. Measuring CX investments to business outcomes

    Top 5 Obstacles to Enabling CXM for IT

    1. Systems integration
    2. Multichannel complexity
    3. Organizational structure
    4. Data-related issues
    5. Lack of strategy

    (Harvard Business Review, 2014)

    Only 19% of organizations have a customer experience team tasked with bridging gaps between departments. (Genesys, 2018)

    IT and Marketing can only tackle CXM with the full support of each other. The cooperation of the departments is crucial when trying to improve CXM technology capabilities and customer interaction and drive a strong revenue mandate.

    CXM failure: Blockbuster

    CASE STUDY

    Industry Entertainment

    Source Forbes, 2014

    Blockbuster

    As the leader of the video retail industry, Blockbuster had thousands of retail locations internationally and millions of customers. Blockbuster’s massive marketing budget and efficient operations allowed it to dominate the competition for years.

    Situation

    Trends in Blockbuster’s consumer market changed in terms of distribution channels and customer experience. As the digital age emerged and developed, consumers were looking for immediacy and convenience. This threatened Blockbuster’s traditional, brick-and-mortar B2C operating model.

    The Competition

    Netflix entered the video retail market, making itself accessible through non-traditional channels (direct mail, and eventually, the internet).

    Results

    Despite long-term relationships with customers and competitive standing in the market, Blockbuster’s inability to understand and respond to changing technology trends and customer demands led to its demise. The organization did not effectively leverage internal or external networks or technology to adapt to customer demands. Blockbuster went bankrupt in 2010.

    Customer Relationship Management

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management
    • Customer Intelligence
    • Customer Service
    • Marketing Management

    Blockbuster did not leverage emerging technologies to effectively respond to trends in its consumer network. It did not optimize organizational effectiveness around customer experience.

    CXM success: Netflix

    CASE STUDY

    Industry Entertainment

    Source Forbes, 2014

    Netflix

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    The Situation

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    The Competition

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great CXM. Netflix is now a $28 billion company, which is tenfold what Blockbuster was worth.

    Customer Relationship Management Platform

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.

    Leverage Info-Tech’s approach to succeed with CXM

    Creating an end-to-end technology-enablement strategy for CXM requires a concerted, dedicated effort: Info-Tech can help with our proven approach.

    Build the CXM Project Charter

    Conduct a Thorough Environmental Scan

    Build Customer Personas and Scenarios

    Draft Strategic CXM Requirements

    Build the CXM Application Portfolio

    Implement Operational Best Practices

    Why Info-Tech’s Approach?

    Info-Tech draws on best-practice research and the experiences of our global member base to develop a methodology for CXM that is driven by rigorous customer-centric analysis.

    Our approach uses a unique combination of techniques to ensure that your team has done its due diligence in crafting a forward-thinking technology-enablement strategy for CXM that creates measurable value.

    A global professional services firm drives measurable value for CXM by using persona design and scenario development

    CASE STUDY

    Industry Professionals Services

    Source Info-Tech Workshop

    The Situation

    A global professional services firm in the B2B space was experiencing a fragmented approach to customer engagement, particularly in the pre-sales funnel. Legacy applications weren’t keeping pace with an increased demand for lead evaluation and routing technology. Web experience management was also an area of significant concern, with a lack of ongoing customer engagement through the existing web portal.

    The Approach

    Working with a team of Info-Tech facilitators, the company was able to develop several internal and external customer personas. These personas formed the basis of strategic requirements for a new CXM application stack, which involved dedicated platforms for core CRM, lead automation, web content management, and site analytics.

    Results

    Customer “stickiness” metrics increased, and Sales reported significantly higher turnaround times in lead evaluations, resulting in improved rep productivity and faster cycle times.

    Components of a persona
    Name Name personas to reflect a key attribute such as the persona’s primary role or motivation.
    Demographic Include basic descriptors of the persona (e.g. age, geographic location, preferred language, education, job, employer, household income, etc.)
    Wants, needs, pain points Identify surface-level motivations for buying habits.
    Psychographic/behavioral traits Observe persona traits that are representative of the customers’ behaviors (e.g. attitudes, buying patterns, etc.).

    Follow Info-Tech’s approach to build your CXM foundation

    Create the Project Vision

    • Identify business and IT drivers
    • Outputs:
      • CXM Strategy Guiding Principles

    Structure the Project

    • Identify goals and objectives for CXM project
    • Form Project Team
    • Establish timeline
    • Obtain project sponsorship
    • Outputs:
      • CXM Strategy Project Charter

    Scan the External Environment

    • Create CXM operating model
    • Conduct external analysis
    • Create customer personas
    • Outputs:
      • CXM Operating Model
    • Conduct PEST analysis
    • Create persona scenarios
    • Outputs:
      • CXM Strategic Requirements

    Assess the Current State of CXM

    • Conduct SWOT analysis
    • Assess application usage and satisfaction
    • Conduct VRIO analysis
    • Outputs:
      • CXM Strategic Requirements

    Create an Application Portfolio

    • Map current processes
    • Assign business process owners
    • Create channel map
    • Build CXM application portfolio
    • Outputs:
      • CXM Application Portfolio Map

    Develop Deployment Best Practices

    • Develop CXM integration map
    • Create mitigation plan for poor data quality
    • Outputs:
      • Data Quality Preservation Map

    Create an Initiative Rollout Plan

    • Create risk management plan
    • Identify work initiative dependencies
    • Create roadmap
    • Outputs:
      • CXM Initiative Roadmap

    Confirm and Finalize the CXM Blueprint

    • Identify success metrics
    • Create stakeholder communication plan
    • Present CXM strategy to stakeholders
    • Outputs:
      • Stakeholder Presentation

    Info-Tech offers various levels of support to suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Technology Foundation for CXM – project overview

    1. Drive Value With CXM 2. Create the Framework 3. Finalize the Framework
    Best-Practice Toolkit

    1.1 Create the Project Vision

    1.2 Structure the CXM Project

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Guided Implementations
    • Determine project vision for CXM.
    • Review CXM project charter.
    • Review environmental scan.
    • Review application portfolio for CXM.
    • Confirm deployment best practices.
    • Review initiatives rollout plan.
    • Confirm CXM roadmap.
    Onsite Workshop Module 1: Drive Measurable Value with a World-Class CXM Program Module 2: Create the Strategic Framework for CXM Module 3: Finalize the CXM Framework

    Phase 1 Outcome:

    • Completed drivers
    • Completed project charter

    Phase 2 Outcome:

    • Completed personas and scenarios
    • CXM application portfolio

    Phase 3 Outcome:

    • Strategic summary blueprint

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Create the Vision for CXM Enablement

    1.1 CXM Fireside Chat

    1.2 CXM Business Drivers

    1.3 CXM Vision Statement

    1.4 Project Structure

    Conduct the Environmental Scan and Internal Review

    2.1 PEST Analysis

    2.2 Competitive Analysis

    2.3 Market and Trend Analysis

    2.4 SWOT Analysis

    2.5 VRIO Analysis

    2.6 Channel Mapping

    Build Personas and Scenarios

    3.1 Persona Development

    3.2 Scenario Development

    3.3 Requirements Definition for CXM

    Create the CXM Application Portfolio

    4.1 Build Business Process Maps

    4.2 Review Application Satisfaction

    4.3 Create the CXM Application Portfolio

    4.4 Prioritize Applications

    Review Best Practices and Confirm Initiatives

    5.1 Create Data Integration Map

    5.2 Define Adoption Best Practices

    5.3 Build Initiatives Roadmap

    5.4 Confirm Initiatives Roadmap

    Deliverables
    1. CXM Vision Statement
    2. CXM Project Charter
    1. Completed External Analysis
    2. Completed Internal Review
    3. Channel Interaction Map
    4. Strategic Requirements (from External Analysis)
    1. Personas and Scenarios
    2. Strategic Requirements (based on personas)
    1. Business Process Maps
    2. Application Satisfaction Diagnostic
    3. Prioritized CXM Application Portfolio
    1. Integration Map for CXM
    2. End-User Adoption Plan
    3. Initiatives Roadmap

    Phase 1

    Drive Measurable Value With a World-Class CXM Program

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Drive Measurable Value With a World-Class CXM Program

    Proposed Time to Completion: 2 weeks

    Step 1.1: Create the Project Vision

    Start with an analyst kick-off call:

    • Review key drivers from a technology and business perspective for CXM
    • Discuss benefits of strong technology enablement for CXM

    Then complete these activities…

    • CXM Fireside Chat
    • CXM Business and Technology Driver Assessment
    • CXM Vision Statement

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Step 1.2: Structure the Project

    Review findings with analyst:

    • Assess the CXM vision statement for competitive differentiators
    • Determine current alignment disposition of IT with different business units

    Then complete these activities…

    • Team Composition and Responsibilities
    • Metrics Definition

    With these tools & templates:

    • CXM Strategy Project Charter Template

    Phase 1 Results & Insights:

    • Defined value of strong technology enablement for CXM
    • Completed CXM project charter

    Step 1.1: Create the Project Vision

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Fireside Chat: Discuss past challenges and successes with CXM
    • Identify business and IT drivers to establish guiding principles for CXM

    Outcomes:

    • Business benefits of a rationalized technology strategy to support CXM
    • Shared lessons learned
    • Guiding principles for providing technology enablement for CXM

    Building a technology strategy to support customer experience isn’t an option – it’s a mission-critical activity

    • Customer-facing departments supply the lifeblood of a company: revenue. In today’s fast-paced and interconnected world, it’s becoming increasingly imperative to enable customer experience processes with a wide range of technologies, from lead automation to social relationship management. CXM is the holistic management of customer interaction processes across marketing, sales, and customer service to create valuable, mutually beneficial customer experiences. Technology is a critical building block for enabling CXM.
    • The parallel progress of technology and process improvement is essential to an efficient and effective CXM program. While many executives prefer to remain at the status quo, new technologies have caused major shifts in the CXM environment. If you stay with the status quo, you will fall behind the competition.
    • However, many IT departments are struggling to keep up with the pace of change and find themselves more of a firefighter than a strategic partner to marketing, sales, and service teams. This not only hurts the business, but it also tarnishes IT’s reputation.

    An aligned, optimized CX strategy is:

    Rapid: to intentionally and strategically respond to quickly-changing opportunities and issues.

    Outcome-based: to make key decisions based on strong business cases, data, and analytics in addition to intuition and judgment.

    Rigorous: to bring discipline and science to bear; to improve operations and results.

    Collaborative: to conduct activities in a broader ecosystem of partners, suppliers, vendors, co-developers, and even competitors.

    (The Wall Street Journal, 2013)

    Info-Tech Insight

    If IT fails to adequately support marketing, sales, and customer service teams, the organization’s revenue will be in direct jeopardy. As a result, CIOs and Applications Directors must work with their counterparts in these departments to craft a cohesive and comprehensive strategy for using technology to create meaningful (and profitable) customer experiences.

    Fireside Chat, Part 1: When was technology an impediment to customer experience at your organization?

    1.1.1 30 minutes

    Input

    • Past experiences of the team

    Output

    • Lessons learned

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Think about a time when technology was an impediment to a positive customer experience at your organization. Reflect on the following:
      • What frustrations did the application or the technology cause to your customers? What was their reaction?
      • How did IT (and the business) identify the challenge in the first place?
      • What steps were taken to mitigate the impact of the problem? Were these steps successful?
      • What were the key lessons learned as part of the challenge?

    Fireside Chat, Part 2: What customer success stories has your organization created by using new technologies?

    1.1.2 30 minutes

    Input

    • Past experiences of the team

    Output

    • Lessons learned

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Think about a time when your organization successfully leveraged a new application or new technology to enhance the experience it provided to customers. Reflect on this experience and consider:
      • What were the organizational drivers for rolling out the new application or solution?
      • What obstacles had to be overcome in order to successfully deploy the solution?
      • How did the application positively impact the customer experience? What metrics improved?
      • What were the key lessons learned as part of the deployment? If you had to do it all over again, what would you do differently?

    Develop a cohesive, consistent, and forward-looking roadmap that supports each stage of the customer lifecycle

    When creating your roadmap, consider the pitfalls you’ll likely encounter in building the IT strategy to provide technology enablement for customer experience.

    There’s no silver bullet for developing a strategy. You can encounter pitfalls at a myriad of different points including not involving the right stakeholders from the business, not staying abreast of recent trends in the external environment, and not aligning sales, marketing, and support initiatives with a focus on the delivery of value to prospects and customers.

    Common Pitfalls When Creating a Technology-Enablement Strategy for CXM

    Senior management is not involved in strategy development.

    Not paying attention to the “art of the possible.”

    “Paving the cow path” rather than focusing on revising core processes.

    Misalignment between objectives and financial/personnel resources.

    Inexperienced team on either the business or IT side.

    Not paying attention to the actions of competitors.

    Entrenched management preferences for legacy systems.

    Sales culture that downplays the potential value of technology or new applications.

    IT is only one or two degrees of separation from the end customer: so take a customer-centric approach

    IT →Marketing, Sales, and Service →External Customers

    Internal-Facing Applications

    • IT enables, supports, and maintains the applications used by the organization to market to, sell to, and service customers. IT provides the infrastructural and technical foundation to operate the function.

    Customer-Facing Applications

    • IT supports customer-facing interfaces and channels for customer interaction.
    • Channel examples include web pages, mobile device applications and optimization, and interactive voice response for callers.

    Info-Tech Insight

    IT often overlooks direct customer considerations when devising a technology strategy for CXM. Instead, IT leaders rely on other business stakeholders to simply pass on requirements. By sitting down with their counterparts in marketing and sales, and fully understanding business drivers and customer personas, IT will be much better positioned to roll out supporting applications that drive customer engagement.

    A well-aligned CXM strategy recognizes a clear delineation of responsibilities between IT, sales, marketing, and service

    • When thinking about CXM, IT must recognize that it is responsible for being a trusted partner for technology enablement. This means that IT has a duty to:
      • Develop an in-depth understanding of strategic business requirements for CXM. Base your understanding of these business requirements on a clear conception of the internal and external environment, customer personas, and business processes in marketing, sales, and customer service.
      • Assist with shortlisting and supporting different channels for customer interaction (including email, telephony, web presence, and social media).
      • Create a rationalized, cohesive application portfolio for CXM that blends different enabling technologies together to support strategic business requirements.
      • Provide support for vendor shortlisting, selection, and implementation of CXM applications.
      • Assist with end-user adoption of CXM applications (i.e. training and ongoing support).
      • Provide initiatives that assist with technical excellence for CXM (such as data quality, integration, analytics, and application maintenance).
    • The business (marketing, sales, customer service) owns the business requirements and must be responsible for setting top-level objectives for customer interaction (e.g. product and pricing decisions, marketing collateral, territory management, etc.). IT should not take over decisions on customer experience strategy. However, IT should be working in lockstep with its counterparts in the business to assist with understanding business requirements through a customer-facing lens. For example, persona development is best done in cross-functional teams between IT and Marketing.

    Activity: Identify the business drivers for CXM to establish the strategy’s guiding principles

    1.1.3 30 minutes

    Input

    • Business drivers for CXM

    Output

    • Guiding principles for CXM strategy

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Define the assumptions and business drivers that have an impact on technology enablement for CXM. What is driving the current marketing, sales, and service strategy on the business side?
    Business Driver Name Driver Assumptions, Capabilities, and Constraints Impact on CXM Strategy
    High degree of customer-centric solution selling A technically complex product means that solution selling approaches are employed – sales cycles are long. There is a strong need for applications and data quality processes that support longer-term customer relationships rather than transactional selling.
    High desire to increase scalability of sales processes Although sales cycles are long, the organization wishes to increase the effectiveness of rep time via marketing automation where possible. Sales is always looking for new ways to leverage their reps for face-to-face solution selling while leaving low-level tasks to automation. Marketing wants to support these tasks.
    Highly remote sales team and unusual hours are the norm Not based around core hours – significant overtime or remote working occurs frequently. Misalignment between IT working only core hours and after-hours teams leads to lag times that can delay work. Scheduling of preventative sales maintenance must typically be done on weekends rather than weekday evenings.

    Activity: Identify the IT drivers for CXM to establish the strategy’s guiding principles

    1.1.4 30 minutes

    Input

    • IT drivers for CXM

    Output

    • Guiding principles for CXM strategy

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Define the assumptions and IT drivers that have an impact on technology enablement for CXM. What is driving the current IT strategy for supporting marketing, sales, and service initiatives?
    IT Driver Name Driver Assumptions, Capabilities, and Constraints Impact on CXM Strategy
    Sales Application Procurement Methodology Strong preference for on-premise COTS deployments over homebrewed applications. IT may not be able to support cloud-based sales applications due to security requirements for on premise.
    Vendor Relations Minimal vendor relationships; SLAs not drafted internally but used as part of standard agreement. IT may want to investigate tightening up SLAs with vendors to ensure more timely support is available for their sales teams.
    Development Methodology Agile methodology employed, some pockets of Waterfall employed for large-scale deployments. Agile development means more perfective maintenance requests come in, but it leads to greater responsiveness for making urgent corrective changes to non-COTS products.
    Data Quality Approach IT sees as Sales’ responsibility IT is not standing as a strategic partner for helping to keep data clean, causing dissatisfaction from customer-facing departments.
    Staffing Availability Limited to 9–5 Execution of sales support takes place during core hours only, limiting response times and access for on-the-road sales personnel.

    Activity: Use IT and business drivers to create guiding principles for your CXM technology-enablement project

    1.1.5 30 minutes

    Input

    • Business drivers and IT drivers from 1.1.3 and 1.1.4

    Output

    • CXM mission statement

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Based on the IT and business drivers identified, craft guiding principles for CXM technology enablement. Keep guiding principles in mind throughout the project and ensure they support (or reconcile) the business and IT drivers.

    Guiding Principle Description
    Sales processes must be scalable. Our sales processes must be able to reach a high number of target customers in a short time without straining systems or personnel.
    Marketing processes must be high touch. Processes must be oriented to support technically sophisticated, solution-selling methodologies.

    2. Summarize the guiding principles above by creating a CXM mission statement. See below for an example.

    Example: CXM Mission Statement

    To ensure our marketing, sales and service team is equipped with tools that will allow them to reach out to a large volume of contacts while still providing a solution-selling approach. This will be done with secure, on-premise systems to safeguard customer data.

    Ensure that now is the right time to take a step back and develop the CXM strategy

    Determine if now is the right time to move forward with building (or overhauling) your technology-enablement strategy for CXM.

    Not all organizations will be able to proceed immediately to optimize their CXM technology enablement. Determine if the organizational willingness, backbone, and resources are present to commit to overhauling the existing strategy. If you’re not ready to proceed, consider waiting to begin this project until you can procure the right resources.

    Do not proceed if:

    • Your current strategy for supporting marketing, sales, and service is working well and IT is already viewed as a strategic partner by these groups. Your current strategy is well aligned with customer preferences.
    • The current strategy is not working well, but there is no consensus or support from senior management for improving it.
    • You cannot secure the resources or time to devote to thoroughly examining the current state and selecting improvement initiatives.
    • The strategy has been approved, but there is no budget in place to support it at this time.

    Proceed if:

    • Senior management has agreed that technology support for CXM should be improved.
    • Sub-divisions within IT, sales, marketing, and service are on the same page about the need to improve alignment.
    • You have an approximate budget to work with for the project and believe you can secure additional funding to execute at least some improvement initiatives.
    • You understand how improving CXM alignment will fit into the broader customer interaction ecosystem in your organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.3; 1.1.4; 1.1.5 - Identify business and IT drivers to create CXM guiding principles

    The facilitator will work with stakeholders from both the business and IT to identify implicit or explicit strategic drivers that will support (or pose constraints on) the technology-enablement framework for the CXM strategy. In doing so, guiding principles will be established for the project.

    Step 1.2: Structure the Project

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Define the project purpose, objectives, and business metrics
    • Define the scope of the CXM strategy
    • Create the project team
    • Build a RACI chart
    • Develop a timeline with project milestones
    • Identify risks and create mitigation strategies
    • Complete the strategy project charter and obtain approval

    Outcomes:

    CXM Strategy Project Charter Template

    • Purpose, objectives, metrics
    • Scope
    • Project team & RACI
    • Timeline
    • Risks & mitigation strategies
    • Project sponsorship

    Use Info-Tech’s CXM Strategy Project Charter Template to outline critical components of the CXM project

    1.2.1 CXM Strategy Project Charter Template

    Having a project charter is the first step for any project: it specifies how the project will be resourced from a people, process, and technology perspective, and it clearly outlines major project milestones and timelines for strategy development. CXM technology enablement crosses many organizational boundaries, so a project charter is a very useful tool for ensuring everyone is on the same page.

    Sections of the document:

    1. Project Drivers, Rationale, and Context
    2. Project Objectives, Metrics, and Purpose
    3. Project Scope Definition
    4. Project Team Roles and Responsibilities (RACI)
    5. Project Timeline
    6. Risk Mitigation Strategy
    7. Project Metrics
    8. Project Review & Approvals

    INFO-TECH DELIVERABLE

    CXM Strategy Project Charter Template

    Populate the relevant sections of your project charter as you complete activities 1.2.2-1.2.8.

    Understand the roles necessary to complete your CXM technology-enablement strategy

    Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title Role Within Project Structure
    Project Sponsor
    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CIO, CMO, VP of Sales, VP of Customer Care, or similar
    Project Manager
    • The IT individual(s) that will oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications or other IT Manager, Business Analyst, Business Process Owner, or similar
    Business Lead
    • Works alongside the IT PM to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar
    Project Team
    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions. Can assist with persona and scenario development for CXM.
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs
    Steering Committee
    • Comprised of C-suite/management level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs and similar

    Info-Tech Insight

    Do not limit project input or participation to the aforementioned roles. Include subject matter experts and internal stakeholders at particular stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CXM technology-enablement strategy.

    Activity: Kick-off the CXM project by defining the project purpose, project objectives, and business metrics

    1.2.2 30 minutes

    Input

    • Activities 1.1.1 to 1.1.5

    Output

    • Drivers & rationale
    • Purpose statement
    • Business goals
    • Business metrics
    • CXM Strategy Project Charter Template, sections 1.0, 2.0, and 2.1

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Sponsor
    • Project Manager
    • Business Lead
    • Steering Committee

    Instructions

    Hold a meeting with IT, Marketing, Sales, Service, Operations, and any other impacted business stakeholders that have input into CXM to accomplish the following:

    1. Discuss the drivers and rationale behind embarking on a CXM strategy.
    2. Develop and concede on objectives for the CXM project, metrics that will gauge its success, and goals for each metric.
    3. Create a project purpose statement that is informed by decided-upon objectives and metrics from the steps above. When establishing a project purpose, ask the question, “what are we trying to accomplish?”
    • Example: Project Purpose Statement
      • The organization is creating a CXM strategy to gather high-level requirements from the business, IT, and Marketing, Sales, and Service, to ensure that the selection and deployment of the CXM meets the needs of the broader organization and provides the greatest return on investment.
  • Document your project drivers and rationale, purpose statement, project objectives, and business metrics in Info-Tech’s CXM Strategy Project Charter Template in sections 1.0 and 2.0.
  • Info-Tech Insight

    Going forward, set up a quarterly review process to understand changing needs. It is rare that organizations never change their marketing and sales strategy. This will change the way the CXM will be utilized.

    Establish baseline metrics for customer engagement

    In order to gauge the effectiveness of CXM technology enablement, establish core metrics:

    1. Marketing Metrics: pertaining to share of voice, share of wallet, market share, lead generation, etc.
    2. Sales Metrics: pertaining to overall revenue, average deal size, number of accounts, MCV, lead warmth, etc.
    3. Customer Service Metrics: pertaining to call volumes, average time to resolution, first contact resolution, customer satisfaction, etc.
    4. IT Metrics: pertaining to end-user satisfaction with CXM applications, number of tickets, contract value, etc.
    Metric Description Current Metric Future Goal
    Market Share 25% 35%
    Share of Voice (All Channels) 40% 50%
    Average Deal Size $10,500 $12,000
    Account Volume 1,400 1,800
    Average Time to Resolution 32 min 25 min
    First Contact Resolution 15% 35%
    Web Traffic per Month (Unique Visitors) 10,000 15,000
    End-User Satisfaction 62% 85%+
    Other metric
    Other metric
    Other metric

    Understand the importance of setting project expectations with a scope statement

    Be sure to understand what is in scope for a CXM strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling ERP or BI under CXM.

    In Scope

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of CXM will be based on the scope statement.

    Scope Creep

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. CRM, MMS, SMMP, etc.), rather than granular requirements that would lead to vendor application selection (e.g. Salesforce, Marketo, Hootsuite, etc.).

    Out of Scope

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration. For example, fulfilment and logistics management is out of scope as it pertains to CXM.

    In Scope
    Strategy
    High-Level CXM Application Requirements CXM Strategic Direction Category Level Application Solutions (e.g. CRM, MMS, etc.)
    Out of Scope
    Software Selection
    Vendor Application Review Vendor Application Selection Granular Application System Requirements

    Activity: Define the scope of the CXM strategy

    1.2.3 30 minutes

    Input

    • N/A

    Output

    • Project scope and parameters
    • CXM Strategy Project Charter Template, section 3.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Sponsor
    • Project Manager
    • Business Lead

    Instructions

    1. Formulate a scope statement. Decide which people, processes, and functions the CXM strategy will address. Generally, the aim of this project is to develop strategic requirements for the CXM application portfolio – not to select individual vendors.
    2. Document your scope statement in Info-Tech’s CXM Strategy Project Charter Template in section 3.0.

    To form your scope statement, ask the following questions:

    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    Identify the right stakeholders to include on your project team

    Consider the core team functions when composing the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CXM strategy.

    Required Skills/Knowledge Suggested Project Team Members
    IT
    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • CRM Application Manager
    • Business Process Manager
    • Integration Manager
    • Application Developer
    • Data Stewards
    Business
    • Understanding of the customer
    • Departmental processes
    • Sales Manager
    • Marketing Manager
    • Customer Service Manager
    Other
    • Operations
    • Administrative
    • Change management
    • Operations Manager
    • CFO
    • Change Management Manager

    Info-Tech Insight

    Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as marketing, sales, service, and finance, as well as IT.

    Activity: Create the project team

    1.2.4 45 minutes

    Input

    • Scope Statement (output of Activity 1.2.3).

    Output

    • Project Team
    • CXM Strategy Project Charter Template, section 4.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Review your scope statement. Have a discussion to generate a complete list of key stakeholders that are needed to achieve the scope of work.
    2. Using the previously generated list, identify a candidate for each role and determine their responsibilities and expected time commitment for the CXM strategy project.
    3. Document the project team in Info-Tech’s CXM Strategy Project Charter Template in section 4.0.

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core CXM strategy team members, and then structure a RACI chart with the relevant categories and roles for the overall project.

    Responsible - Conducts work to achieve the task

    Accountable - Answerable for completeness of task

    Consulted - Provides input for the task

    Informed - Receives updates on the task

    Info-Tech Insight

    Avoid missed tasks between inter-functional communications by defining roles and responsibilities for the project as early as possible.

    Benefits of Assigning RACI Early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring that stakeholders are kept informed of project progress, risks, and successes.

    Activity: Build a RACI chart

    1.2.5 30 minutes

    Input

    • Project Team (output of Activity 1.2.4)

    Output

    • RACI chart
    • CXM Strategy Project Charter Template, section 4.2

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Identify the key stakeholder teams that should be involved in the CXM strategy project. You should have a cross-functional team that encompasses both IT (various units) and the business.
    2. Determine whether each stakeholder should be responsible, accountable, consulted, and/or informed with respect to each overarching project step.
    3. Confirm and communicate the results to relevant stakeholders and obtain their approval.
    4. Document the RACI chart in Info-Tech’s CXM Strategy Project Charter Template in section 4.2.
    Example: RACI Chart Project Sponsor (e.g. CMO) Project Manager (e.g. Applications Manager) Business Lead (e.g. Marketing Director) Steering Committee (e.g. PM, CMO, CFO…) Project Team (e.g. PM, BL, SMEs…)
    Assess Project Value I C A R C
    Conduct a Current State Assessment I I A C R
    Design Application Portfolio I C A R I
    Create CXM Roadmap R R A I I
    ... ... ... ... ... ...

    Activity: Develop a timeline in order to specify concrete project milestones

    1.2.6 30 minutes

    Input

    • N/A

    Output

    • Project timeline
    • CXM Strategy Project Charter Template, section 5.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Assign responsibilities, accountabilities, and other project involvement to each project team role using a RACI chart. Remember to consider dependencies when creating the schedule and identifying appropriate subtasks.
    2. Document the timeline in Info-Tech’s CXM Strategy Project Charter Template in section 5.0.
    Key Activities Start Date End Date Target Status Resource(s)
    Structure the Project and Build the Project Team
    Articulate Business Objectives and Define Vision for Future State
    Document Current State and Assess Gaps
    Identify CXM Technology Solutions
    Build the Strategy for CXM
    Implement the Strategy

    Assess project-associated risk by understanding common barriers and enablers

    Common Internal Risk Factors

    Management Support Change Management IT Readiness
    Definition The degree of understanding and acceptance of CXM as a concept and necessary portfolio of technologies. The degree to which employees are ready to accept change and the organization is ready to manage it. The degree to which the organization is equipped with IT resources to handle new systems and processes.
    Assessment Outcomes
    • Is CXM enablement recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is there an organizational awareness of the importance of customer experience?
    • Who are the owners of process and content?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    • What are the important integration points throughout the business?
    Risk
    • Low management buy-in
    • Lack of funding
    • Lack of resources
    • Low employee motivation
    • Lack of ownership
    • Low user adoption
    • Poor implementation
    • Reliance on consultants

    Activity: Identify the risks and create mitigation strategies

    1.2.7 45 minutes

    Input

    • N/A

    Output

    • Risk mitigation strategy
    • CXM Strategy Project Charter Template, section 6.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead
    • Project Team

    Instructions

    1. Brainstorm a list of possible risks that may impede the progress of your CXM project.
    2. Classify risks as strategy based (related to planning) or systems based (related to technology).
    3. Brainstorm mitigation strategies to overcome each risk.
    4. On a scale of 1 to 3, determine the impact of each risk on project success and the likelihood of each risk occurring.
    5. Document your findings in Info-Tech’s CXM Strategy Project Charter Template in section 6.0.

    Likelihood:

    1 - High/Needs Focus

    2 - Can Be Mitigated

    3 - Unlikely

    Impact

    1 - High Impact

    2 - Moderate Impact

    3 - Minimal Impact

    Example: Risk Register and Mitigation Tactics

    Risk Impact Likelihood Mitigation Effort
    Cost of time and implementation: designing a robust portfolio of CXM applications can be a time consuming task, representing a heavy investment for the organization 1 1
    • Have a clear strategic plan and a defined time frame
    • Know your end-user requirements
    • Put together an effective and diverse strategy project team
    Availability of resources: lack of in-house resources (e.g. infrastructure, CXM application developers) may result in the need to insource or outsource resources 1 2
    • Prepare a plan to insource talent by hiring or transferring talent from other departments – e.g. marketing and customer service

    Activity: Complete the project charter and obtain approval

    1.2.8 45 minutes

    Input

    • N/A

    Output

    • Project approval
    • CXM Strategy Project Charter Template, section 8.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead
    • Project Team

    Instructions

    Before beginning to develop the CXM strategy, validate the project charter and metrics with senior sponsors or stakeholders and receive their approval to proceed.

    1. Schedule a 30-60 minute meeting with senior stakeholders and conduct a live review of your CXM strategy project charter.
    2. Obtain stakeholder approval to ensure there are no miscommunications or misunderstandings around the scope of the work that needs to be done to reach a successful project outcome. Final sign-off should only take place when mutual consensus has been reached.
      • Obtaining approval should be an iterative process; if senior management has concerns over certain aspects of the plan, revise and review again.

    Info-Tech Insight

    In most circumstances, you should have your CXM strategy project charter validated with the following stakeholders:

    • Chief Information Officer
    • IT Applications Director
    • CFO or Comptroller (for budget approval)
    • Chief Marketing Office or Head of Marketing
    • Chief Revenue Officer or VP of Sales
    • VP Customer Service

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.2 Define project purpose, objectives, and business metrics

    Through an in-depth discussion, an analyst will help you prioritize corporate objectives and organizational drivers to establish a distinct project purpose.

    1.2.3 Define the scope of the CXM strategy

    An analyst will facilitate a discussion to address critical questions to understand your distinct business needs. These questions include: What are the major coverage points? Who will be using the system?

    1.2.4; 1.2.5; 1.2.6 Create the CXM project team, build a RACI chart, and establish a timeline

    Our analysts will guide you through how to create a designated project team to ensure the success of your CXM strategy and suite selection initiative, including project milestones and team composition, as well as designated duties and responsibilities.

    Phase 2

    Create a Strategic Framework for CXM Technology Enablement

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 2 outline: Steps 2.1 and 2.2

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Create a Strategic Framework for CXM Technology Enablement

    Proposed Time to Completion: 4 weeks

    Step 2.1: Scan the External Environment

    Start with an analyst kick-off call:

    • Discuss external drivers
    • Assess competitive environment
    • Review persona development
    • Review scenarios

    Then complete these activities…

    • Build the CXM operating model
    • Conduct a competitive analysis
    • Conduct a PEST analysis
    • Build personas and scenarios

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Step 2.2: Assess the Current State for CRM

    Review findings with analyst:

    • Review SWOT analysis
    • Review VRIO analysis
    • Discuss strategic requirements for CXM

    Then complete these activities…

    • Conduct a SWOT analysis
    • Conduct a VRIO analysis
    • Inventory existing applications

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Phase 2 outline: Steps 2.3 and 2.4

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Create a Strategic Framework for CXM Technology Enablement

    Proposed Time to Completion: 4 weeks

    Step 2.3: Create an Application Portfolio

    Start with an analyst kick-off call:

    • Discuss possible business process maps
    • Discuss strategic requirements
    • Review application portfolio results

    Then complete these activities…

    • Build business maps
    • Execute application mapping

    With these tools & templates:

    CXM Portfolio Designer

    CXM Strategy Stakeholder Presentation Template

    CXM Business Process Shortlisting Tool

    Step 2.4: Develop Deployment Best Practices

    Review findings with analyst:

    • Review possible integration maps
    • Discuss best practices for end-user adoption
    • Discuss best practices for customer data quality

    Then complete these activities…

    • Create CXM integration ecosystem
    • Develop adoption game plan
    • Create data quality standards

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Phase 2 Results & Insights:

    • Application portfolio for CXM
    • Deployment best practices for areas such as integration, data quality, and end-user adoption

    Step 2.1: Scan the External Environment

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Inventory CXM drivers and organizational objectives
    • Identify CXM challenges and pain points
    • Discuss opportunities and benefits
    • Align corporate and CXM strategies
    • Conduct a competitive analysis
    • Conduct a PEST analysis and extract strategic requirements
    • Build customer personas and extract strategic requirements

    Outcomes:

    • CXM operating model
      • Organizational drivers
      • Environmental factors
      • Barriers
      • Enablers
    • PEST analysis
    • External customer personas
    • Customer journey scenarios
    • Strategic requirements for CXM

    Develop a CXM technology operating model that takes stock of needs, drivers, barriers, and enablers

    Establish the drivers, enablers, and barriers to developing a CXM technology enablement strategy. In doing so, consider needs, environmental factors, organizational drivers, and technology drivers as inputs.

    CXM Strategy

    • Barriers
      • Lack of Resources
      • Cultural Mindset
      • Resistance to Change
      • Poor End-User Adoption
    • Enablers
      • Senior Management Support
      • Customer Data Quality
      • Current Technology Portfolio
    • Business Needs (What are your business drivers? What are current marketing, sales, and customer service pains?)
      • Acquisition Pipeline Management
      • Live Chat for Support
      • Social Media Analytics
      • Etc.
    • Organizational Goals
      • Increase Profitability
      • Enhance Customer Experience Consistency
      • Reduce Time-to-Resolution
      • Increase First Contact Resolution
      • Boost Share of Voice
    • Environmental Factors (What factors that affect your strategy are out of your control?)
      • Customer Buying Habits
      • Changing Technology Trends
      • Competitive Landscape
      • Regulatory Requirements
    • Technology Drivers (Why do you need a new system? What is the purpose for becoming an integrated organization?)
      • System Integration
      • Reporting Capabilities
      • Deployment Model

    Understand your needs, drivers, and organizational objectives for creating a CXM strategy

    Business Needs Organizational Drivers Technology Drivers Environmental Factors
    Definition A business need is a requirement associated with a particular business process (for example, Marketing needs customer insights from the website – the business need would therefore be web analytics capabilities). Organizational drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance. Technology drivers are technological changes that have created the need for a new CXM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business.
    Examples
    • Web analytics
    • Live chat capabilities
    • Mobile self-service
    • Social media listening
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic factors
    • Customer preferences
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    A common organizational driver is to provide adequate technology enablement across multiple channels, resulting in a consistent customer experience. This driver is a result of external considerations. Many industries today are highly competitive and rapidly changing. To succeed under these pressures, you must have a rationalized portfolio of enterprise applications for customer interaction.

    Activity: Inventory and discuss CXM drivers and organizational objectives

    2.1.1 30 minutes

    Input

    • Business needs
    • Exercise 1.1.3
    • Exercise 1.1.4
    • Environmental factors

    Output

    • CXM operating model inputs
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm the business needs, organizational drivers, technology drivers, and environmental factors that will inform the CXM strategy. Draw from exercises 1.1.3-1.1.5.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is a graphic, with a rectangle split into three sections in the centre. The three sections are: Barriers; CXM Strategy; Enablers. Around the centre are 4 more rectangles, labelled: Business Needs; Organizational Drivers; Technology Drivers; Environmental Factors. The outer rectangles are a slightly darker shade of grey than the others, highlighting them.

    Understand challenges and barriers to creating and executing the CXM technology-enablement strategy

    Take stock of internal challenges and barriers to effective CXM strategy execution.

    Example: Internal Challenges & Potential Barriers

    Understanding the Customer Change Management IT Readiness
    Definition The degree to which a holistic understanding of the customer can be created, including customer demographic and psychographics. The degree to which employees are ready to accept operational and cultural changes and the degree to which the organization is ready to manage it. The degree to which IT is ready to support new technologies and processes associated with a portfolio of CXM applications.
    Questions to Ask
    • As an organization, do we have a true understanding of our customers?
    • How might we achieve a complete understanding of the customer throughout different phases of the customer lifecycle?
    • Are employees resistant to change?
    • Are there enough resources to drive an CXM strategy?
    • To what degree is the existing organizational culture customer-centric?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Implications
    • Uninformed creation of CXM strategic requirements
    • Inadequate understanding of customer needs and wants
    • User acceptance
    • Lack of ownership
    • Lack of accountability
    • Lack of sustainability
    • Poor implementation
    • Reliance on expensive external consultants
    • Lack of sustainability

    Activity: Identify CXM challenges and pain points

    2.1.2 30 minutes

    Input

    • Challenges
    • Pain points

    Output

    • CXM operating model barriers
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm the challenges and pain points that may act as barriers to the successful planning and execution of a CXM strategy.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is the same graphic from a previous section. In this instance, the Barriers sections is highlighted.

    Identify opportunities that can enable CXM strategy execution

    Existing internal conditions, capabilities, and resources can create opportunities to enable the CXM strategy. These opportunities are critical to overcoming challenges and barriers.

    Example: Opportunities to Leverage for Strategy Enablement

    Management Buy-In Customer Data Quality Current Technology Portfolio
    Definition The degree to which upper management understands and is willing to enable a CXM project, complete with sponsorship, funding, and resource allocation. The degree to which customer data is accurate, consistent, complete, and reliable. Strong customer data quality is an opportunity – poor data quality is a barrier. The degree to which the existing portfolio of CXM-supporting enterprise applications can be leveraged to enable the CXM strategy.
    Questions to Ask
    • Is management informed of changing technology trends and the subsequent need for CXM?
    • Are adequate funding and resourcing available to support a CXM project, from strategy creation to implementation?
    • Are there any data quality issues?
    • Is there one source of truth for customer data?
    • Are there duplicate or incomplete sets of data?
    • Does a strong CRM backbone exist?
    • What marketing, sales, and customer service applications exist?
    • Are CXM-enabling applications rated highly on usage and performance?
    Implications
    • Need for CXM clearly demonstrated
    • Financial and logistical feasibility
    • Consolidated data quality governance initiatives
    • Informed decision making
    • Foundation for CXM technology enablement largely in place
    • Reduced investment of time and money needed

    Activity: Discuss opportunities and benefits

    2.1.3 30 minutes

    Input

    • Opportunities
    • Benefits

    Output

    • Completed CXM operating model
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm opportunities that should be leveraged or benefits that should be realized to enable the successful planning and execution of a CXM strategy.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is the same graphic from earlier sections, this time with the Enablers section highlighted.

    Ensure that you align your CXM technology strategy to the broader corporate strategy

    A successful CXM strategy requires a comprehensive understanding of an organization’s overall corporate strategy and its effects on the interrelated departments of marketing, sales, and service, including subsequent technology implications. For example, a CXM strategy that emphasizes tools for omnichannel management and is at odds with a corporate strategy that focuses on only one or two channels will fail.

    Corporate Strategy

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.

    CXM Strategy

    • Communicates the company’s budget and spending on CXM applications and initiatives.
    • Identifies IT initiatives that will support the business and key CXM objectives, specific to marketing, sales, and service.
    • Outlines staffing and resourcing for CXM initiatives.

    Unified Strategy

    • The CXM implementation can be linked, with metrics, to the corporate strategy and ultimate business objectives.

    Info-Tech Insight

    Your organization’s corporate strategy is especially important in dictating the direction of the CXM strategy. Corporate strategies are often focused on customer-facing activity and will heavily influence the direction of marketing, sales, customer service, and consequentially, CXM. Corporate strategies will often dictate market targeting, sales tactics, service models, and more.

    Review sample organizational objectives to decipher how CXM technologies can support such objectives

    Identifying organizational objectives of high priority will assist in breaking down CXM objectives to better align with the overall corporate strategy and achieve buy-in from key stakeholders.

    Corporate Objectives Aligned CXM Technology Objectives
    Increase Revenue Enable lead scoring Deploy sales collateral management tools Improve average cost per lead via a marketing automation tool
    Enhance Market Share Enhance targeting effectiveness with a CRM Increase social media presence via an SMMP Architect customer intelligence analysis
    Improve Customer Satisfaction Reduce time-to-resolution via better routing Increase accessibility to customer service with live chat Improve first contact resolution with customer KB
    Increase Customer Retention Use a loyalty management application Improve channel options for existing customers Use customer analytics to drive targeted offers
    Create Customer-Centric Culture Ensure strong training and user adoption programs Use CRM to provide 360-degree view of all customer interaction Incorporate the voice of the customer into product development

    Activity: Review your corporate strategy and validate its alignment with the CXM operating model

    2.1.4 30 minutes

    Input

    • Corporate strategy
    • CXM operating model (completed in Activity 2.1.3)

    Output

    • Strategic alignment between the business and CXM strategies

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm and create a list of organizational objectives at the corporate strategy level.
    2. Break down each organizational objective to identify how CXM may support it.
    3. Validate CXM goals and organizational objectives with your CXM operating model. Be sure to address the validity of each with the business needs, organizational drivers, technology drivers, and environmental factors identified as inputs to the operating model.

    Amazon leverages customer data to drive decision making around targeted offers and customer experience

    CASE STUDY

    Industry E-Commerce

    Source Pardot, 2012

    Situation

    Amazon.com, Inc. is an American electronic commerce and cloud computing company. It is the largest e-commerce retailer in the US.

    Amazon originated as an online book store, later diversifying to sell various forms of media, software, games, electronics, apparel, furniture, food, toys, and more.

    By taking a data-driven approach to marketing and sales, Amazon was able to understand its customers’ needs and wants, penetrate different product markets, and create a consistently personalized online-shopping customer experience that keeps customers coming back.

    Technology Strategy

    Use Browsing Data Effectively

    Amazon leverages marketing automation suites to view recent activities of prospects on its website. In doing so, a more complete view of the customer is achieved, including insights into purchasing interests and site navigation behaviors.

    Optimize Based on Interactions

    Using customer intelligence, Amazon surveys and studies standard engagement metrics like open rate, click-through rate, and unsubscribes to ensure the optimal degree of marketing is being targeted to existing and prospective customers, depending on level of engagement.

    Results

    Insights gained from having a complete understanding of the customer (from basic demographic characteristics provided in customer account profiles to observed psychographic behaviors captured by customer intelligence applications) are used to personalize Amazon’s sales and marketing approaches. This is represented through targeted suggestions in the “recommended for you” section of the browsing experience and tailored email marketing.

    It is this capability, partnered with the technological ability to observe and measure customer engagement, that allows Amazon to create individual customer experiences.

    Scan the external environment to understand your customers, competitors, and macroenvironmental trends

    Do not develop your CXM technology strategy in isolation. Work with Marketing to understand your STP strategy (segmentation, targeting, positioning): this will inform persona development and technology requirements downstream.

    Market Segmentation

    • Segment target market by demographic, geographic, psychographic, and behavioral characteristics
    • What does the competitive market look like?
    • Who are the key customer segments?
    • What segments are you going to target?

    Market Targeting

    • Evaluate potential and commercial attractiveness of each segment, considering the dynamics of the competition
    • How do you target your customers?
    • How should you target them in the future?
    • How do your products/services differ from the competition?

    Product Positioning

    • Develop detailed product positioning and marketing mixes for selected segments
    • What is the value of the product/service to each segment of the market?
    • How are you positioning your product/service in the market?

    Info-Tech Insight

    It is at this point that you should consider the need for and viability of an omnichannel approach to CXM. Through which channels do you target your customers? Are your customers present and active on a wide variety of channels? Consider how you can position your products, services, and brand through the use of omnichannel methodologies.

    Activity: Conduct a competitive analysis to understand where your market is going

    2.1.5 1 hour

    Input

    • Scan of competitive market
    • Existing customer STP strategy

    Output

    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team
    • Marketing SME

    Instructions

    1. Scan the market for direct and indirect competitors.
    2. Evaluate current and/or future segmentation, targeting, and positioning strategies by answering the following questions:
    • What does the competitive market look like?
    • Who are the key customer segments?
    • What segments are you going to target?
    • How do you target your customers?
    • How should you target them in the future?
    • How do your products/services differ from the competition?
    • What is the value of the product/service to each segment of the market?
    • How are you positioning your product/service in the market?
    • Other helpful questions include:
      • How formally do you target customers? (e.g. through direct contact vs. through passive brand marketing)
      • Does your organization use the shotgun or rifle approach to marketing?
        • Shotgun marketing: targets a broad segment of people, indirectly
        • Rifle marketing: targets smaller and more niche market segments using customer intelligence
  • For each point, identify CXM requirements.
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Activity: Conduct a competitive analysis (cont’d)

    2.1.5 30 minutes

    Input

    • Scan of competitive market

    Output

    • Competitive analysis
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team
    • Marketing SME (e.g. Market Research Stakeholders)

    Instructions

    1. List recent marketing technology and customer experience-related initiatives that your closest competitors have implemented.
    2. For each identified initiative, elaborate on what the competitive implications are for your organization.
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Competitive Implications

    Competitor Organization Recent Initiative Associated Technology Direction of Impact Competitive Implication
    Organization X Multichannel E-Commerce Integration WEM – hybrid integration Positive
    • Up-to-date e-commerce capabilities
    • Automatic product updates via PCM
    Organization Y Web Social Analytics WEM Positive
    • Real-time analytics and customer insights
    • Allows for more targeted content toward the visitor or customer

    Conduct a PEST analysis to determine salient political, economic, social, and technological impacts for CXM

    A PEST analysis is a structured planning method that identifies external environmental factors that could influence the corporate and IT strategy.

    Political - Examine political factors, such as relevant data protection laws and government regulations.

    Economic - Examine economic factors, such as funding, cost of web access, and labor shortages for maintaining the site(s).

    Technological - Examine technological factors, such as new channels, networks, software and software frameworks, database technologies, wireless capabilities, and availability of software as a service.

    Social - Examine social factors, such as gender, race, age, income, and religion.

    Info-Tech Insight

    When looking at opportunities and threats, PEST analysis can help to ensure that you do not overlook external factors, such as technological changes in your industry. When conducting your PEST analysis specifically for CXM, pay particular attention to the rapid rate of change in the technology bucket. New channels and applications are constantly emerging and evolving, and seeing differential adoption by potential customers.

    Activity: Conduct and review the PEST analysis

    2.1.6 30 minutes

    Input

    • Political, economic, social, and technological factors related to CXM

    Output

    • Completed PEST analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Identify your current strengths and weaknesses in managing the customer experience.
    2. Identify any opportunities to take advantage of and threats to mitigate.

    Example: PEST Analysis

    Political

    • Data privacy for PII
    • ADA legislation for accessible design

    Economic

    • Spending via online increasing
    • Focus on share of wallet

    Technological

    • Rise in mobile
    • Geo-location based services
    • Internet of Things
    • Omnichannel

    Social

    • Increased spending power by millennials
    • Changing channel preferences
    • Self-service models

    Activity: Translate your PEST analysis into a list of strategic CXM technology requirements to be addressed

    2.1.7 30 minutes

    Input

    • PEST Analysis conducted in Activity 2.1.6.

    Output

    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    For each PEST quadrant:

    1. Document the point and relate it to a goal.
    2. For each point, identify CXM requirements.
    3. Sort goals and requirements to eliminate duplicates.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Parsing Requirements from PEST Analysis

    Technological Trend: There has been a sharp increase in popularity of mobile self-service models for buying habits and customer service access.

    Goal: Streamline mobile application to be compatible with all mobile devices. Create consistent branding across all service delivery applications (e.g. website, etc.).

    Strategic Requirement: Develop a native mobile application while also ensuring that resources through our web presence are built with responsive design interface.

    IT must fully understand the voice of the customer: work with Marketing to develop customer personas

    Creating a customer-centric CXM technology strategy requires archetypal customer personas. Creating customer personas will enable you to talk concretely about them as consumers of your customer experience and allow you to build buyer scenarios around them.

    A persona (or archetypal user) is an invented person that represents a type of user in a particular use-case scenario. In this case, personas can be based on real customers.

    Components of a persona Example – Organization: Grocery Store
    Name Name personas to reflect a key attribute such as the persona’s primary role or motivation Brand Loyal Linda: A stay-at-home mother dedicated to maintaining and caring for a household of 5 people
    Demographic Include basic descriptors of the persona (e.g. age, geographic location, preferred language, education, job, employer, household income, etc.) Age: 42 years old Geographic location: London Suburbia Language: English Education: Post-secondary Job: Stay-at-home mother Annual Household Income: $100,000+
    Wants, needs, pain points Identify surface-level motivations for buying habits

    Wants: Local products Needs: Health products; child-safe products

    Pain points: Fragmented shopping experience

    Psychographic/behavioral traits Observe persona traits that are representative of the customers’ behaviors (e.g. attitudes, buying patterns, etc.)

    Psychographic: Detail-oriented, creature of habit

    Behavioral: Shops at large grocery store twice a week, visits farmers market on Saturdays, buys organic products online

    Activity: Build personas for your customers

    2.1.8 2 hours

    Input

    • Customer demographics and psychographics

    Output

    • List of prioritized customer personas
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    Project Team

    Instructions

    1. In 2-4 groups, list all the customer personas that need to be built. In doing so, consider the people who interact with your organization most often.
    2. Build a demographic profile for each customer persona. Include information such as age, geographic location, occupation, annual income, etc.
    3. Augment the persona with a psychographic profile of each customer. Consider the goals and objectives of each customer persona and how these might inform buyer behaviors.
    4. Introduce your group’s personas to the entire group, in a round-robin fashion, as if you are introducing your persona at a party.
    5. Summarize the personas in a persona map. Rank your personas according to importance and remove any duplicates.

    Info-Tech Insight

    For CXM, persona building is typically used for understanding the external customer; however, if you need to gain a better understanding of the organization’s internal customers (those who will be interacting with CXM applications), personas can also be built for this purpose. Examples of useful internal personas are sales managers, brand managers, customer service directors, etc.

    Sample Persona Templates

    Fred, 40

    The Family Man

    Post-secondary educated, white-collar professional, three children

    Goals & Objectives

    • Maintain a stable secure lifestyle
    • Progress his career
    • Obtain a good future for his children

    Behaviors

    • Manages household and finances
    • Stays actively involved in children’s activities and education
    • Seeks potential career development
    • Uses a cellphone and email frequently
    • Sometimes follows friends Facebook pages

    Services of Interest

    • SFA, career counselling, job boards, day care, SHHS
    • Access to information via in-person, phone, online

    Traits

    General Literacy - High

    Digital Literacy - Mid-High

    Detail-Oriented - High

    Willing to Try New Things - Mid-High

    Motivated and Persistent - Mid-High

    Time Flexible - Mid-High

    Familiar With [Red.] - Mid

    Access to [Red.] Offices - High

    Access to Internet - High

    Ashley, 35

    The Tourist

    Single, college educated, planning vacation in [redacted], interested in [redacted] job opportunities

    Goals & Objectives

    • Relax after finishing a stressful job
    • Have adventures and try new things
    • Find a new job somewhere in Canada

    Behaviors

    • Collects information about things to do in [redacted]
    • Collects information about life in [redacted]
    • Investigates and follows up on potential job opportunities
    • Uses multiple social media to keep in touch with friends
    • Shops online frequently

    Services of Interest

    • SFA, job search, road conditions, ferry schedules, hospital, police station, DL requirements, vehicle rental
    • Access to information via in-person, phone, website, SMS, email, social media

    Traits

    General Literacy - Mid

    Digital Literacy - High

    Detail-Oriented - Mid

    Willing to Try New Things - High

    Motivated and Persistent - Mid

    Time Flexible - Mid-High

    Familiar With [Red.] - Low

    Access to [Red.] Offices - Low

    Access to Internet - High

    Bill, 25

    The Single Parent

    15-year resident of [redacted], high school education, waiter, recently divorced, two children

    Goals & Objectives

    • Improve his career options so he can support his family
    • Find an affordable place to live
    • Be a good parent
    • Work through remaining divorce issues

    Behaviors

    • Tries to get training or experience to improve his career
    • Stays actively involved in his children’s activities
    • Looks for resources and supports to resolve divorce issues
    • Has a cellphone and uses the internet occasionally

    Services of Interest

    • Child care, housing authority, legal aid, parenting resources
    • Access to information via in person, word-of mouth, online, phone, email

    Traits

    General Literacy - Mid

    Digital Literacy - Mid-Low

    Detail-Oriented - Mid-Low

    Willing to Try New Things - Mid

    Motivated and Persistent - High

    Time Flexible - Mid

    Familiar With [Red.] - Mid-High

    Access to [Red.] Offices - High

    Access to Internet - High

    Marie, 19

    The Regional Youth

    Single, [redacted] resident, high school graduate

    Goals & Objectives

    • Get a good job
    • Maintain ties to family and community

    Behaviors

    • Looking for work
    • Gathering information about long-term career choices
    • Trying to get the training or experience that can help her develop a career
    • Staying with her parents until she can get established
    • Has a new cellphone and is learning how to use it
    • Plays videogames and uses the internet at least weekly

    Services of Interest

    • Job search, career counselling
    • Access to information via in-person, online, phone, email, web applications

    Traits

    General Literacy - Mid

    Digital Literacy - Mid

    Detail-Oriented - Mid-Low

    Willing to Try New Things - Mid-High

    Motivated and Persistent - Mid-Low

    Time Flexible - High

    Familiar With [Red.] - Mid-Low

    Access to [Red.] Offices - Mid-Low

    Access to Internet - Mid

    Build key scenarios for each persona to extract strategic requirements for your CXM application portfolio

    A scenario is a story or narrative that helps explore the set of interactions that a customer has with an organization. Scenario mapping will help parse requirements used to design the CXM application portfolio.

    A Good Scenario…

    • Describes specific task(s) that need to be accomplished
    • Describes user goals and motivations
    • Describes interactions with a compelling but not overwhelming amount of detail
    • Can be rough, as long as it provokes ideas and discussion

    Scenarios Are Used To…

    • Provide a shared understanding about what a user might want to do, and how they might want to do it
    • Help construct the sequence of events that are necessary to address in your user interface(s)

    To Create Good Scenarios…

    • Keep scenarios high level, not granular in nature
    • Identify as many scenarios as possible. If you’re time constrained, try to develop 2-3 key scenarios per persona
    • Sketch each scenario out so that stakeholders understand the goal of the scenario

    Activity: Build scenarios for each persona and extract strategic requirements for the CXM strategy

    2.1.9 1.5 hours

    Input

    • Customer personas (output of Activity 2.1.5)

    Output

    • CX scenario maps
    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. For each customer persona created in Activity 2.1.5, build a scenario. Choose and differentiate scenarios based on the customer goal of each scenario (e.g. make online purchase, seek customer support, etc.).
    2. Think through the narrative of how a customer interacts with your organization, at all points throughout the scenario. List each step in the interaction in a sequential order to form a scenario journey.
    3. Examine each step in the scenario and brainstorm strategic requirements that will be needed to support the customer’s use of technology throughout the scenario.
    4. Repeat steps 1-3 for each persona. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Scenario Map

    Persona Name: Brand Loyal Linda

    Scenario Goal: File a complaint about in-store customer service

    Look up “[Store Name] customer service” on public web. →Reach customer support landing page. →Receive proactive notification prompt for online chat with CSR. →Initiate conversation: provide order #. →CSR receives order context and information. →Customer articulates problem, CSR consults knowledgebase. →Discount on next purchase offered. →Send email with discount code to Brand Loyal Linda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1; 2.1.2; 2.1.3; 2.1.4 - Create a CXM operating model

    An analyst will facilitate a discussion to identify what impacts your CXM strategy and how to align it to your corporate strategy. The discussion will take different perspectives into consideration and look at organizational drivers, external environmental factors, as well as internal barriers and enablers.

    2.1.5 Conduct a competitive analysis

    Calling on their depth of expertise in working with a broad spectrum of organizations, our facilitator will help you work through a structured, systematic evaluation of competitors’ actions when it comes to CXM.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.1.6; 2.1.7 - Conduct a PEST analysis

    The facilitator will use guided conversation to target each quadrant of the PEST analysis and help your organization fully enumerate political, economic, social, and technological trends that will influence your CXM strategy. Our analysts are deeply familiar with macroenvironmental trends and can provide expert advice in identifying areas of concern in the PEST and drawing strategic requirements as implications.

    2.1.8; 2.1.9 - Build customer personas and subsequent persona scenarios

    Drawing on the preceding exercises as inputs, the facilitator will help the team create and refine personas, create respective customer interaction scenarios, and parse strategic requirements to support your technology portfolio for CXM.

    Step 2.2: Assess the Current State of CXM

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Conduct a SWOT analysis and extract strategic requirements
    • Inventory existing CXM applications and assess end-user usage and satisfaction
    • Conduct a VRIO analysis and extract strategic requirements

    Outcomes:

    • SWOT analysis
    • VRIO analysis
    • Current state application portfolio
    • Strategic requirements

    Conduct a SWOT analysis to prepare for creating your CXM strategy

    A SWOT analysis is a structured planning method that evaluates the strengths, weaknesses, opportunities, and threats involved in a project.

    Strengths - Strengths describe the positive attributes that are within your control and internal to your organization (i.e. what do you do better than anyone else?)

    Weaknesses - Weaknesses are internal aspects of your business that place you at a competitive disadvantage; think of what you need to enhance to compete with your top competitor.

    Opportunities - Opportunities are external factors the project can capitalize on. Think of them as factors that represent reasons your business is likely to prosper.

    Threats - Threats are external factors that could jeopardize the project. While you may not have control over these, you will benefit from having contingency plans to address them if they occur.

    Info-Tech Insight

    When evaluating weaknesses of your current CXM strategy, ensure that you’re taking into account not just existing applications and business processes, but also potential deficits in your organization’s channel strategy and go-to-market messaging.

    Activity: Conduct a SWOT analysis

    2.2.1 30 minutes

    Input

    • CXM strengths, weaknesses, opportunities, and threats

    Output

    • Completed SWOT analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Identify your current strengths and weaknesses in managing the customer experience. Consider marketing, sales, and customer service aspects of the CX.
    2. Identify any opportunities to take advantage of and threats to mitigate.

    Example: SWOT Analysis

    Strengths

    • Strong customer service model via telephony

    Weaknesses

    • Customer service inaccessible in real-time through website or mobile application

    Opportunities

    • Leverage customer intelligence to measure ongoing customer satisfaction

    Threats

    • Lack of understanding of customer interaction platforms by staff could hinder adoption

    Activity: Translate your SWOT analysis into a list of requirements to be addressed

    2.2.2 30 minutes

    Input

    • SWOT Analysis conducted in Activity 2.2.1.

    Output

    • Strategic CXM requirements
    • CXM Stakeholder Presentation Template

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    For each SWOT quadrant:

    1. Document the point and relate it to a goal.
    2. For each point, identify CXM requirements.
    3. Sort goals and requirements to eliminate duplicates.
    4. Document your outputs in the CXM Stakeholder Presentation Template.

    Example: Parsing Requirements from SWOT Analysis

    Weakness: Customer service inaccessible in real-time through website or mobile application.

    Goal: Increase the ubiquity of access to customer service knowledgebase and agents through a web portal or mobile application.

    Strategic Requirement: Provide a live chat portal that matches the customer with the next available and qualified agent.

    Inventory your current CXM application portfolio

    Applications are the bedrock of technology enablement for CXM. Review your current application portfolio to identify what is working well and what isn’t.

    Understand Your CXM Application Portfolio With a Four-Step Approach

    Build the CXM Application Inventory →Assess Usage and Satisfaction →Map to Business Processes and Determine Dependencies →Determine Grow/Maintain/ Retire for Each Application

    When assessing the CXM applications portfolio, do not cast your net too narrowly; while CRM and MMS applications are often top of mind, applications for digital asset management and social media management are also instrumental for ensuring a well-integrated CX.

    Identify dependencies (either technical or licensing) between applications. This dependency tracing will come into play when deciding which applications should be grown (invested in), which applications should be maintained (held static), and which applications should be retired (divested).

    Info-Tech Insight

    Shadow IT is prominent here! When building your application inventory, ensure you involve Marketing, Sales, and Service to identify any “unofficial” SaaS applications that are being used for CXM. Many organizations fail to take a systematic view of their CXM application portfolio beyond maintaining a rough inventory. To assess the current state of alignment, you must build the application inventory and assess satisfaction metrics.

    Understand which of your organization’s existing enterprise applications enable CXM

    Review the major enterprise applications in your organization that enable CXM and align your requirements to these applications (net-new or existing). Identify points of integration to capture the big picture.

    The image shows a graphic titled Example: Integration of CRM, SMMP, and ERP. It is a flow chart, with icons defined by a legend on the right side of the image

    Info-Tech Insight

    When assessing the current application portfolio that supports CXM, the tendency will be to focus on the applications under the CXM umbrella, relating mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, CRM or similar applications. Examples of these systems are ERP systems, ECM (e.g. SharePoint) applications, and more.

    Assess CXM application usage and satisfaction

    Having a portfolio but no contextual data will not give you a full understanding of the current state. The next step is to thoroughly assess usage patterns as well as IT, management, and end-user satisfaction with each application.

    Example: Application Usage & Satisfaction Assessment

    Application Name Level of Usage IT Satisfaction Management Satisfaction End-User Satisfaction Potential Business Impact
    CRM (e.g. Salesforce) Medium High Medium Medium High
    CRM (e.g. Salesforce) Low Medium Medium High Medium
    ... ... ... ... ... ...

    Info-Tech Insight

    When evaluating satisfaction with any application, be sure to consult all stakeholders who come into contact with the application or depend on its output. Consider criteria such as ease of use, completeness of information, operational efficiency, data accuracy, etc.

    Use Info-Tech’s Application Portfolio Assessment to gather end-user feedback on existing CXM applications

    2.2.3 Application Portfolio Assessment: End-User Feedback

    Info-Tech’s Application Portfolio Assessment: End-User Feedback diagnostic is a low-effort, high-impact program that will give you detailed report cards on end-user satisfaction with an application. Use these insights to identify problems, develop action plans for improvement, and determine key participants.

    Application Portfolio Assessment: End-User Feedback is an 18-question survey that provides valuable insights on user satisfaction with an application by:

    • Performing a general assessment of the application portfolio that provides a full view of the effectiveness, criticality, and prevalence of all relevant applications.
    • Measuring individual application performance with open-ended user feedback surveys about the application, organized by department to simplify problem resolution.
    • Providing targeted department feedback to identify end-user satisfaction and focus improvements on the right group or line of business.

    INFO-TECH DIAGNOSTIC

    Activity: Inventory your CXM applications, and assess application usage and satisfaction

    2.2.4 1 hour

    Input

    • List of CXM applications

    Output

    • Complete inventory of CXM applications
    • CXM Stakeholder Presentation Template

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. List all existing applications that support the creation, management, and delivery of your customer experience.
    2. Identify which processes each application supports (e.g. content deployment, analytics, service delivery, etc.).
    3. Identify technical or licensing dependencies (e.g. data models).
    4. Assess the level of application usage by IT, management, and internal users (high/medium/low).
    5. Assess the satisfaction with and performance of each application according to IT, management, and internal users (high/medium/low). Use the Info-Tech Diagnostic to assist.

    Example: CXM Application Inventory

    Application Name Deployed Date Processes Supported Technical and Licensing Dependencies
    Salesforce June 2018 Customer relationship management XXX
    Hootsuite April 2019 Social media listening XXX
    ... ... ... ...

    Conduct a VRIO analysis to identify core competencies for CXM applications

    A VRIO analysis evaluates the ability of internal resources and capabilities to sustain a competitive advantage by evaluating dimensions of value, rarity, imitability, and organization. For critical applications like your CRM platform, use a VRIO analysis to determine their value.

    Is the resource or capability valuable in exploiting an opportunity or neutralizing a threat? Is the resource or capability rare in the sense that few of your competitors have a similar capability? Is the resource or capability costly to imitate or replicate? Is the organization organized enough to leverage and capture value from the resource or capability?
    NO COMPETITIVE DISADVANTAGE
    YES NO→ COMPETITIVE EQUALITY/PARITY
    YES YES NO→ TEMPORARY COMPETITIVE ADVANTAGE
    YES YES YES NO→ UNUSED COMPETITIVE ADVANTAGE
    YES YES YES YES LONG-TERM COMPETITIVE ADVANTAGE

    (Strategic Management Insight, 2013)

    Activity: Conduct a VRIO analysis on your existing application portfolio

    2.2.5 30 minutes

    Input

    • Inventory of existing CXM applications (output of Activity 2.2.4)

    Output

    • Completed VRIO analysis
    • Strategic CXM requirements
    • CXM Stakeholder Presentation Template

    Materials

    • VRIO Analysis model
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Evaluate each CXM application inventoried in Activity 2.2.4 by answering the four VRIO questions in sequential order. Do not proceed to the following question if “no” is answered at any point.
    2. Record the results. The state of your organization’s competitive advantage, based on each resource/capability, will be determined based on the number of questions with a “yes” answer. For example, if all four questions are answered positively, then your organization is considered to have a long-term competitive advantage.
    3. Document your outputs in the CXM Stakeholder Presentation Template.

    If you want additional support, have our analysts guide your through this phase as part of an Info-Tech workshop

    2.2.1; 2.2.2 Conduct a SWOT Analysis

    Our facilitator will use a small-team approach to delve deeply into each area, identifying enablers (strengths and opportunities) and challenges (weaknesses and threats) relating to the CXM strategy.

    2.2.3; 2.2.4 Inventory your CXM applications, and assess usage and satisfaction

    Working with your core team, the facilitator will assist with building a comprehensive inventory of CXM applications that are currently in use and with identifying adjacent systems that need to be identified for integration purposes. The facilitator will work to identify high and low performing applications and analyze this data with the team during the workshop exercise.

    2.2.5 Conduct a VRIO analysis

    The facilitator will take you through a VRIO analysis to identify which of your internal technological competencies ensure, or can be leveraged to ensure, your competitiveness in the CXM market.

    Step 2.3: Create an Application Portfolio

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities

    • Shortlist and prioritize business processes for improvement and reengineering
    • Map current CXM processes
    • Identify business process owners and assign job responsibilities
    • Identify user interaction channels to extract strategic requirements
    • Aggregate and develop strategic requirements
    • Determine gaps in current and future state processes
    • Build the CXM application portfolio

    Outcomes

    CXM application portfolio map

    • Shortlist of relevant business processes
    • Current state map
    • Business process ownership assignment
    • Channel map
    • Complete list of strategic requirements

    Understand business process mapping to draft strategy requirements for marketing, sales, and customer service

    The interaction between sales, marketing, and customer service is very process-centric. Rethink sales and customer-centric workflows and map the desired workflow, imbedding the improved/reengineered process into the requirements.

    Using BPM to Capture Strategic Requirements

    Business process modeling facilitates the collaboration between the business and IT, recording the sequence of events, tasks performed, who performed them, and the levels of interaction with the various supporting applications.

    By identifying the events and decision points in the process and overlaying the people that perform the functions, the data being interacted with, and the technologies that support them, organizations are better positioned to identify gaps that need to be bridged.

    Encourage the analysis by compiling an inventory of business processes that support customer-facing operations that are relevant to achieving the overall organizational strategies.

    Outcomes

    • Operational effectiveness
    • Identification, implementation, and maintenance of reusable enterprise applications
    • Identification of gaps that can be addressed by acquisition of additional applications or process improvement/ reengineering

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Create a Comprehensive BPM Strategy for Successful Process Automation blueprint for further assistance in taking a BPM approach to your sales-IT alignment.

    Leverage the APQC framework to help define your inventory of sales, marketing, and service processes

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    OPERATING PROCESSES
    1.0 Develop Vision and Strategy 2.0 Develop and Manage Products and Services 3.0 Market and Sell Products and Services 4.0 Deliver Products and Services 5.0 Manage Customer Service
    MANAGEMENT AND SUPPORT SERVICES
    6.0 Develop and Manage Human Capital
    7.0 Manage Information Technology
    8.0 Manage Financial Resources
    9.0 Acquire, Construct, and Manage Assets
    10.0 Manage Enterprise Risk, Compliance, and Resiliency
    11.0 Manage External Relationships
    12.0 Develop and Manage Business Capabilities

    (APQC, 2011)

    MORE ABOUT APQC

    • APQC serves as a high-level, industry-neutral enterprise model that allows organizations to see activities from a cross-industry process perspective.
    • Sales processes have been provided up to Level 3 of the APQC framework.
    • The APQC Framework can be accessed through APQC’s Process Classification Framework.
    • Note: The framework does not list all processes within a specific organization, nor are the processes that are listed in the framework present in every organization.

    Understand APQC’s “Market and Sell Products and Services” framework

    3.0 Market and Sell Products

    3.1 Understand markets, customers, and capabilities

    • 3.1.1 Perform customer and market intelligence analysis
    • 3.1.2 Evaluate and prioritize market opportunities

    3.2 Develop marketing strategy

    • 3.2.1 Define offering and customer value proposition
    • 3.2.2 Define pricing strategy to align to value proposition
    • 3.2.3 Define and manage channel strategy

    3.3 Develop sales strategy

    • 3.3.1 Develop sales forecast
    • 3.3.2 Develop sales partner/alliance relationships
    • 3.3.3 Establish overall sales budgets
    • 3.3.4 Establish sales goals and measures
    • 3.3.5 Establish customer management measures

    3.4 Develop and manage marketing plans

    • 3.4.1 Establish goals, objectives, and metrics by products by channels/segments
    • 3.4.2 Establish marketing budgets
    • 3.4.3 Develop and manage media
    • 3.4.4 Develop and manage pricing
    • 3.4.5 Develop and manage promotional activities
    • 3.4.6 Track customer management measures
    • 3.4.7 Develop and manage packaging strategy

    3.5 Develop and manage sales plans

    • 3.5.1 Generate leads
    • 3.5.2 Manage customers and accounts
    • 3.5.3 Manage customer sales
    • 3.5.4 Manage sales orders
    • 3.5.5 Manage sales force
    • 3.5.6 Manage sales partners and alliances

    Understand APQC’s “Manage Customer Service” framework

    5.0 Manage Customer Service

    5.1 Develop customer care/customer service strategy

    • 5.1.1 Develop customer service segmentation
      • 5.1.1.1 Analyze existing customers
      • 5.1.1.2 Analyze feedback of customer needs
    • 5.1.2 Define customer service policies and procedures
    • 5.1.3 Establish service levels for customers

    5.2 Plan and manage customer service operations

    • 5.2.1 Plan and manage customer service work force
      • 5.2.1.1 Forecast volume of customer service contacts
      • 5.2.1.2 Schedule customer service work force
      • 5.2.1.3 Track work force utilization
      • 5.2.1.4 Monitor and evaluate quality of customer interactions with customer service representatives

    5.2 Plan and 5.2.3.1 Receive customer complaints 5.2.3.2 Route customer complaints 5.2.3.3 Resolve customer complaints 5.2.3.4 Respond to customer complaints manage customer service operations

    • 5.2.2 Manage customer service requests/inquiries
      • 5.2.2.1 Receive customer requests/inquiries
      • 5.2.2.2 Route customer requests/inquiries
      • 5.2.2.3 Respond to customer requests/inquiries
    • 5.2.3 Manage customer complaints
      • 5.2.3.1 Receive customer complaints
      • 5.2.3.2 Route customer complaints
      • 5.2.3.3 Resolve customer complaints
      • 5.2.3.4 Respond to customer complaints

    Leverage the APQC framework to inventory processes

    The APQC framework provides levels 1 through 3 for the “Market and Sell Products and Services” framework. Level 4 processes and beyond will need to be defined by your organization as they are more granular (represent the task level) and are often industry-specific.

    Level 1 – Category - 1.0 Develop vision and strategy (10002)

    Represents the highest level of process in the enterprise, such as manage customer service, supply chain, financial organization, and human resources.

    Level 2 – Process Group - 1.1 Define the business concept and long-term vision (10014)

    Indicates the next level of processes and represents a group of processes. Examples include perform after sales repairs, procurement, accounts payable, recruit/source, and develop sales strategy.

    Level 3 – Process - 1.1.1 Assess the external environment (10017)

    A series of interrelated activities that convert input into results (outputs); processes consume resources and require standards for repeatable performance; and processes respond to control systems that direct quality, rate, and cost of performance.

    Level 4 – Activity - 1.1.1.1 Analyze and evaluate competition (10021)

    Indicates key events performed when executing a process. Examples of activities include receive customer requests, resolve customer complaints, and negotiate purchasing contracts.

    Level 5 – Task - 12.2.3.1.1 Identify project requirements and objectives (11117)

    Tasks represent the next level of hierarchical decomposition after activities. Tasks are generally much more fine grained and may vary widely across industries. Examples include create business case and obtain funding, and design recognition and reward approaches.

    Info-Tech Insight

    Define the Level 3 processes in the context of your organization. When creating a CXM strategy, concern yourself with the interrelatedness of processes across existing departmental silos (e.g. marketing, sales, customer service). Reserve the analysis of activities (Level 4) and tasks (Level 3) for granular work initiatives involved in the implementation of applications.

    Use Info-Tech’s CXM Business Process Shortlisting Tool to prioritize processes for improvement

    2.3.1 CXM Business Process Shortlisting Tool

    The CXM Business Process Shortlisting Tool can help you define which marketing, sales, and service processes you should focus on.

    Working in concert with stakeholders from the appropriate departments, complete the short questionnaire.

    Based on validated responses, the tool will highlight processes of strategic importance to your organization.

    These processes can then be mapped, with requirements extracted and used to build the CXM application portfolio.

    INFO-TECH DELIVERABLE

    The image shows a screenshot of the Prioritize Your Business Processes for Customer Experience Management document, with sample information filled in.

    Activity: Define your organization’s top-level processes for reengineering and improvement

    2.3.2 1 hour

    Input

    • Shortlist business processes relating to customer experience (output of Tool 2.3.1)

    Output

    • Prioritized list of top-level business processes by department

    Materials

    • APQC Framework
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory all business processes relating to customer experience.
    2. Customize the impacted business units and factor weightings on the scorecard below to reflect the structure and priorities of your organization.
    3. Using the scorecard, identify all processes essential to your customer experience. The scorecard is designed to determine which processes to focus on and to help you understand the impact of the scrutinized process on the different customer-centric groups across the organization.

    The image shows a chart with the headings Factor, Check If Yes, repeated. The chart lists various factors, and the Check if Yes columns are left blank.

    This image shows a chart with the headings Factor, Weights, and Scores. It lists factors, and the rest of the chart is blank.

    Current legend for Weights and Scores

    F – Finance

    H – Human Resources

    I – IT

    L – Legal

    M – Marketing

    BU1 – Business Unit 1

    BU2 – Business Unit 2

    Activity: Map top-level business processes to extract strategic requirements for the CXM application portfolio

    2.3.3 45 minutes

    Input

    • Prioritized list of top-level business processes (output of Activity 2.3.2)

    Output

    • Current state process maps
    • CXM Strategy Stakeholder Presentation

    Materials

    • APQC Framework
    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Project Team

    Instructions

    1. List all prioritized business processes, as identified in Activity 2.3.2. Map your processes in enough detail to capture all relevant activities and system touchpoints, using the legend included in the example. Focus on Level 3 processes, as explained in the APQC framework.
    2. Record all of the major process steps on sticky notes. Arrange the sticky notes in sequential order.
    3. On a set of different colored sticky notes, record all of the systems that enable the process. Map these system touchpoints to the process steps.
    4. Draw arrows in between the steps to represent manual entry or automation.
    5. Identify effectiveness and gaps in existing processes to determine process technology requirements.
    6. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Create a Comprehensive BPM Strategy for Successful Process Automation blueprint for further assistance in taking a BPM approach to your sales-IT alignment.

    Info-Tech Insight

    Analysis of the current state is important in the context of gap analysis. It aids in understanding the discrepancies between your baseline and the future state vision, and ensures that these gaps are documented as part of the overall requirements.

    Example: map your current CXM processes to parse strategic requirements (customer acquisition)

    The image shows an example of a CXM process map, which is formatted as a flow chart, with a legend at the bottom.

    Activity: Extract requirements from your top-level business processes

    2.3.4 30 minutes

    Input

    • Current state process maps (output of Activity 2.3.3)

    Output

    • Requirements for future state mapping

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Discuss the current state of priority business processes, as mapped in Activity 2.3.3.
    2. Extract process requirements for business process improvement by asking the following questions:
    • What is the input?
    • What is the output?
    • What are the underlying risks and how can they be mitigated?
    • What conditions should be met to mitigate or eliminate each risk?
    • What are the improvement opportunities?
    • What conditions should be met to enable these opportunities?
    1. Break business requirements into functional and non-functional requirements, as outlined on this slide.

    Info-Tech Insight

    The business and IT should work together to evaluate the current state of business processes and the business requirements necessary to support these processes. Develop a full view of organizational needs while still obtaining the level of detail required to make informed decisions about technology.

    Establish process owners for each top-level process

    Identify the owners of the business processes being evaluated to extract requirements. Process owners will be able to inform business process improvement and assume accountability for reengineered or net-new processes going forward.

    Process Owner Responsibilities

    Process ownership ensures support, accountability, and governance for CXM and its supporting processes. Process owners must be able to negotiate with business users and other key stakeholders to drive efficiencies within their own process. The process owner must execute tactical process changes and continually optimize the process.

    Responsibilities include the following:

    • Inform business process improvement
    • Introduce KPIs and metrics
    • Monitor the success of the process
    • Present process findings to key stakeholders within the organization
    • Develop policies and procedures for the process
    • Implement new methods to manage the process

    Info-Tech Insight

    Identify the owners of existing processes early so you understand who needs to be involved in process improvement and reengineering. Once implemented, CXM applications are likely to undergo a series of changes. Unstructured data will multiply, the number of users may increase, administrators may change, and functionality could become obsolete. Should business processes be merged or drastically changed, process ownership can be reallocated during CXM implementation. Make sure you have the right roles in place to avoid inefficient processes and poor data quality.

    Use Info-Tech’s Process Owner Assignment Guide to aid you in choosing the right candidates

    2.3.5 Process Owner Assignment Guide

    The Process Owner Assignment Guide will ensure you are taking the appropriate steps to identify process owners for existing and net-new processes created within the scope of the CXM strategy.

    The steps in the document will help with important considerations such as key requirements and responsibilities.

    Sections of the document:

    1. Define responsibilities and level of commitment
    2. Define job requirements
    3. Receive referrals
    4. Hold formal interviews
    5. Determine performance metrics

    INFO-TECH DELIVERABLE

    Activity: Assign business process owners and identify job responsibilities

    2.3.6 30 minutes

    Input

    • Current state map (output of Activity 2.3.3)

    Output

    • Process owners assigned
    • CXM Strategy Stakeholder Presentation

    Materials

    Participants

    • Project Team

    Instructions

    1. Using Info-Tech’s Process Owner Assignment Guide, assign process owners for each process mapped out in Activity 2.3.3. To assist in doing so, answer the following questions
    • What is the level of commitment expected from each process owner?
    • How will the process owner role be tied to a formal performance appraisal?
    • What metrics can be assigned?
    • How much work will be required to train process owners?
    • Is there support staff available to assist process owners?
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Choose the channels that will make your target customers happy – and ensure they’re supported by CXM applications

    Traditional Channels

    Face-to-Face is efficient and has a positive personalized aspect that many customers desire, be it for sales or customer service.

    Telephony (or IVR) has been a mainstay of customer interaction for decades. While not fading, it must be used alongside newer channels.

    Postal used to be employed extensively for all domains, but is now used predominantly for e-commerce order fulfillment.

    Web 1.0 Channels

    Email is an asynchronous interaction channel still preferred by many customers. Email gives organizations flexibility with queuing.

    Live Chat is a way for clients to avoid long call center wait times and receive a solution from a quick chat with a service rep.

    Web Portals permit transactions for sales and customer service from a central interface. They are a must-have for any large company.

    Web 2.0 Channels

    Social Media consists of many individual services (like Facebook or Twitter). Social channels are exploding in consumer popularity.

    HTML5 Mobile Access allows customers to access resources from their personal device through its integrated web browser.

    Dedicated Mobile Apps allow customers to access resources through a dedicated mobile application (e.g. iOS, Android).

    Info-Tech Insight

    Your channel selections should be driven by customer personas and scenarios. For example, social media may be extensively employed by some persona types (i.e. Millennials) but see limited adoption in other demographics or use cases (i.e. B2B).

    Activity: Extract requirements from your channel map

    2.3.7 30 minutes

    Input

    • Current state process maps (output of Activity 2.3.3)

    Output

    • Channel map
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory which customer channels are currently used by each department.
    2. Speak with the department heads for Marketing, Sales, and Customer Service and discuss future channel usage. Identify any channels that will be eliminated or added.
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Business Unit Channel Use Survey

    Marketing Sales Customer Service
    Current Used? Future Use? Current Used? Future Use? Current Used? Future Use?
    Email Yes Yes No No No No
    Direct Mail Yes No No No No No
    Phone No No Yes Yes Yes Yes
    In-Person No No Yes Yes Yes No
    Website Yes Yes Yes Yes Yes Yes
    Social Channels No Yes Yes Yes No Yes

    Bring it together: amalgamate your strategic requirements for CXM technology enablement

    Discovering your organizational requirements is vital for choosing the right business-enabling initiative, technology, and success metrics. Sorting the requirements by marketing, sales, and service is a prudent mechanism for clarification.

    Strategic Requirements: Marketing

    Definition: High-level requirements that will support marketing functions within CXM.

    Examples

    • Develop a native mobile application while also ensuring that resources for your web presence are built with responsive design interface.
    • Consolidate workflows related to content creation to publish all brand marketing from one source of truth.
    • Augment traditional web content delivery by providing additional functionality such as omnichannel engagement, e-commerce, dynamic personalization, and social media functionality.

    Strategic Requirements: Sales

    Definition: High-level requirements that will support sales functions within CXM.

    Examples

    • Implement a system that reduces data errors and increases sales force efficiency by automating lead management workflows.
    • Achieve end-to-end visibility of the sales process by integrating the CRM, inventory, and order processing and shipping system.
    • Track sales force success by incorporating sales KPIs with real-time business intelligence feeds.

    Strategic Requirements: Customer Service

    Definition: High-level requirements that will support customer service functions within CXM.

    Examples

    • Provide a live chat portal that connects the customer, in real time, with the next available and qualified agent.
    • Bridge the gap between the source of truth for sales with customer service suites to ensure a consistent, end-to-end customer experience from acquisition to customer engagement and retention.
    • Use customer intelligence to track customer journeys in order to best understand and resolve customer complaints.

    Activity: Consolidate your strategic requirements for the CXM application portfolio

    2.3.8 30 minutes

    Input

    • Strategic CXM requirements (outputs of Activities 2.1.5, 2.1.6, and 2.2.2)

    Output

    • Aggregated strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Aggregate strategic CXM requirements that have been gathered thus far in Activities 2.1.5, 2.1.6, and 2.2.2, 2.3.5, and 2.3.7.
    2. Identify and rectify any obvious gaps in the existing set of strategic CXM requirements. To do so, consider the overall corporate and CXM strategy: are there any objectives that have not been addressed in the requirements gathering process?
    3. De-duplicate the list. Prioritize the aggregated/augmented list of CXM requirements as “high/critical,” “medium/important,” or “low/desirable.” This will help manage the relative importance and urgency of different requirements to itemize respective initiatives, resources, and the time in which they need to be addressed. In completing the prioritization of requirements, consider the following:
    • Requirements prioritization must be completed in collaboration with all key stakeholders (across the business and IT). Stakeholders must ask themselves:
      • What are the consequences to the business objectives if this requirement is omitted?
      • Is there an existing system or manual process/workaround that could compensate for it?
      • What business risk is being introduced if a particular requirement cannot be implemented right away?
  • Document your outputs in the CXM Strategic Stakeholder Presentation Template.
  • Info-Tech Insight

    Strategic CXM requirements will be used to prioritize specific initiatives for CXM technology enablement and application rollout. Ensure that IT, the business, and executive management are all aligned on a consistent and agreed upon set of initiatives.

    Burberry digitizes the retail CX with real-time computing to bring consumers back to the physical storefront

    CASE STUDY

    Industry Consumer Goods, Clothing

    Source Retail Congress, 2017

    Burberry London

    Situation

    Internally, Burberry invested in organizational alignment and sales force brand engagement. The more the sales associate knew about the brand engagement and technology-enabled strategy, the better the store’s performance. Before the efforts went to building relationships with customers, Burberry built engagement with employees.

    Burberry embraced “omnichannel,” the hottest buzzword in retailing to provide consumers the most immersive and intuitive brand experience within the store.

    Technology Strategy

    RFID tags were attached to products to trigger interactive videos on the store’s screens in the common areas or in a fitting room. Consumers are to have instant access to relevant product combinations, ranging from craftsmanship information to catwalk looks. This is equivalent to the rich, immediate information consumers have grown to expect from the online shopping experience.

    Another layer of Burberry’s added capabilities includes in-memory-based analytics to gather and analyze data in real-time to better understand customers’ desires. Burberry builds customer profiles based on what items the shoppers try on from the RFID-tagged garments. Although this requires customer privacy consent, customers are willing to provide personal information to trusted brands.

    This program, called “Customer 360,” assisted sales associates in providing data-driven shopping experiences that invite customers to digitally share their buying history and preferences via their tablet devices. As the data is stored in Burberry’s customer data warehouse and accessed through an application such as CRM, it is able to arm sales associates with personal fashion advice on the spot.

    Lastly, the customer data warehouse/CRM application is linked to Burberry’s ERP system and other custom applications in a cloud environment to achieve real-time inventory visibility and fulfillment.

    Burberry digitizes the retail CX with real-time computing to bring consumers back to the physical storefront (cont'd)

    CASE STUDY

    Industry Consumer Goods, Clothing

    Source Retail Congress, 2017

    Burberry London

    Situation

    Internally, Burberry invested in organizational alignment and sales force brand engagement. The more the sales associate knew about the brand engagement and technology-enabled strategy, the better the store’s performance. Before the efforts went to building relationships with customers, Burberry built engagement with employees.

    Burberry embraced “omnichannel,” the hottest buzzword in retailing to provide consumers the most immersive and intuitive brand experience within the store.

    The Results

    Burberry achieved one of the most personalized retail shopping experiences. Immediate personal fashion advice using customer data is only one component of the experience. Not only are historic purchases and preference data analyzed, a customer’s social media posts and fashion industry trend data is proactively incorporated into the interactions between the sales associate and the customer.

    Burberry achieved CEO Angela Ahrendts’ vision of “Burberry World,” in which the brand experience is seamlessly integrated across channels, devices, retail locations, products, and services.

    The organizational alignment between Sales, Marketing, and IT empowered employees to bring the Burberry brand to life in unique ways that customers appreciated and were willing to advocate.

    Burberry is now one of the most beloved and valuable luxury brands in the world. The brand tripled sales in five years, became one of the leading voices on trends, fashion, music, and beauty while redefining what top-tier customer experience should be both digitally and physically.

    Leverage both core CRM suites and point solutions to create a comprehensive CXM application portfolio

    The debate between best-of-breed point solutions versus comprehensive CRM suites is ongoing. There is no single best answer. In most cases, an effective portfolio will include both types of solutions.

    • When the CRM market first evolved, vendors took a heavy “module-centric” approach – offering basic suites with the option to add a number of individual modules. Over time, vendors began to offer suites with a high degree of out-of-the-box functionality. The market has now witnessed the rise of powerful point solutions for the individual business domains.
    • Point solutions augment, rather than supplant, the functionality of a CRM suite in the mid-market to large enterprise context. Point solutions do not offer the necessary spectrum of functionality to take the place of a unified CRM suite.
    • Point solutions enhance aspects of CRM. For example, most CRM vendors have yet to provide truly impressive social media capabilities. An organization seeking to dominate the social space should consider purchasing a social media management platform to address this deficit in their CRM ecosystem.

    Customer Relationship Management (CRM)

    Social Media Management Platform (SMMP)

    Field Sales/Service Automation (FSA)

    Marketing Management Suites

    Sales Force Automation

    Email Marketing Tools

    Lead Management Automation (LMA)

    Customer Service Management Suites

    Customer Intelligence Systems

    Don’t adopt multiple point solutions without a genuine need: choose domains most in need of more functionality

    Some may find that the capabilities of a CRM suite are not enough to meet their specific requirements: supplementing a CRM suite with a targeted point solution can get the job done. A variety of CXM point solutions are designed to enhance your business processes and improve productivity.

    Sales

    Sales Force Automation: Automatically generates, qualifies, tracks, and contacts leads for sales representatives, minimizing time wasted on administrative duties.

    Field Sales: Allows field reps to go through the entire sales cycle (from quote to invoice) while offsite.

    Sales Compensation Management: Models, analyzes, and dispenses payouts to sales representatives.

    Marketing

    Social Media Management Platforms (SMMP): Manage and track multiple social media services, with extensive social data analysis and insight capabilities.

    Email Marketing Bureaus: Conduct email marketing campaigns and mine results to effectively target customers.

    Marketing Intelligence Systems: Perform in-depth searches on various data sources to create predictive models.

    Service

    Customer Service Management (CSM): Manages the customer support lifecycle with a comprehensive array of tools, usually above and beyond what’s in a CRM suite.

    Customer Service Knowledge Management (CSKM): Advanced knowledgebase and resolution tools.

    Field Service Automation (FSA): Manages customer support tickets, schedules work orders, tracks inventory and fleets, all on the go.

    Info-Tech Insight

    CRM and point solution integration is critical. A best-of-breed product that poorly integrates with your CRM suite compromises the value generated by the combined solution, such as a 360-degree customer view. Challenge point solution vendors to demonstrate integration capabilities with CRM packages.

    Refer to your use cases to decide whether to add a dedicated point solution alongside your CRM suite

    Know your end state and what kind of tool will get you there. Refer to your strategic requirements to evaluate CRM and point solution feature sets.

    Standalone CRM Suite

    Sales Conditions: Need selling and lead management capabilities for agents to perform the sales process, along with sales dashboards and statistics.

    Marketing or Communication Conditions: Need basic campaign management and ability to refresh contact records with information from social networks.

    Member Service Conditions: Need to keep basic customer records with multiple fields per record and basic channels such as email and telephony.

    Add a Best-of-Breed or Point Solution

    Environmental Conditions: An extensive customer base with many different interactions per customer along with industry specific or “niche” needs. Point solutions will benefit firms with deep needs in specific feature areas (e.g. social media or field service).

    Sales Conditions: Lengthy sales process and account management requirements for assessing and managing opportunities – in a technically complex sales process.

    Marketing Conditions: Need social media functionality for monitoring and social property management.

    Customer Service Conditions: Need complex multi-channel service processes and/or need for best-of-breed knowledgebase and service content management.

    Info-Tech Insight

    The volume and complexity of both customers and interactions have a direct effect on when to employ just a CRM suite and when to supplement with a point solution. Check to see if your CRM suite can perform a specific business requirement before deciding to evaluate potential point solutions.

    Use Info-Tech’s CXM Portfolio Designer to create an inventory of high-value customer interaction applications

    2.3.9 CXM Portfolio Designer

    The CXM Portfolio Designer features a set of questions geared toward understanding your needs for marketing, sales, and customer service enablement.

    These results are scored and used to suggest a comprehensive solution-level set of enterprise applications for CXM that can drive your application portfolio and help you make investment decisions in different areas such as CRM, marketing management, and customer intelligence.

    Sections of the tool:

    1. Introduction
    2. Customer Experience Management Questionnaire
    3. Business Unit Recommendations
    4. Enterprise-Level Recommendations

    INFO-TECH DELIVERABLE

    Understand the art of the possible and how emerging trends will affect your application portfolio (1)

    Cloud

    • The emergence and maturation of cloud technologies has broken down the barriers of software adoption.
    • Cloud has enabled easy-to-implement distributed sales centers for enterprises with global or highly fragmented workforces.
    • Cloud offers the agility, scalability, and flexibility needed to accommodate dynamic, evolving customer requirements while minimizing resourcing strain on IT and sales organizations.
    • It is now easier for small to medium enterprises to acquire and implement advanced sales capabilities to compete against larger competitors in a business environment where the need for business agility is key.
    • Although cost and resource reduction is a prominent view of the impact of cloud computing, it is also seen as an agile way to innovate and deliver a product/service experience that customers are looking for – the key to competitive differentiation.

    Mobile

    • Smartphones and other mobile devices were adopted faster than the worldwide web in the late 1990s, and the business and sales implications of widespread adoption cannot be ignored – mobile is changing how businesses operate.
      • Accenture’s Mobility Research Report states that 87% of companies in the study have been guided by a formal mobility strategy – either one that spans the enterprise or for specific business functions.
    • Mobile is now the first point of interaction with businesses. With this trend, gaining visibility into customer insights with mobile analytics is a top priority for organizations.
    • Enterprises need to develop and optimize mobile experiences for internal salespeople and customers alike as part of their sales strategy – use mobile to enable a competitive, differentiated sales force.
    • The use of mobile platforms by sales managers is becoming a norm. Sales enablement suites should support real-time performance metrics on mobile dashboards.

    Understand the art of the possible and how emerging trends will affect your application portfolio (2)

    Social

    • The rise of social networking brought customers together. Customers are now conversing with each other over a wide range of community channels that businesses neither own nor control.
      • The Power Shift: The use of social channels empowered customers to engage in real-time, unstructured conversations for the purpose of product/service evaluations. Those who are active in social environments come to wield considerable influence over the buying decisions of other prospects and customers.
    • Organizations need to identify the influencers and strategically engage them as well as developing an active presence in social communities that lead to sales.
    • Social media does have an impact on sales, both B2C and B2B. A study conducted in 2012 by Social Centered Selling states that 72.6% of sales people using social media as part of their sales process outperformed their peers and exceeded their quota 23% more often (see charts at right).

    The image shows two bar graphs, the one on top titled Achieving Quota: 2010-2012 and the one below titled Exceeding Quota: 2010-2012.

    (Social Centered Learning, n.d.)

    Understand the art of the possible and how emerging trends will affect your application portfolio (3)

    Internet of Things

    • Definition: The Internet of Things (IoT) is the network of physical objects accessed through the internet. These objects contain embedded technology to interact with internal states or the external environment.
    • Why is this interesting?
      • IoT will make it possible for everybody and everything to be connected at all times, processing information in real time. The result will be new ways of making business and sales decisions supported by the availability of information.
      • With ubiquitous connectivity, the current product design-centric view of consumers is changing to one of experience design that aims to characterize the customer relationship with a series of integrated interaction touchpoints.
      • The above change contributes to the shift in focus from experience and will mean further acceleration of the convergence of customer-centric business functions. IoT will blur the lines between marketing, sales, and customer service.
      • Products or systems linked to products are capable of self-operating, learning, updating, and correcting by analyzing real-time data.
      • Take for example, an inventory scale in a large warehouse connected to the company’s supply chain management (SCM) system. When a certain inventory weight threshold is reached due to outgoing shipments, the scale automatically sends out a purchase requisition to restock inventory levels to meet upcoming demand.
    • The IoT will eventually begin to transform existing business processes and force organizations to fundamentally rethink how they produce, operate, and service their customers.

    The image shows a graphic titled The Connected Life by 2020, and shows a number of statistics on use of connected devices over time.

    For categories covered by existing applications, determine the disposition for each app: grow it or cut it loose

    Use the two-by-two matrix below to structure your optimal CXM application portfolio. For more help, refer to Info-Tech’s blueprint, Use Agile Application Rationalization Instead of Going Big Bang.

    1

    0

    Richness of Functionality

    INTEGRATE RETAIN
    1
    REPLACE REPLACE OR ENHANCE

    0

    Degree of Integration

    Integrate: The application is functionally rich, so spend time and effort integrating it with other modules by building or enhancing interfaces.

    Retain: The application satisfies both functionality and integration requirements, so it should be considered for retention.

    Replace/Enhance: The module offers poor functionality but is well integrated with other modules. If enhancing for functionality is easy (e.g. through configuration or custom development), consider enhancement or replace it.

    Replace: The application neither offers the functionality sought nor is it integrated with other modules, and thus should be considered for replacement.

    Activity: Brainstorm the art of the possible, and build and finalize the CXM application portfolio

    2.3.10 1-2 hours

    Input

    • Process gaps identified (output of Activity 2.3.9)

    Output

    • CXM application portfolio
    • CXM Strategy Stakeholder Presentation

    Materials

    Participants

    • Project Team

    Instructions

    1. Review the complete list of strategic requirements identified in the preceding exercises, as well as business process maps.
    2. Identify which application would link to which process (e.g. customer acquisition, customer service resolution, etc.).
    3. Use Info-Tech’s CXM Portfolio Designer to create an inventory of high-value customer interaction applications.
    4. Define rationalization and investment areas.
    5. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Brainstorming the Art of the Possible

    Application Gap Satisfied Related Process Number of Linked Requirements Do we have the system? Priority
    LMA
    • Lead Generation
    • Social Lead Management
    • CRM Integration
    Sales 8 No Business Critical
    Customer Intelligence
    • Web Analytics
    • Customer Journey Tracking
    Customer Service 6 Yes Business Enabling
    ... ... ... ... ... ...

    Use Info-Tech’s comprehensive reports to make granular vendor selection decisions

    Now that you have developed the CXM application portfolio and identified areas of new investment, you’re well positioned to execute specific vendor selection projects. After you have built out your initiatives roadmap in phase 3, the following reports provide in-depth vendor reviews, feature guides, and tools and templates to assist with selection and implementation.

    Info-Tech Insight

    Not all applications are created equally well for each use case. The vendor reports help you make informed procurement decisions by segmenting vendor capabilities among major use cases. The strategic requirements identified as part of this project should be used to select the use case that best fits your needs.

    If you want additional support, have our analyst guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2; 2.3.3 Shortlist and map the key top-level business processes

    Based on experience working with organizations in similar verticals, the facilitator will help your team map out key sample workflows for marketing, sales, and customer service.

    2.3.6 Create your strategic requirements for CXM

    Drawing on the preceding exercises, the facilitator will work with the team to create a comprehensive list of strategic requirements that will be used to drive technology decisions and roadmap initiatives.

    2.3.10 Create and finalize the CXM application portfolio

    Using the strategic requirements gathered through internal, external, and technology analysis up to this point, a facilitator will assist you in assembling a categorical technology application portfolio to support CXM.

    Step 2.4: Develop Deployment Best Practices

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Develop a CXM integration map
    • Develop a mitigation plan for poor quality customer data
    • Create a framework for end-user adoption of CXM applications

    Outcomes:

    • CXM application portfolio integration map
    • Data quality preservation plan
    • End-user adoption plan

    Develop an integration map to specify which applications will interface with each other

    Integration is paramount: your CXM application portfolio must work as a unified face to the customer. Create an integration map to reflect a system of record and the exchange of data.

    • CRM
      • ERP
      • Telephony Systems (IVR, CTI)
      • Directory Services
      • Email
      • Content Management
      • Point Solutions (SMMP, MMS)

    The points of integration that you’ll need to establish must be based on the objectives and requirements that have informed the creation of the CXM application portfolio. For instance, achieving improved customer insights would necessitate a well-integrated portfolio with customer interaction point solutions, business intelligence tools, and customer data warehouses in order to draw the information necessary to build insight. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    Info-Tech Insight

    If the CXM application portfolio is fragmented, it will be nearly impossible to build a cohesive view of the customer and deliver a consistent customer experience. Points of integration (POIs) are the junctions between the applications that make up the CXM portfolio. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments. Be sure to include enterprise applications that are not included in the CXM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    After identifying points of integration, profile them by business significance, complexity, and investment required

    • After enumerating points of integration between the CRM platform and other CXM applications and data sources, profile them by business significance and complexity required to determine a rank-ordering of priorities.
    • Points of integration that are of high business significance with low complexity are your must do’s – these are your quick wins that deliver maximum value without too much cost. This is typically the case when integrating a vendor-to-vendor solution with available native connectors.
    • On the opposite end of the spectrum are your POIs that will require extensive work to deliver but offer negligible value. These are your should not do’s – typically, these are niche requests for integration that will only benefit the workflows of a small (and low priority) group of end users. Only accommodate them if you have slack time and budget built into your implementation timeline.

    The image shows a square matrix with Point of Integration Value Matrix in the centre. On the X-axis is Business Significance, and on the Y-axis is POI complexity. In the upper left quadrant is Should Not Do, upper right is Should Do, lower left is Could Do, and lower right is Must do.

    "Find the absolute minimum number of ‘quick wins’ – the POIs you need from day one that are necessary to keep end users happy and deliver value." – Maria Cindric, Australian Catholic University Source: Interview

    Activity: Develop a CXM application integration map

    2.4.1 1 hour

    Input

    • CXM application portfolio (output of Activity 2.3.10)

    Output

    • CXM application portfolio integration map
    • CXM Strategy Stakeholder Presentation

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. On sticky notes, record the list of applications that comprise the CXM application portfolio (built in Activity 2.3.10) and all other relevant applications. Post the sticky notes on a whiteboard so you can visualize the portfolio.
    2. Discuss the key objectives and requirements that will drive the integration design of the CXM application portfolio.
    3. As deemed necessary by step 2, rearrange the sticky notes and draw connecting arrows between applications to reflect their integration. Allow the point of the arrow to indicate direction of data exchanges.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Mapping the Integration of CXM Applications

    The image shows several yellow rectangles with text in them, connected by arrows.

    Plug the hole and bail the boat – plan to be preventative and corrective with customer data quality initiatives

    Data quality is king: if your customer data is garbage in, it will be garbage out. Enable strategic CXM decision making with effective planning of data quality initiatives.

    Identify and Eliminate Dead Weight

    Poor data can originate in the firm’s system of record, which is typically the CRM system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas.

    Loose rules in the CRM system lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system.

    • Conduct a data flow analysis: map the path that data takes through the organization.
    • Use a mass cleanup to identify and destroy dead weight data. Merge duplicates either manually or with the aid of software tools. Delete incomplete data, taking care to reassign related data.
    • COTS packages typically allow power users to merge records without creating orphaned records in related tables, but custom-built applications typically require IT expertise.

    Create and Enforce Standards & Policies

    Now that the data has been cleaned, protect the system from relapsing.

    Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases.

    • Truncated data is usually caused by mismatches in data structures during either one-time data loads or ongoing data integrations.
    • Don’t go overboard on assigning required fields – users will just put key data in note fields.
    • Discourage the use of unstructured note fields: the data is effectively lost unless it gets subpoenaed.
    • To specify policies, use Info-Tech’s Master Data Record Tool.

    Profile your customer and sales-related data

    Applications are a critical component of how IT supports Sales, but IT also needs to help Sales keep its data current and accurate. Conducting a sales data audit is critical to ensure Sales has the right information at the right time.

    Info-Tech Insight

    Data is king. More than ever, having accurate data is essential for your organization to win in hyper-competitive marketplaces. Prudent current state analysis looks at both the overall data model and data architecture, as well as assessing data quality within critical sales-related repositories. As the amount of customer data grows exponentially due to the rise of mobility and the Internet of Things, you must have a forward-looking data model and data marts/customer data warehouse to support sales-relevant decisions.

    • A current state analysis for sales data follows a multi-step process:
      • Determine the location of all sales-relevant and customer data – the sales data inventory. Data can reside in applications, warehouses, and documents (e.g. Excel and Access files) – be sure to take a holistic approach.
    • For each data source, assess data quality across the following categories:
      • Completeness
      • Currency (Relevancy)
      • Correctness
      • Duplication
    • After assessing data quality, determine which repositories need the most attention by IT and Sales. We will look at opportunities for data consolidation later in the blueprint.

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Develop a Master Data Management Strategy and Roadmap blueprint for further reference and assistance in data management for your sales-IT alignment.

    Activity: Develop a mitigation plan for poor quality customer data

    2.4.2 30 minutes

    Input

    • List of departments involved in maintenance of CXM data

    Output

    • Data quality preservation plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory a list of departments that will be interacting directly with CXM data.
    2. Identify data quality cleansing and preservation initiatives, such as those in previous examples.
    3. Assign accountability to an individual in the department as a data steward. When deciding on a data steward, consider the following:
    • Data stewards are designated full-time employees who serve as the go-to resource for all issues pertaining to data quality, including keeping a particular data silo clean and free of errors.
    • Data stewards are typically mid-level managers in the business (not IT), preferably with an interest in improving data quality and a relatively high degree of tech-savviness.
    • Data stewards can sometimes be created as a new role with a dedicated FTE, but this is not usually cost effective for small and mid-sized firms.
    • Instead, diffuse the steward role across several existing positions, including one for CRM and other marketing, sales, and service applications.
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Example: Data Steward Structure

    Department A

    • Data Steward (CRM)
    • Data Steward (ERP)

    Department B

    • Data Steward (All)

    Department C

    • Data Steward (All)

    Determine if a customer data warehouse will add value to your CXM technology-enablement strategy

    A customer data warehouse (CDW) “is a subject-oriented, integrated, time-variant, non-volatile collection of data used to support the strategic decision-making process across marketing, sales, and service. It is the central point of data integration for customer intelligence and is the source of data for the data marts, delivering a common view of customer data” (Corporate Information Factory, n.d.).

    Analogy

    CDWs are like a buffet. All the food items are in the buffet. Likewise, your corporate data sources are centralized into one repository. There are so many food items in a buffet that you may need to organize them into separate food stations (data marts) for easier access.

    Examples/Use Cases

    • Time series analyses with historical data
    • Enterprise level, common view analyses
    • Integrated, comprehensive customer profiles
    • One-stop repository of all corporate information

    Pros

    • Top-down architectural planning
    • Subject areas are integrated
    • Time-variant, changes to the data are tracked
    • Non-volatile, data is never over-written or deleted

    Cons

    • A massive amount of corporate information
    • Slower delivery
    • Changes are harder to make
    • Data format is not very business friendly

    Activity: Assess the need for a customer data warehouse

    2.4.3. 30 minutes

    Input

    • List of data sources
    • Data inflows and outflows

    Output

    • Data quality preservation plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Create a shortlist of customer data sources.
    2. Profile the integration points that are necessary to support inflows and outflows of customer data.
    3. Ask the following questions around the need for a CDW based on these data sources and points of integration:
    • What is the volume of customer information that needs to be stored? The greater the capacity, the more likely that you should build a dedicated CDW.
    • How complex is the data? The more complex the data, the greater the need for a CDW.
    • How often will data interchange happen between various applications and data sources? The greater and more frequent the interchange, the greater the need for a CDW.
    • What are your organizational capabilities for building a CDW? Do you have the resources in-house to create a CDW at this time?
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Build an Agile Data Warehouse blueprint for more information on building a centralized and integrated data warehouse.

    Create a plan for end-user training on new (or refocused) CXM applications and data quality processes

    All training modules will be different, but some will have overlapping areas of interest.

    – Assign Project Evangelists – Analytics Training – Mobile Training

    Application Training

    • Customer Service - Assign Project Evangelists – Analytics Training – Mobile Training
      • Focus training on:
        • What to do with inbound tickets.
        • Routing and escalation features.
        • How to use knowledge management features effectively.
        • Call center capabilities.
    • Sales – Assign Project Evangelists – Analytics Training – Mobile Training
      • Focus training on:
        • Recording of opportunities, leads, and deals.
        • How to maximize sales with sales support decision tree.
    • Marketing - Assign Project Evangelists – Analytics Training
      • Focus training on:
        • Campaign management features.
        • Social media monitoring and engagement capabilities.
    • IT
      • Focus training on:
        • Familiarization with the software.
        • Software integration with other enterprise applications.
        • The technical support needed to maintain the system in the future.

    Info-Tech Insight

    Train customers too. Keep the customer-facing sales portals simple and intuitive, have clear explanations/instructions under important functions (e.g. brief directions on how to initiate service inquiries), and provide examples of proper uses (e.g. effective searches). Make sure customers are aware of escalation options available to them if self-service falls short.

    Ensure adoption with a formal communication process to keep departments apprised of new application rollouts

    The team leading the rollout of new initiatives (be they applications, new governance structures, or data quality procedures) should establish a communication process to ensure management and users are well informed.

    CXM-related department groups or designated trainers should take the lead and implement a process for:

    • Scheduling application platform/process rollout/kick-off meetings.
    • Soliciting preliminary input from the attending groups to develop further training plans.
    • Establishing communication paths and the key communication agents from each department who are responsible for keeping lines open moving forward.

    The overall objective for inter-departmental kick-off meetings is to confirm that all parties agree on certain key points and understand alignment rationale and new sales app or process functionality.

    The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.

    The kick-off meeting(s) should encompass:

    • Target business-user requirements
    • The high-level application overview
    • Tangible business benefits of alignment
    • Special consideration needs
    • Other IT department needs
    • Target quality of service (QoS) metrics

    Info-Tech Insight

    Determine who in each department will send out a message about initiative implementation, the tone of the message, the medium, and the delivery date.

    Construct a formal communication plan to engage stakeholders through structured channels

    Tangible Elements of a Communications Plan

    • Stakeholder Group Name
    • Stakeholder Description
    • Message
    • Concerns Relative to Application Maintenance
    • Communication Medium
    • Role Responsible for Communication
    • Frequency
    • Start and End Date

    Intangible Elements of a Communications Plan

    • Establish biweekly meetings with representatives from sales functional groups, who are tasked with reporting on:
      • Benefits of revised processes
      • Metrics of success
      • Resource restructuring
    • Establish a monthly interdepartmental meeting, where all representatives from sales and IT leadership discuss pressing bug fixes and minor process improvements.
    • Create a webinar series, complete with Q&A, so that stakeholders can reference these changes at their leisure.

    Info-Tech Insight

    Every piece of information that you give to a stakeholder that is not directly relevant to their interests is a distraction from your core message. Always remember to tailor the message, medium, and timing accordingly.

    Carry the CXM value forward with linkage and relationships between sales, marketing, service, and IT

    Once the sales-IT alignment committees have been formed, create organizational cadence through a variety of formal and informal gatherings between the two business functions.

    • Organizations typically fall in one of three maturity stages: isolation, collaboration, or synergy. Strive to achieve business-technology synergy at the operational level.
    • Although collaboration cannot be mandated, it can be facilitated. Start with a simple gauge of the two functions’ satisfaction with each other, and determine where and how inter-functional communication and synergy can be constructed.

    Isolation

    The image shows four shapes, with the words IT, Sales, Customer Service, and Marketing in them.

    • Point solutions are implemented on an ad-hoc basis by individual departments for specific projects.
    • Internal IT is rarely involved in these projects from beginning to end.

    Collaboration

    The image features that same four shapes and text from the previous image, but this time they are connected by dotted lines.

    • There is a formal cross-departmental effort to integrate some point solutions.
    • Internal IT gets involved to integrate systems and then support system interactions.

    Synergy

    The image features the same shapes and text from previous instances, except the shapes are now connect by solid lines and the entire image is surrounded by dotted lines.

    • Cross-functional, business technology teams are established to work on IT-enabled revenue generation initiatives.
    • Team members are collocated if possible.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.4.1 Develop a CXM application integration map

    Using the inventory of existing CXM-supporting applications and the newly formed CXM application portfolio as inputs, your facilitator will assist you in creating an integration map of applications to establish a system of record and flow of data.

    2.4.2 Develop a mitigation plan for poor quality customer data

    Our facilitator will educate your stakeholders on the importance of quality data and guide you through the creation of a mitigation plan for data preservation.

    2.4.3 Assess the need for a customer data warehouse

    Addressing important factors such as data volume, complexity, and flow, a facilitator will help you assess whether or not a customer data warehouse for CXM is the right fit for your organization.

    Phase 3

    Finalize the CXM Framework

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Finalize the CXM Framework

    Proposed Time to Completion: 1 week

    Step 3.1: Create an Initiative Rollout Plan

    Start with an analyst kick-off call:

    • Discuss strategic requirements and the associated application portfolio that has been proposed.

    Then complete these activities…

    • Initiatives prioritization

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Step 3.2: Confirm and Finalize the CXM Blueprint

    Review findings with analyst:

    • Discuss roadmap and next steps in terms of rationalizing and implementing specific technology-centric initiatives or rollouts.

    Then complete these activities…

    • Confirm stakeholder strategy presentation

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Phase 3 Results & Insights:

    • Initiatives roadmap

    Step 3.1: Create an Initiative Rollout Plan

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Create a risk management plan
    • Brainstorm initiatives for CXM roadmap
    • Identify dependencies and enabling projects for your CXM roadmap
    • Complete the CXM roadmap

    Outcomes:

    • Risk management plan
    • CXM roadmap
      • Quick-win initiatives

    A CXM technology-enablement roadmap will provide smooth and timely implementation of your apps/initiatives

    Creating a comprehensive CXM strategy roadmap reduces the risk of rework, misallocation of resources, and project delays or abandonment.

    • People
    • Processes
    • Technology
    • Timeline
    • Tasks
    • Budget

    Benefits of a Roadmap

    1. Prioritize execution of initiatives in alignment with business, IT, and needs.
    2. Create clearly defined roles and responsibilities for IT and business stakeholders.
    3. Establish clear timelines for rollout of initiatives.
    4. Identify key functional areas and processes.
    5. Highlight dependencies and prerequisites for successful deployment.
    6. Reduce the risk of rework due to poor execution.

    Implement planning and controls for project execution

    Risk Management

    • Track risks associated with your CXM project.
    • Assign owners and create plans for resolving open risks.
    • Identify risks associated with related projects.
    • Create a plan for effectively communicating project risks.

    Change Management

    • Brainstorm a high-level training plan for various users of the CXM.
    • Create a communication plan to notify stakeholders and impacted users about the tool and how it will alter their workday and performance of role activities.
    • Establish a formal change management process that is flexible enough to meet the demands for change.

    Project Management

    • Conduct a post-mortem to evaluate the completion of the CXM strategy.
    • Design the project management process to be adaptive in nature.
    • Communication is key to project success, whether it is to external stakeholders or internal project team members..
    • Review the project’s performance against metrics and expectations.

    INFO-TECH OPPORTUNITIES

    Optimize the Change Management Process

    You need to design a process that is flexible enough to meet demand for change and strict enough to protect the live environment from change-related incidents.

    Create Project Management Success

    Investing time up front to plan the project and implementing best practices during project execution to ensure the project is delivered with the planned outcome and quality is critical to project success.

    Activity: Create a risk management plan

    3.1.1 45 minutes

    Input

    • Inventory of risks

    Output

    • Risk management plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Create a list of possible risks that may hamper the progress of your CXM project.
    2. Classify risks as strategy-based, related to planning, or systems-based, related to technology.
    3. Brainstorm mitigation strategies to overcome each listed risk.
    4. On a score of 1 to 3, determine the impact of each risk on the success of the project.
    5. On a score of 1 to 3, determine the likelihood of the occurrence for each risk.
    6. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Constructing a Risk Management Plan

    Risk Impact Likelihood Mitigation Effort
    Strategy Risks Project over budget
    • Detailed project plan
    • Pricing guarantees
    Inadequate content governance
    System Risks Integration with additional systems
    • Develop integration plan and begin testing integration methods early in the project
    .... ... ... ...

    Likelihood

    1 – High/ Needs Focus

    2 – Can Be Mitigated

    3 - Unlikely

    Impact

    1 - High Risk

    2 - Moderate Risk

    3 - Minimal Risk

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding technical and strategic risks can help you establish contingency measures to reduce the likelihood that risks will occur. Devise mitigation strategies to help offset the impact of risks if contingency measures are not enough.

    Remember

    The biggest sources of risk in a CXM strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Change management
    • Executive sponsorship
    • Sufficient funding
    • Expectation setting
    1. Project Starts
    • Expectations are high
  • Project Workload Increases
    • Expectations are high
  • Pit of Despair
    • Why are we doing this?
  • Project Nears Close
    • Benefits are being realized
  • Implementation is Completed
    • Learning curve dip
  • Standardization & Optimization
    • Benefits are high
  • Identify factors to complete your CXM initiatives roadmap

    Completion of initiatives for your CXM project will be contingent upon multiple variables.

    Defining Dependencies

    Initiative complexity will define the need for enabling projects. Create a process to define dependencies:

    1. Enabling projects: complex prerequisites.
    2. Preceding tasks: direct and simplified assignments.

    Establishing a Timeline

    • Assign realistic timelines for each initiative to ensure smooth progress.
    • Use milestones and stage gates to track the progress of your initiatives and tasks.

    Defining Importance

    • Based on requirements gathering, identify the importance of each initiative to your marketing department.
    • Each initiative can be ranked high, medium, or low.

    Assigning Ownership

    • Owners are responsible for on-time completion of their assigned initiatives.
    • Populate a RACI chart to ensure coverage of all initiatives.

    Complex....Initiative

    • Enabling Project
      • Preceding Task
      • Preceding Task
    • Enabling Project
      • Preceding Task
      • Preceding Task

    Simple....Initiative

    • Preceding Task
    • Preceding Task
    • Preceding Task

    Activity: Brainstorm CXM application initiatives for implementation in alignment with business needs

    3.1.2 45 minutes

    Input

    • Inventory of CXM initiatives

    Output

    • Prioritized and quick-win initiatives
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. As a team, identify and list CXM initiatives that need to be addressed.
    2. Plot the initiatives on the complexity-value matrix to determine priority.
    3. Identify quick wins: initiatives that can realize quick benefits with little effort.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Importance-Capability Matrix

    The image shows a matrix, with Initiative Complexity on the X-axis, and Business Value on the Y-axis. There are circle of different sizes in the matrix.

    Pinpoint quick wins: high importance, low effort initiatives.

    The size of each plotted initiative must indicate the effort or the complexity and time required to complete.
    Top Right Quadrant Strategic Projects
    Top Left Quadrant Quick Wins
    Bottom Right Quadrant Risky Bets
    Bottom Left Quadrant Discretionary Projects

    Activity: Identify any dependencies or enabling projects for your CXM roadmap

    3.1.3 1 hour

    Input

    • Implementation initiatives
    • Dependencies

    Output

    • CXM project dependencies

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Using sticky notes and a whiteboard, have each team member rank the compiled initiatives in terms of priority.
    2. Determine preceding tasks or enabling projects that each initiative is dependent upon.
    3. Determine realistic timelines to complete each quick win, enabling project, and long-term initiative.
    4. Assign an owner for each initiative.

    Example: Project Dependencies

    Initiative: Omnichannel E-Commerce

    Dependency: WEM Suite Deployment; CRM Suite Deployment; Order Fulfillment Capabilities

    Activity: Complete the implementation roadmap

    3.1.4 30 minutes

    Input

    • Implementation initiatives
    • Dependencies

    Output

    • CXM Roadmap
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Establish time frames to highlight enabling projects, quick wins, and long-term initiatives.
    2. Indicate the importance of each initiative as high, medium, or low based on the output in Activity 3.1.2.
    3. Assign each initiative to a member of the project team. Each owner will be responsible for the execution of a given initiative as planned.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Importance-Capability Matrix

    Importance Initiative Owner Completion Date
    Example Projects High Gather business requirements. Project Manager MM/DD/YYYY
    Quick Wins
    Long Term Medium Implement e-commerce across all sites. CFO & Web Manager MM/DD/YYYY

    Importance

    • High
    • Medium
    • Low

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Create a risk management plan

    Based on the workshop exercises, the facilitator will work with the core team to design a priority-based risk mitigation plan that enumerates the most salient risks to the CXM project and addresses them.

    3.1.2; 3.1.3; 3.1.4 Identify initiative dependencies and create the CXM roadmap

    After identifying dependencies, our facilitators will work with your IT SMEs and business stakeholders to create a comprehensive roadmap, outlining the initiatives needed to carry out your CXM strategy roadmap.

    Step 3.2: Confirm and Finalize the CXM Blueprint

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Identify success metrics
    • Create a stakeholder power map
    • Create a stakeholder communication plan
    • Complete and present CXM strategy stakeholder presentation

    Outcomes:

    • Stakeholder communication plan
    • CXM strategy stakeholder presentation

    Ensure that your CXM applications are improving the performance of targeted processes by establishing metrics

    Key Performance Indicators (KPIs)

    Key performance indicators (KPIs) are quantifiable measures that demonstrate the effectiveness of a process and its ability to meet business objectives.

    Questions to Ask

    1. What outputs of the process can be used to measure success?
    2. How do you measure process efficiency and effectiveness?

    Creating KPIs

    Specific

    Measurable

    Achievable

    Realistic

    Time-bound

    Follow the SMART methodology when developing KPIs for each process.

    Adhering to this methodology is a key component of the Lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    Info-Tech Insight

    Metrics are essential to your ability to measure and communicate the success of the CXM strategy to the business. Speak the same language as the business and choose metrics that relate to marketing, sales, and customer service objectives.

    Activity: Identify metrics to communicate process success

    3.2.1 1 hour

    Input

    • Key organizational objectives

    Output

    • Strategic business metrics
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Recap the major functions that CXM will focus on (e.g. marketing, sales, customer service, web experience management, social media management, etc.)
    2. Identify business metrics that reflect organizational objectives for each function.
    3. Establish goals for each metric (as exemplified below).
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.
    5. Communicate the chosen metrics and the respective goals to stakeholders.

    Example: Metrics for Marketing, Sales, and Customer Service Functions

    Metric Example
    Marketing Customer acquisition cost X% decrease in costs relating to advertising spend
    Ratio of lifetime customer value X% decrease in customer churn
    Marketing originated customer % X% increase in % of customer acquisition driven by marketing
    Sales Conversion rate X% increase conversion of lead to sale
    Lead response time X% decrease in response time per lead
    Opportunity-to-win ratio X% increase in monthly/annual opportunity-to-win ratio
    Customer Service First response time X% decreased time it takes for customer to receive first response
    Time-to-resolution X% decrease of average time-to-resolution
    Customer satisfaction X% improvement of customer satisfaction ratings on immediate feedback survey

    Use Info-Tech’s Stakeholder Power Map Template to identify stakeholders crucial to CXM application rollouts

    3.2.2 Stakeholder Power Map Template

    Use this template and its power map to help visualize the importance of various stakeholders and their concerns. Prioritize your time according to the most powerful and most impacted stakeholders.

    Answer questions about each stakeholder:

    • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?

    Focus on key players: relevant stakeholders who have high power, should have high involvement, and are highly impacted.

    INFO-TECH DELIVERABLE

    Stakeholder Power Map Template

    Use Info-Tech’s Stakeholder Communication Planning Template to document initiatives and track communication

    3.2.3 Stakeholder Communication Planning Template

    Use the Stakeholder Communication Planning Template to document your list of initiative stakeholders so you can track them and plan communication throughout the initiative.

    Track the communication methods needed to convey information regarding CXM initiatives. Communicate how a specific initiative will impact the way employees work and the work they do.

    Sections of the document:

    1. Document the Stakeholder Power Map (output of Tool 3.2.2).
    2. Complete the Communicate Management Plan to aid in the planning and tracking of communication and training.

    INFO-TECH DELIVERABLE

    Activity: Create a stakeholder power map and communication plan

    3.2.4 1 hour

    Input

    • Stakeholder power map

    Output

    • Stakeholder communication plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech’s Stakeholder Communication Planning Template
    • Info-Tech’s Stakeholder Power Map Template

    Participants

    • Project Team

    Instructions

    1. Using Info-Tech’s Stakeholder Power Map Template, identify key stakeholders for ensuring the success of the CXM strategy (Tool 3.2.2).
    2. Using Info-Tech’s Stakeholder Communication Plan Template, construct a communication plan to communicate and track CXM initiatives with all CXM stakeholders (Tool 3.2.3).
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Use Info-Tech’s CXM Strategy Stakeholder Presentation Template to sell your CXM strategy to the business

    3.2.5 CXM Strategy Stakeholder Presentation Template

    Complete the presentation template as indicated when you see the green icon throughout this deck. Include the outputs of all activities that are marked with this icon.

    Info-Tech has designed the CXM Strategy Stakeholder Presentation Template to capture the most critical aspects of the CXM strategy. Customize it to best convey your message to project stakeholders and to suit your organization.

    The presentation should be no longer than one hour. However, additional slides can be added at the discretion of the presenter. Make sure there is adequate time for a question and answer period.

    INFO-TECH DELIVERABLE

    After the presentation, email the deck to stakeholders to ensure they have it available for their own reference.

    Activity: Determine the measured value received from the project

    3.2.6 30 minutes

    Input

    • Project Metrics

    Output

    • Measured Value Calculation

    Materials

    • Workbook

    Participants

    • Project Team

    Instructions

    1. Review project metrics identified in phase 1 and associated benchmarks.
    2. After executing the CXM project, compare metrics that were identified in the benchmarks with the revised and assess the delta.
    3. Calculate the percentage change and quantify dollar impact (i.e. as a result of increased customer acquisition or retention).

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.4 Create a stakeholder power map and communication plan

    An analyst will walk the project team through the creation of a communication plan, inclusive of project metrics and their respective goals. If you are planning a variety of CXM initiatives, track how the change will be communicated and to whom. Determine the employees who will be impacted by the change.

    Insight breakdown

    Insight 1

    • IT must work in lockstep with Marketing, Sales, and Customer Service to develop a comprehensive technology-enablement strategy for CXM.
    • As IT works with its stakeholders in the business, it must endeavor to capture and use the voice of the customer in driving strategic requirements for CXM portfolio design.
    • IT must consider the external environment, customer personas, and internal processes as it designs strategic requirements to build the CXM application portfolio.

    Insight 2

    • The cloud is bringing significant disruption to the CXM space: to maintain relevancy, IT must become deeply involved in ensuring alignment between vendor capabilities and strategic requirements.
    • IT must serve as a trusted advisor on technical implementation challenges related to CXM, such as data quality, integration, and end-user training and adoption.
    • IT is responsible for technology enablement and is an indispensable partner in this regard; however, the business must ultimately own the objectives and communication strategy for customer engagement.

    Insight 3

    • When crafting a portfolio for CXM, be aware of the art of the possible: capabilities are rapidly merging and evolving to support new interaction channels. Social, mobile, and IoT are disrupting the customer experience landscape.
    • Big data and analytics-driven decision making is another significant area of value. IT must allow for true customer intelligence by providing an integration framework across customer-facing applications.

    Summary of accomplishment

    Knowledge Gained

    • Voice of the Customer for CXM Portfolio Design
    • Understanding of Strategic Requirements for CXM
    • Customer Personas and Scenarios
    • Environmental Scan
    • Deployment Considerations
    • Initiatives Roadmap Considerations

    Processes Optimized

    • CXM Technology Portfolio Design
    • Customer Data Quality Processes
    • CXM Integrations

    Deliverables Completed

    • Strategic Summary for CXM
    • CXM Project Charter
    • Customer Personas
    • External and Competitive Analysis
    • CXM Application Portfolio

    Bibliography

    Accenture Digital. “Growing the Digital Business: Accenture Mobility Research 2015.” Accenture. 2015. Web.

    Afshar, Vala. “50 Important Customer Experience Stats for Business Leaders.” Huffington Post. 15 Oct. 2015. Web.

    APQC. “Marketing and Sales Definitions and Key Measures.” APQC’s Process Classification Framework, Version 1.0.0. APQC. Mar. 2011. Web.

    CX Network. “The Evolution of Customer Experience in 2015.” Customer Experience Network. 2015. Web.

    Genesys. “State of Customer Experience Research”. Genesys. 2018. Web.

    Harvard Business Review and SAS. “Lessons From the Leading Edge of Customer Experience Management.” Harvard Business School Publishing. 2014. Web.

    Help Scout. “75 Customer Service Facts, Quotes & Statistics.” Help Scout. n.d. Web.

    Inmon Consulting Services. “Corporate Information Factory (CIF) Overview.” Corporate Information Factory. n.d. Web

    Jurevicius, Ovidijus. “VRIO Framework.” Strategic Management Insight. 21 Oct. 2013. Web.

    Keenan, Jim, and Barbara Giamanco. “Social Media and Sales Quota.” A Sales Guy Consulting and Social Centered Selling. n.d. Web.

    Malik, Om. “Internet of Things Will Have 24 Billion Devices by 2020.” Gigaom. 13 Oct. 2011. Web.

    McGovern, Michele. “Customers Want More: 5 New Expectations You Must Meet Now.” Customer Experience Insight. 30 July 2015. Web.

    McGinnis, Devon. “40 Customer Service Statistics to Move Your Business Forward.” Salesforce Blog. 1 May 2019. Web.

    Bibliography

    Reichheld, Fred. “Prescription for Cutting Costs”. Bain & Company. n.d. Web.

    Retail Congress Asia Pacific. “SAP – Burberry Makes Shopping Personal.” Retail Congress Asia Pacific. 2017. Web.

    Rouse, Margaret. “Omnichannel Definition.” TechTarget. Feb. 2014. Web.

    Salesforce Research. “Customer Expectations Hit All-Time High.” Salesforce Research. 2018. Web.

    Satell, Greg. “A Look Back at Why Blockbuster Really Failed and Why It Didn’t Have To.” Forbes. 5 Sept. 2014. Web.

    Social Centered Learning. “Social Media and Sales Quota: The Impact of Social Media on Sales Quota and Corporate Review.” Social Centered Learning. n.d. Web.

    Varner, Scott. “Economic Impact of Experience Management”. Qualtrics/Forrester. 16 Aug. 2017. Web.

    Wesson, Matt. “How to Use Your Customer Data Like Amazon.” Salesforce Pardot Blog. 27 Aug. 2012. Web.

    Winterberry Group. “Taking Cues From the Customer: ‘Omnichannel’ and the Drive For Audience Engagement.” Winterberry Group LLC. June 2013. Web.

    Wollan, Robert, and Saideep Raj. “How CIOs Can Support a More Agile Sales Organization.” The Wall Street Journal: The CIO Report. 25 July 2013. Web.

    Zendesk. “The Impact of Customer Service on Customer Lifetime Value 2013.” Z Library. n.d. Web.

    Domino – Maintain, Commit to, or Vacate?

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool

    Infographic

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    Project Management

    • Buy Link or Shortcode: {j2store}48|cart{/j2store}
    • Related Products: {j2store}48|crosssells{/j2store}
    • member rating overall impact: 9.7/10
    • member rating average dollars saved: $303,499
    • member rating average days saved: 42
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects

    The challenge

    • Ill-defined or even lack of upfront project planning will increase the perception that your IT department cannot deliver value because most projects will go over time and budget.
    • The perception is those traditional ways of delivering projects via the PMBOK only increase overhead and do not have value. This is less due to the methodology and more to do with organizations trying to implement best-practices that far exceed their current capabilities.
    • Typical best-practices are too clinical in their approach and place unrealistic burdens on IT departments. They fail to address the daily difficulties faces by staff and are not sized to fit your organization.
    • Take a flexible approach and ensure that your management process is a cultural and capacity fit for your organization. Take what fits from these frameworks and embed them tailored into your company.

    Our advice

    Insight

    • The feather-touch is often the right touch. Ensure that you have a lightweight approach for most of your projects while applying more rigor to the more complex and high-risk developments.
    • Pick the right tools. Your new project management processes need the right tooling to be successful. Pick a tool that is flexible enough o accommodate projects of all sizes without imposing undue governance onto smaller projects.
    • Yes, take what fits within your company from frameworks, but there is no cherry-picking. Ensure your processes stay in context: If you do not inform for effective decision-making, all will be in vain. Develop your methods such that guide the way to big-picture decision taking and support effective portfolio management.

    Impact and results 

    • The right amount of upfront planning is a function of the type of projects you have and your company. The proper levels enable better scope statements, better requirements gathering, and increased business satisfaction.
    • An investment in a formal methodology is critical to projects of all sizes. An effective process results in more successful projects with excellent business value delivery.
    • When you have a repeatable and consistent approach to project planning and execution, you can better communicate between the IT project managers and decision-makers.
    • Better communication improves the visibility of the overall project activity within your company.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should tailor project management practices to the type of projects you do and your company and review our methodology. We show you how we can support you.

    Lay the groundwork for project management success

    Assess your current capabilities to set the right level of governance.

    • Tailor Project Management Processes to Fit Your Projects – Phase 1: Lay the Groundwork for PM Success (ppt)
    • Project Management Triage Tool (xls)
    • COBIT BAI01 (Manage Programs and Projects) Alignment Workbook (xls)
    • Project Level Definition Matrix (xls)
    • Project Level Selection Tool (xls)
    • Project Level Assessment Tool (xls)
    • Project Management SOP Template (doc)

    Small project require a lightweight framework

    Increase small project's throughput.

    • Tailor Project Management Processes to Fit Your Projects – Phase 2: Build a Lightweight PM Process for Small Initiatives (ppt)
    • Level 1 Project Charter Template (doc)
    • Level 1 Project Status Report Template (doc)
    • Level 1 Project Closure Checklist Template (doc)

    Build the standard process medium and large-scale projects

    The standard process contains fully featured initiation and planning.

    • Tailor Project Management Processes to Fit Your Projects – Phase 3: Establish Initiation and Planning Protocols for Medium-to-Large Projects (ppt)
    • Project Stakeholder and Impact Assessment Tool (xls)
    • Level 2 Project Charter Template (doc)
    • Level 3 Project Charter Template (doc)
    • Kick-Off Meeting Agenda Template (doc)
    • Scope Statement Template (doc)
    • Project Staffing Plan(xls)
    • Communications Management Plan Template (doc)
    • Customer/Sponsor Project Status Meeting Template (doc)
    • Level 2 Project Status Report Template (doc)
    • Level 3 Project Status Report Template (doc)
    • Quality Management Workbook (xls)
    • Benefits Management Plan Template (xls)
    • Risk Management Workbook (xls)

    Build a standard process for the execution and closure of medium to large scale projects

    • Tailor Project Management Processes to Fit Your Projects – Phase 4: Develop Execution and Closing Procedures for Medium-to-Large Projects (ppt)
    • Project Team Meeting Agenda Template (doc)
    • Light Project Change Request Form Template (doc)
    • Detailed Project Change Request Form Template (doc)
    • Light Recommendation and Decision Tracking Log Template (xls)
    • Detailed Recommendation and Decision Tracking Log Template (xls)
    • Deliverable Acceptance Form Template (doc)
    • Handover to Operations Template (doc)
    • Post-Mortem Review Template (doc)
    • Final Sign-Off and Acceptance Form Template (doc)

    Implement your project management standard operating procedures (SOP)

    Develop roll-out and training plans, implement your new process and track metrics.

    • Tailor Project Management Processes to Fit Your Projects – Phase 5: Implement Your PM SOP (ppt)
    • Level 2 Project Management Plan Template (doc)
    • Project Management Process Costing Tool (xls)
    • Project Management Process Training Plan Template (doc)
    • Project Management Training Monitoring Tool (xls)
    • Project Management Process Implementation Timeline Tool (MS Project)
    • Project Management Process Implementation Timeline Tool (xls)

     

     

    Estimate Software Delivery With Confidence

    • Buy Link or Shortcode: {j2store}147|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $50,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Estimation and planning practices set and reinforce the expectations of product delivery, which is a key driver of IT satisfaction.
    • However, today’s rapidly scaling and increasingly complex products and business needs create mounting pressure for teams to make accurate estimates with little knowledge of the problem or solution to it, risking poor-quality products.
    • Many organizations lack the critical foundations involved in making acceptable estimates in collaboration with the various perspectives and estimation stakeholders.

    Our Advice

    Critical Insight

    • Estimation reflects your culture and operating model. The accuracy of your estimates is dependent on the roles involved, which is not encouraged in traditional and top-down methodologies. Stakeholders must respect and support the team’s estimates.
    • Estimates support value delivery. IT satisfaction is driven by the delivery of valuable products and services. Estimates set the appropriate stakeholder expectations to ensure successful delivery and make the right decisions.
    • Estimates are more than just guesses. They are tools used to make critical business, product, and technical decisions and inform how to best utilize resources and funding.

    Impact and Result

    • Establish the right expectations. Gain a grounded understanding of estimation value and limitations. Discuss estimation challenges to determine if poor practices and tactics are the root causes or symptoms.
    • Strengthen analysis and estimation practices. Obtain a thorough view of the product backlog item (PBI) through good analysis tactics. Incorporate multiple analysis and estimation tactics to verify and validate assumptions.
    • Incorporate estimates into your delivery lifecycle. Review and benchmark estimates, and update expectations as more is learned.

    Estimate Software Delivery With Confidence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your estimation practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Justify estimation optimization

    Set the right stakeholder expectations for your delivery estimates and plans.

    • Estimate Software Delivery With Confidence – Phase 1: Justify Estimation Optimization
    • Estimation Quick Reference Template

    2. Commit to achievable delivery

    Adopt the analysis, estimation, commitment, and communication tactics to successfully develop your delivery plan.

    • Estimate Software Delivery With Confidence – Phase 2: Commit to Achievable Delivery

    3. Mature your estimation practice

    Build your estimation optimization roadmap.

    • Estimate Software Delivery With Confidence – Phase 3: Mature Your Estimation Practice
    [infographic]

    Workshop: Estimate Software Delivery With Confidence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set the Context

    The Purpose

    Discuss the decisions that estimates will help make.

    Level set estimation expectations by clarifying what they can and cannot do.

    Review the current state of your estimation practice.

    Key Benefits Achieved

    Grounded understanding of estimation that is accepted by all audiences and stakeholders.

    Identification of whether estimation practices are the root cause of estimation challenges or a symptom of a different issue.

    Activities

    1.1 Define estimation expectations.

    1.2 Reveal your root cause challenges.

    Outputs

    Estimation expectations

    Root causes of estimation challenges

    2 Build Your Estimation Practice

    The Purpose

    Discuss the estimation and planning practices used in the industry.

    Define the appropriate tactics to use to make key business and delivery decisions.

    Simulate the tactics to verify and validate their fit with your teams.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness of your estimates and plans.

    Practice using new tactics.

    Activities

    2.1 Ground estimation fundamentals.

    2.2 Strengthen your analysis tactics.

    2.3 Strengthen your estimation tactics.

    2.4 Commit and communicate delivery.

    2.5 Simulate your target state planning and estimation tactics.

    Outputs

    Estimation glossary and guiding principles

    Defined analysis tactics

    Defined estimation and consensus-building tactics

    Defined commitment and communication tactics

    Lessons learned

    3 Define Your Optimization Roadmap

    The Purpose

    Review the scope and achievability of your improved estimation and planning practice.

    Key Benefits Achieved

    Realistic and achievable estimation optimization roadmap.

    Activities

    3.1 Mature your estimation practice.

    Outputs

    Estimation optimization roadmap