Passwordless Authentication

Know when you've been beaten!

Executive Summary

Your Challenge

• The IT world is an increasingly dangerous place.
• Every year literally billions of credentials are compromised and exposed on the internet.
• The average employee has between 27 and 191 passwords to manage.
• The line between business persona and personal persona has been blurred into irrelevancy.
• You need a method of authenticating users that is up to these challenges

Common Obstacles

• Legacy systems aside (wouldn't that be nice) this still won't be easy.
• Social inertia – passwords worked before, so surely, they can still work today! Besides, users don't want to change.
• Analysis paralysis – I don't want to get this wrong! How do I choose something that is going to be at the core of my infrastructure for the next 10 years?
• Identity management – how can you fix authentication when people have multiple usernames?

Info-Tech's Approach

• Inaction is not an option.
• Most commercial, off-the-shelf apps are moving to a SaaS model, so start your efforts with them.
• Your existing vendors already have technologies you are underusing or ignoring – stop that!
• Your users want this change – they just might not know it yet…
• Much like zero trust network access, the journey is more important than the destination. Incremental steps on the path toward passwordless authentication will still yield significant benefits.

Info-Tech Insight

Users have been burdened with unrealistic expectations when it comes to their part in maintaining enterprise security. Given the massive rise in the threat landscape, it is time for Infrastructure to adopt a user-experience-based approach if we want to move the needle on improving security posture.

Password Security Fallacy

"If you buy the premise…you buy the bit."
Johnny Carson

We've had plenty of time to see this coming.

Why haven't we done something?

• Passwords are a 1970s construct.
• End-users are complexity averse.
• Credentials are leaked all the time.
• New technologies will defeat even the most complex passwords.

Build the case, both to business stakeholders and end users, that "password" is not a synonym for "security."

Be ready for some objection handling!

Image courtesy of Microsoft

RSA Conference, 2004
San Francisco, CA

"There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
Bill Gates

What about "strong" passwords?

There has been a password arms race going on since 1988

A massive worm attack against ARPANET prompted the initial research into password strength

Password strength can be expressed as a function of randomness or entropy. The greater the entropy the harder for an attacker to guess the password.

Table: Modern password security for users
Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects

From this research, increasing password complexity (length, special characters, etc.) became the "best practice" to secure critical systems.

How many passwords??

XKCD Comic #936 (published in 2011)

Image courtesy of Randall Munroe XKCD Comics (CC BY-NC 2.5)

It turns out that humans however are really bad at remembering complex passwords.

An Intel study (2016) suggested that the average enterprise employee needed to remember 27 passwords. A more recent study from LastPass puts that number closer to 191.

PEBKAC
Problem Exists Between Keyboard and Chair

Increasing entropy is the wrong way to fight this battle – which is good because we'd lose anyway.

Over the course of a single year, researchers at the University of California, Berkeley identified and tracked nearly 2 billion compromised credentials.

3.8 million were obtained via social engineering, another 788K from keyloggers. That's approx. 250,000 clear text credentials harvested every week!

The entirety of the password ecosystem has significant vulnerabilities in multiple areas:

• Unencrypted server- and client-side storage
• Sharing
• Reuse
• Phishing
• Keylogging
• Question-based resets

Even the 36M encrypted credentials compromised every week are just going to be stored and cracked later.

Source: Google, University of California, Berkeley, International Computer Science Institute

Enabling Technologies

"Give me a place to stand, and a lever long enough, and I will move the world."
Archimedes

Technology gives us (too many) options

The time to prototype is NOW!

Chances are you are already paying for one or more of these technologies from a current vendor:

• SSO, password managers
• Conditional access
• Multifactor
• Hardware tokens
• Biometrics
• PINs

Address all three factors of authentication

• Something the user knows
• Something the user has
• Something the user is

Global Market of $12.8B
~16.7% CAGR
Source: Report Linker, 2022.

Focus your prototype efforts in four key testing areas

• Deployment
• User adoption/training
• Architecture (points of failure)
• Disaster recovery

Three factors for positive identification

Passwordless technologies focus on alternate authentication factors to supplement or replace shared secrets.

Something you know Shared secrets have well-known significant modern-day problems, but only when used in isolation. For end users, consider time-limited single use options, password managers, rate-limited login attempts, and reset rather than retrieval requests. On the system side, never forget strong cryptographic hashing along with a side of salt and pepper when storing passwords. Something you have A token (now known as a cryptographic identification device) such as a pass card, fob, smartphone, or USB key that is expected to be physically under the control of the user and is uniquely identifiable by the system. Easily decoupled in the event the token is lost, but potentially expensive and time-consuming to reprovision. Something you are or do Commonly referred to as biometrics, there are two primary classes. The first is measurable physical characteristics of the user such as a fingerprint, facial image, or retinal scan. The second class is a series of behavioral traits such as expected location, time of day, or device. These traits can be linked together in a conditional access policy. Unlike other authentication factors, biometrics DO NOT provide for exact matches and instead rely on a confidence interval. A balance must be struck against the user experience of false negatives and the security risk of a false positive.

Prototype testing criteria

Deployment

Does the solution support the full variety of end-user devices you have in use?

Can the solution be configured with your existing single sign-on or central identity broker?

User Experience

Users already want a better experience than passwords.

What new behavior are you expecting (compelling) from the user?

How often and under what conditions will that behavior occur?

Architecture

Where are the points of failure in the solution?

Consider technical elements like session thresholds for reauthorization, but also elements like automation and self-service.

Disaster Recovery

Understand the exact responsibilities Infra&Ops have in the event of a system or user failure.

As many solutions are based in the public cloud, manage stakeholder expectations accordingly.

Next Steps

"Move the goalposts…and declare victory."
Informal Fallacy (yet very effective…)

It is more a direction than a destination…

Get the easy wins in the bank and then lay the groundwork for the long campaign ahead.

You're not going to get to a passwordless world overnight. You might not even get there for many years. But an agile approach to the journey ensures you will realize value every step of the way:

• Start in the cloud:
• Choose a single sign-on platform such as Azure Active Directory, Okta, Auth0, AWS IAM, TruSONA, HYPR, or others. Document Your Cloud Strategy.
• Integrate the SaaS applications from your portfolio with your chosen platform.
• Establish visibility and rationalize identity management:
  • Accounts with elevated privileges present the most risk – evaluate your authentication factors for these accounts first.
  • There is elegance (and deployment success) in Simplifying Identity & Access Management.
• Pay your tech debt:
  • Legacy apps that don't even support SAML are going to have to be upgraded or isolated.
  • Recoding an application can easily take 6-12 months of work – prioritize this when Building an Application Rationalization Framework.

Fast IDentity Online (2) is now part of the web's DNA and is critical for digital transformation

• IoT
• Anywhere remote work
• Government identity services
• Digital wallets

Bibliography

"Backup Vs. Archiving: Know the Difference." Open-E. Accessed 05 Mar 2022.Web.
G, Denis. "How to Build Retention Policy." MSP360, Jan 3, 2020. Accessed 10 Mar 2022.
Ipsen, Adam. "Archive Vs. Backup: What's the Difference? A Definition Guide." BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.
Kang, Soo. "Mitigating the Expense of E-Discovery; Recognizing the Difference Between Back-Ups and Archived Data." Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.
Mayer, Alex. "The 3-2-1 Backup Rule – An Efficient Data Protection Strategy." Naviko. Accessed 12 Mar 2022.
Steel, Amber. "LastPass Reveals 8 Truths about Passwords in the New Password Exposé." LastPass Blog, 1 Nov. 2017. Web.
"The Global Passwordless Authentication Market Size Is Estimated to Be USD 12.79 Billion in 2021 and Is Predicted to Reach USD 53.64 Billion by 2030 With a CAGR of 16.7% From 2022-2030." Report Linker, 9 June 2022. Web.
"What Is Data-Archiving?" Proofpoint. Accessed 07 Mar 2022.

Select a Security Outsourcing Partner

Outsource the right functions to secure your business.

Analyst Perspective

Understanding your security needs and remaining accountable is the key to selecting the right partner.

The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

Danny Hammond
Research Analyst
Security, Risk, Privacy & Compliance Practice
Info-Tech Research Group

Executive Summary

Info-Tech Insight

Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

Your Challenge

This research is designed to help organizations select an effective security outsourcing partner.

• A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
• An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
• One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
• Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
• Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

Outsourcing is effective, but only if done right

• 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
• 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
• 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

Common Obstacles

The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

• Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
• Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
• Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
• Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

Source: IBM, 2022 Cost of a Data Breach; N=537.

Info-Tech’s methodology for selecting a security outsourcing partner

Determine your responsibilities

Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

Scope your requirements

Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

Manage your outsourcing program

Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

Select a Security Outsourcing Partner

Blueprint benefits

Insight summary

Overarching insight: You can outsource your responsibilities but not your accountability.

Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

Measure the value of this blueprint

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Overall Impact: 8.9 /10

Overall Average Cost Saved: $22,950

Overall Average Days Saved: 9

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Design and Build a User-Facing Service Catalog

Improve user satisfaction with IT with a convenient menu-like catalog.

Our understanding of the problem

This Research Is Designed For:

• CIOs
• Directors and senior managers within IT and the business

This Research Will Help You:

• Articulate all of the services IT provides to the business in a language the business users understand.
• Improve IT and business alignment through a common understanding of service features and IT support.

This Research Will Help Them

• Standardize and communicate how users request access to services.
• Standardize and communicate how users obtain support for services.
• Clearly understand IT’s role in providing each service.

What is a service catalog?

The user-facing service catalog is the go-to place for IT service-related information.

The catalog defines, documents, and organizes the services that IT delivers to the organization. The catalog also describes the features of the services and how the services are intended to be used.

The user-facing service catalog creates benefits for both the business and IT.

For business users, the service catalog:

1. Documents how to request access to the service, hours of availability, delivery timeframes, and customer responsibilities.
2. Specifies how to obtain support for the services, support hours, and documentation.

For IT, the service catalog:

1. Identifies who owns the services and who is authorized to use the services.
2. Specifies IT support requirements for the services, including support hours and documentation.

What is the difference between a user-facing service catalog and a technical service catalog?

This blueprint is about creating a user-facing service catalog written and organized in a way that focuses on the services from the business’ view.

User facing

User-friendly, intuitive, and simple overview of the services that IT provides to the business.

The items you would see on the menu at a restaurant are an example of User Facing. The content is relatable and easy to understand.

Technical

Series of technical workflows, supporting services, and the technical components that are required to deliver a service.

The recipe book with cooking instructions is an example of Technical Facing. This catalog is intended for the IT teams and is “behind the scene.”

What is a service and what does it mean to be service oriented?

The sum of the people, processes, and technologies required to enable users to achieve a business outcome is a Service.

A service is used directly by the end users and is perceived as a coherent whole.

Business Users →Service = Application & Systems + People & Processes

Service Orientation is…

• A focus on business requirements and business value, rather than IT driven motives.
• Services are designed to enable required business activities.
• Services are defined from the business perspective using business language.

In other words, put on your user hat and leave behind the technical jargons!

A lack of a published user-facing service catalog could be the source of many pains throughout your organization

IT Pains

• IT doesn’t understand all the services they provide.
• Business users would go outside of IT for solutions, proliferating shadow IT.
• Business users have a negative yet unrealistic perception of what IT is capable of.
• IT has no way of managing expectations for their users, which tend to inflate.
• There is often no defined agreement on services; the business assumes everything is available.

Business Pains

• Business users don’t know what services are available to them.
• It is difficult to obtain useful information regarding a service because IT always talks in technical language.
• Without a standard process in place, business users don’t know how to request access to a service with multiple sources of information available.
• Receiving IT support is a painful, long process and IT doesn’t understand what type of support the business requires.

An overwhelming majority of IT organizations still need to improve how they demonstrate their value to the business

23% of IT is still viewed as a cost center.	47% of business executives believe that business goals are going unsupported by IT.	92% of IT leaders see the need to prove the business value of IT’s contribution.
How a Service Catalog can help:
Use the catalog to demonstrate how IT is an integral part of the organization and IT services are essential to achieve business objectives. Source: IT Communication in Crisis Report	Transform the perception of IT by articulating all the services that are provided through the service catalog in a user-friendly language. Source: Info-Tech Benchmarking and Diagnostic Programs	Increase IT-business communication and collaboration through the service catalog initiative. Move from technology focused to service-oriented. Source: IT Communication in Crisis Report

Project Steps

Phase 1 – Project Launch

1.2 Project Team

The team must be balanced between representatives from the business and IT.

1.2 Communication Plan

Communication plan to facilitate input from both sides and gain adoption.

1.3 Identify Metrics

Metrics should reflect the catalog benefits. Look to reduced number of service desk inquiries.

1.4 Project Charter

Project charter helps walk you through project preparation.

This blueprint separates enterprise service from line of business service.

Project steps

Phase 2 – Identify and Define Enterprise Services

2.1 Identify the services that are used across the entire organization.

2.2 Users must be able to identify with the service categories.

2.3 Create basic definitions for enterprise services.

Phase 3 – Identify and Define Line of Business Services

3.1 Identify the different lines of business (LOBs) in the organization.

3.2 Understand the differences between our two methodologies for identifying LOB services.

3.3 Use methodology 1 if you have thorough knowledge of the business.

3.4 Use methodology 2 if you only have an IT view of the LOB.

Phase 4 – Complete Service Definitions

4.1 Understand the different components to each service definition, or the fields in the service record.

4.2 Identify which information to include for each service definition.

4.3 Define each enterprise service according to the information and field properties.

4.3 Define each LOB service according to the information and field properties.

Define your service catalog in bundles to achieve better catalog design in the long run

Trying to implement too many services at once can be overwhelming for both IT and the users. You don’t have to define and implement all of your services in one release of the catalog.

Info-Tech recommends implementing services themselves in batches, starting with enterprise, and then grouping LOB services into separate releases. Why? It benefits both IT and business users:

• It enables a better learning experience for IT – get to test the first release before going full-scale. In other words, IT gets a better understanding of all components of their deliverable before full adoption.
• It is easier to meet customer agreements on what is to be delivered early, and easier to be able to meet those deadlines.

After implementing a service catalog, your IT will be able to:

Use the service catalog to communicate all the services that IT provides to the business.

Improve IT’s visibility within the organization by creating a single source of information for all the value creating services IT has to offer. The service catalog helps the business understand the value IT brings to each service, each line of business, and the overall organization.

Concentrate more on high-value IT services.

The service catalog contains information which empowers business users to access IT services and information without the help of IT support staff. The reduction in routine inquiries decreases workload and increases morale within the IT support team, and allows IT to concentrate on providing higher value services.

Reduce shadow IT and gain control of services.

Service catalog brings more control to your IT environment by reducing shadow IT activities. The service catalog communicates business requests responsively in a language the business users understand, thus eliminating the need for users to seek outside help.

After implementing a service catalog, your business will be able to:

Access IT services with ease.

The language of IT is often confusing for the business and the users don’t know what to do when they have a concern. With a user-facing service catalog, business users can access information through a single source of information, and better understand how to request access or receive support for a service through clear, consistent, and business-relevant language.

Empower users to self-serve.

The service catalog enables users to “self-serve” IT services. Instead of calling the service desk every time an issue occurs, the users can rely on the service catalog for information. This simplified process not only reduces routine service requests, but also provides information in a faster, more efficient manner that increases productivity for both IT and the business.

Gain transparency on the IT services provided.

With every service clearly defined, business users can better understand the current support level, communicate their expectation for IT accountability, and help IT align services with critical business strategies.

Leverage the different Info-Tech deliverable tools to help you along the way

1. Project Charter

A project charter template with a few samples completed. The project charter helps you govern the project progress and responsibilities.

2. Enterprise Service Definitions

A full list of enterprise definitions with features and descriptions pre-populated. These are meant to get you on your feet defining your own enterprise services, or editing the ones already there.

3. Basic Line of Business Service Definitions

Similar to the enterprise services deliverable, but with two separate deliverables focusing on different perspectives – functional groups services (e.g. HR and finance) and industry-specific services (e.g. education and government).

Service Definitions & Service Record Design

Get a taste of a completed service catalog with full service definitions and service record design. This is the final product of the service catalog design once all the steps and activities have been completed.

The service catalog can be the foundation of your future IT service management endeavors

After establishing a catalog of all IT services, the following projects are often pursued for other objectives. Service catalog is a precursor for all three.

1. Technical Service Catalog

Need an IT-friendly breakdown of each service?
Keep better record of what technical components are required to deliver a service. The technical service catalog is the IT version of a user-facing catalog.

2. Service-Based Costing

Want to know how much each IT service is costing you?
Get a better grip on the true cost of IT. Using service-based costing can help justify IT expenses and increase budgetary allotment.

3. Chargeback

Want to hold each business unit accountable for the IT services they use?
Some business units abuse their IT services because they are thought to be free. Keep them accountable and charge them for what they use.

The service catalog need not be expensive – organizations of all sizes (small, medium, large) can benefit from a service catalog

No matter what size organization you may be, every organization can create a service catalog. Small businesses can benefit from the catalog the same way a large organization can. We have an easy step-by-step methodology to help introduce a catalog to your business.

It is common that users do not know where to go to obtain services from IT… We always end up with a serious time-crunch at the beginning of a new school year. With automated on- and off-boarding services, this could change for the better. – Dean Obermeyer, Technology Coordinator, Los Alamos Public Schools

CIO Call to Action

As the CIO and the project sponsor, you need to spearhead the development of the service catalog and communicate support to drive engagement and adoption.

Start

1. Select an experienced project leader
2. Identify stakeholders and select project team members with the project leader

Throughout the project

3. Attend or lead the project kick-off meeting
4. Create checkpoints to regularly touch base with the project team

Service catalog launch

5. Communicate the change message from beginning to implementation

Identify a project leader who will drive measurable results with this initiative

The project leader acts on behalf of the CIO and must be a senior level staff member who has extensive knowledge of the organization and experiences marshalling resources.

Influential & Impactful

Developing a service catalog requires dedication from many groups within IT and outside of IT.
The project leader must hold a visible, senior position and can marshal all the necessary resources to ensure the success of the project. Ability to exert impact and influence around both IT and the business is a must.

Relationship with the Business

The user-facing service catalog cannot be successful if business input is not received.
The project leader must leverage his/her existing relationship with the business to test out the service definitions and the service record design.

Results Driven

Creating a service catalog is not an easy job and the project leader must continuously engage the team members to drive results and efficiency.
The highly visible nature of the service catalog means the project leader must produce a high-quality outcome that satisfies the business users.

Info-Tech’s methodology helps organization to standardize how to define services

CASE STUDY A
Industry Municipal Government
Source Onsite engagement

Municipal Government
The IT department of a large municipal government in the United States provides services to a large number of customers in various government agencies.
Service Catalog Initiative
The municipal government allocated a significant amount of resources to answer routine inquiries that could have been avoided through user self-service. The government also found that they do not organize all the services IT provides, and they could not document and publish them to the customer. The government has already begun the service catalog initiative, but was struggling with how to identify services. Progress was slow because people were arguing amongst themselves – the project team became demoralized and the initiative was on the brink of failure.
Results
With Info-Tech’s onsite support, the government was able to follow a standardized methodology to identify and define services from the user perspective. The government was able to successfully communicate the initiative to the business before the full adoption of the service catalog.

We’re in demos with vendors right now to purchase an ITSM tool, and when the first vendor looked at our finished catalog, they were completely impressed.- Client Feedback

[We feel] very confident. The group as a whole is pumped up and empowered – they're ready to pounce on it. We plan to stick to the schedule for the next three months, and then review progress/priorities. - Client Feedback

CASE STUDY B
Industry Healthcare
Source Onsite engagement

Healthcare Provider
The organization is a healthcare provider in Canada. It treats patients with medical emergencies, standard operations, and manages a faculty of staff ranging from nurses and clerks, to senior doctors. This organization is run across several hospitals, various local clinics, and research centers.
Service Catalog Initiative
Because the organization is publicly funded, it is subject to regular audit requirements – one of which is to have a service catalog in place.
The organization also would like to charge back its clients for IT-related costs. In order to do this, the organization must be able to trace it back to each service. Therefore, the first step would be to create a user-facing service catalog, followed by the technical service catalog, which then allows the organization to do service-based costing and chargeback.
Results
By leveraging Info-Tech’s expertise on the subject, the healthcare provider was able to fast-track its service catalog development and establish the groundwork for chargeback abilities.

"There is always some reticence going in, but none of that was apparent coming out. The group dynamic was very good. [Info-Tech] was able to get that response, and no one around the table was silent.
The [expectation] of the participants was that there was a purpose in doing the workshop. Everybody knew it was for multiple reasons, and everyone had their own accountability/stakes in the development of it. Highly engaged." - Client Feedback

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

PHASE 1

Launch the Project

Design & Build a User-Facing Service Catalog

Step 1 – Create a project charter to launch the initiative

1. Complete the Project Charter
2. Create Enterprise Services Definitions
3. Create Line of Business Services Definitions
4. Complete Service Definitions

This step will walk you through the following activities:

• Develop a mission statement to obtain buy-ins from both IT and business stakeholders.
• Assemble a well-rounded project team to increase the success of the project.
• Identify and obtain support from stakeholders.
• Create an impactful change message to the organization to promote the service catalog.
• Determine project metrics to measure the effectiveness and value of the initiative.

Step Insights

• The project leader must have a strong relationship with the business, the ability to garner user input, and the authority to lead the team in creating a user-facing catalog that is accessible and understandable to the user.
• Having two separate change messages prepared for IT and the business is a must. The business change message advocates how the catalog will make IT more accessible to users, and the IT message centers around how the catalog will make IT’s life easier through a standardized request process.

Phase 1 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Use Info-Tech’s Service Catalog Project Charter to begin your initiative

1.1 Project Charter

The following section of slides outline how to effectively use Info-Tech’s sample project charter.

The Project Charter is used to govern the initiative throughout the project. IT should provide the foundation for project communication and monitoring.

It has been pre-populated with information appropriate for Service Catalog projects. Please review this sample text and change, add, or delete information as required.

Building the charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders upfront.

You may feel like a full charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important none-the-less. No matter your current climate, some elements of communicating the value and plans for implementing the catalog will be necessary.

The Charter includes the following sections:

• Mission Statement
• Project team members
• Project stakeholders
• Change message
• Communication and organizational plan
• Metrics

Use Info-Tech’s Service Catalog Project Charter.

Create a mission statement to articulate the purpose of this project

The mission statement must be compelling because embarking on creating a service catalog is no easy task. It requires significant commitment from different people in different areas of the business.

Good mission statements are directive, easy to understand, narrow in focus, and favor substance over vagueness.

While building your mission statement, think about what it is intended to do, i.e. keep the project team engaged and engage others to adopt the service catalog. Included in the project charter’s mission statement section is a brief description of the goals and objectives of the service catalog.

Ask yourself the following questions:

1. What frustrations does your business face regarding IT services?
2. f our company continues growing at this rate, will IT be able to manage service levels?
3. How has IT benefited from consolidating IT services into a user perspective?

Project Charter

Info-Tech’s project charter contains two sample mission statements, along with additional tips to help you create yours.

Tackle the project with a properly assembled team to increase the speed and quality in which the catalog will be created

Construct a well-balanced project team to increase your chances of success.

Project Leader

Project leader will be the main catalyst for the creation of the catalog. This person is responsible for driving the whole initiative.

Project Participants

IT project participants’ input and business input will be pivotal to the creation of the catalog.

Project Stakeholders

The project stakeholders are the senior executives who have a vested interest in the service catalog. IT must produce periodic and targeted communication to these stakeholders.

Increase your chances of success by creating a dynamic group of project participants

Your project team will be a major success factor for your service catalog. Involvement from IT management and the business is a must.

IT Team Member

IT Service Desk Manager

• The Service Desk team will be an integral part of the service catalog creation. Because of their client-facing work, service desk technicians can provide real feedback about how users view and request services.

Senior Manager/Director of Application

• The Application representative provides input on how applications are used by the business and supported by IT.

Senior Manager/Director of Infrastructure

• The infrastructure representative provides input on services regarding data storage, device management, security, etc.

Business Team Member

Business IT Liaison

• This role is responsible for bridging the communication between IT and the business. This role could be fulfilled by the business relationship manager, service delivery manager, or business analyst. It doesn’t have to be a dedicated role; it could be part of an existing role.

Business representatives from different LOBs

• Business users need to validate the service catalog design and ensure the service definitions are user facing and relevant.

Project Charter

Input your project team, their roles, and relevant contact information into your project charter, Section 2.

Identify the senior managers who are the stakeholders for the service catalog

Obtain explicit buy-in from both IT and business stakeholders.

The stakeholders could be your biggest champions for the service catalog initiative, or they could pull you back significantly. Engage the stakeholders at the start of the project and communicate the benefits of the service catalog to them to gain their approval.

Project Charter

Document a list of stakeholders, their involvement in the process (why they are stakeholders), and their contact information in Section 3.

Articulate the creation of the service catalog to the organization

Spread the word of service catalog implementation. Bring attention to your change message through effective mediums and organizational changes.

Key aspects of a communication plan

The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

In addition, it is important to know who will deliver the message (delivery strategy). Talking to the business leaders is very important, and you need IT executives to deliver the message. Work hard on obtaining their support as they are the ones communicating to their staff and could be your project champions.

Recommended organizational changes

The communication plan should consist of changes that will affect the way users interact with the catalog. Users should know of any meetings pertinent to the maintenance and improvement of the catalog, and ways to access the catalog (e.g. link on desktop/start menu).

The Qualities of Leadership: Leading Change

Project Charter

Your communication plan should serve as a rough guide. Communication happens in several unpredictable happenstances, but the overall message should be contained within.

Ensure you get the whole company on board for the service catalog with a well practiced change message

The success of your catalog implementation hinges on the business’ readiness.

One of the top challenges for organizations that are implementing a service catalog is the acceptance and adoption of the change. Effective planning for implementation and communication is pivotal. Ensure you create tailored plans for communication and understand how the change will impact staff.

1. Draft your change message

“Better Service, Better Value.” It is important to have two change messages prepared: one for the IT department and one for business users.
Outline a few of the key benefits each user group will gain from adopting the service catalog (e.g. Faster, ease of use, convenient, consistent…)

2. Address feedback

Anticipate some resistances of service catalog adoption and prepare responses. These may be the other benefits which were not included in the change message (e.g. IT may be reluctant to think in business language.)

3. Conduct training sessions

Host lunch & learns to demonstrate the value of the service catalog to both business and IT user groups.
These training sessions also serve as a great way to gather feedback from users regarding style and usability.

Project Charter

Pick your communication medium, and then identify your target audience. You should have a change message for each: the IT department and the business users. Pay careful consideration to wording and phrasing with regard for each.

Track metrics throughout the project to keep stakeholders informed

In order to measure the success of your service catalog, you must establish baseline metrics to determine how much value the catalog is creating for your business.

1. Number of service requests via the service catalog

The number of service catalog requests should be carefully monitored so that it does not fluctuate too greatly. In general, the number of requests via the service catalog should increase, which indicates a higher level of self-serve.

2. Number of inquiry calls to the service desk

The number of inquiry calls should decrease because customers are able to self-serve routine IT inquiries that would otherwise have gone through the service desk.

3. Customer satisfaction – specific questions

The organization could adopt the following sample survey questions:
From 0-5: How satisfied are you with the functionality of the service catalog? How often do you turn to the service catalog first to solve IT problems?

4. Number of non-standard requests

The number of non-standard requests should decrease because a majority of services should eventually be covered in the service catalog. Users should be able to solve nearly any IT related problem through navigating the service catalog.

Use metrics to monitor the monetary improvements the service catalog creates for the business

When measuring against your baseline, you should expect to see the following two monetary improvements:

1. Improved service desk efficiency

(# of routine inquiry calls reduced) x (average time for a call) x (average service desk wage)

Routine inquiries often take up a significant portion of the service desk’s effort, and the majority of them can be answered via the service catalog, thus reducing the amount of time required for a service desk employee to engage in routine solutions. The reduction in routine inquiries allows IT to allocate resources to high-value services and provide higher quality of support.

Example

Originally, the service desk of an organization answers 850 inquiries per month, and around 540 of them are routine inquiries requesting information on when a service is available, who they can contact if they want to receive a service, and what they need to do if they want access to a service, etc.

IT successfully communicated the introduction of the service catalog to the business and 3 months after the service catalog was implemented, the number of routine inquiries dropped to 60 per month. Given that the average time for IT to answer the inquiry is 10 minutes (0.167 hour) and the hourly wage of a service desk technician is $25, the monthly monetary cost saving of the service catalog is:

(540 – 60) x 0.167 x 25 = $2004.00

• Reduced expense by eliminating non-standard requests

(Average additional cost of non-standard request) x (Reduction of non-standard request)
+
(Extra time IT spends on non-standard request fulfilment) x (Average wage)

Non-standard requests require a lot of time, and often a lot of money. IT frequently incurs additional cost because the business is not aware of how to properly request service or support. Not only can the service catalog standardize and streamline the service request process, it can also help IT define its job boundary and say no to the business if needed.

Example

The IT department of an organization often finds itself dealing with last-minute, frustrating service requests from the business. For example, although equipment requests should be placed a week in advance, the business often requests equipment to be delivered the next day, leaving IT to pay for additional expedited shipping costs and/or working fanatically to allocate the equipment. Typically, these requests happen 4 times a month, with an additional cost of $200.00. IT staff work an extra 6 hours per each non-standard request at an hourly wage of $30.00.

With the service catalog, the users are now aware of the rules that are in place and can submit their request with more ease. IT can also refer the users to the service catalog when a non-standard request occurs, which helps IT to charge the cost to the department or not meet the terms of the business.

The monthly cost saving in this case is:

$200.00 x 4 + 6 hours x 30 = $980.00

Create your project charter for the service catalog initiative to get key stakeholders to buy in

1.1 2-3 hours

The project charter is an important document to govern your project process. Support from the project sponsors is important and must be documented. Complete the following steps working with Info-Tech’s sample Project Charter.

1. The project leader and the core project team must identify key reasons for creating a service catalog. Document the project objectives and benefits in the mission statement section.
2. Identify and document your project team. The team must include representatives from the Infrastructure, Applications, Service desk, and a Business-IT Liaison.
3. Identify and document your project stakeholders. The stakeholders are those who have interest in seeing the service catalog completed. Stakeholders for IT are the CIO and management of different IT practices. Stakeholders for the business are executives of different LOBs.
4. Identify your target audience and choose the communication medium most effective to reach them. Draft a communication message hitting all key elements.
   Info-Tech’s project charter contains sample change messages for the business and IT.
5. Develop a strategy as to how the change message will be distributed, i.e. the communication and organizational change plan.
6. Use the metrics identified as a base to measure your service catalog’s implementation. If you have identified any other objectives, add new metrics to monitor your progress from the baseline to reaching those objectives.
7. Sign and date the project charter to officiate commitment to completing the project and reaching your objectives. Have the signed and dated charter available to members of the project team.

INPUT

• A collaborative discussion between team members

OUTPUT

• Thorough briefing for project launch
• A committed team

Materials

• Communication message and plan
• Metric tracking

Participants

• Project leader
• Core project team

Obtain buy-in from business users at the beginning of the service catalog initiative

CASE STUDY A
Industry Government
Source Onsite engagement

Challenge

The nature of government IT is quite complex: there are several different agencies located in a number of different areas. It is extremely important to communicate the idea of the service catalog to all the users, no matter the agency or location.

The IT department had yet to let business leaders of the various agencies know about the initiative and garner their support for the project. This has proven to be prohibitive for gaining adoption from all users.

Solution

The IT leaders met and identified all the opportunities to communicate the service catalog to the business leaders and end users.

To meet with the business leaders, IT leaders hosted a service level meeting with the business directors and managers. They adopted a steering committee for the continuation of the project.

To communicate with business users, IT leaders published announcements on the intranet website before releasing the catalog there as well.

Results

Because IT communicated the initiative, support from business stakeholders was obtained early and business leaders were on board shortly after.

IT also managed to convince key business stakeholders to become project champions, and leveraged their network to communicate the initiative to their employees.

With this level of adoption, it meant that it was easier for IT to garner business participation in the project and to obtain feedback throughout.

Info-Tech assists project leader to garner support from the project team

CASE STUDY A
Industry Government
Source Onsite engagement

Challenge

The project received buy-in from the CIO and director of infrastructure. Together they assembled a team and project leader.

The two struggled to get buy-in from the rest of the team, however. They didn’t understand the catalog or its benefits and objectives. They were reluctant to change their old ways. They didn’t know how much work was required from them to accomplish the project.

Solution

With the Info-Tech analyst on site, the client was able to discuss the benefits within their team as well as the project team responsibilities.

The Info-Tech analyst convinced the group to move towards focusing on a business- and service-oriented mindset.

The workshop discussion was intended to get the entire team on board and engaged with meeting project objectives.

Results

The project team had experienced full buy-in after the workshop. The CIO and director relived their struggles of getting project members on-board through proper communication and engagement.

Engaging the members of the project team with the discussion was key to having them take ownership in accomplishing the project.

The business users understood that the service catalog was to benefit their long-term IT service development.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
1.1		Begin your project with a mission statement A strong mission statement that outlines the benefits of the project is needed to communicate the purpose of the project. The onsite Info-Tech analysts will help you customize the message and establish the foundation of the project charter.
1.2		Identify project team members Our onsite analysts will help you identify high-value team members to contribute to this project.
1.3		Identify important business and IT stakeholders Buy-in from senior IT and business management is a must. Info-Tech will help you identify the stakeholders and determine their level of influence and impact.
1.4		Create a change message for the business and IT It is important to communicate changes early and the message must be tailored for each target audience. Our analysts will help you create an effective message by articulating the benefits of the service catalog to the business and to IT.
1.5		Determine service project metrics To demonstrate the value of the service catalog, IT must come up with tangible metrics. Info-Tech’s analysts will provide some sample metrics as well as facilitate a discussion around which metrics should be tracked and monitored.

PHASE 2

Identify and Define Enterprise Services

Design & Build a User-Facing Service Catalog

Step 2 – Create Enterprise Services Definitions

1. Complete the Project Charter
2. Create Enterprise Services Definitions
3. Create Line of Business Services Definitions
4. Complete Service Definitions

This step will walk you through the following activities:

• Identify and define enterprise services that are commonly used across the organization.
• Create service descriptions and features to accurately sum up the functionality of each service.
• Create service categories and assign each service to a category.

Step Insights

• When defining services, be sure to carefully distinguish between what is a feature and what is a service. Often, separate services are defined in situations when they would be better off as features of existing services, and vice versa.
• When coming up with enterprise services categories, ensure the categories group the services in a way that is intuitive. The users should be able to find a service easily based on the names of the categories.

Phase 2 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Identify enterprise services in the organization apart from the services available to lines of business

Separating enterprise services from line of business services helps keep things simple to organize the service catalog. -

Documentation of all business-facing IT services is an intimidating task, and a lack of parameters around this process often leads to longer project times and unsatisfactory outcomes.

To streamline this process, separating enterprise services from line of business services allows IT to effectively and efficiently organize these services. This method increases the visibility of the service catalog through user-oriented communication plans.

Enterprise Services are common services that are used across the organization.

1. Common Services for all users within the organization (e.g. Email, Video Conferencing, Remote Access, Guest Wireless)
2. Service Requests organized into Service Offerings (e.g. Hardware Provisioning, Software Deployment, Hardware Repair, Equipment Loans)
3. Consulting Services (e.g. Project Management, Business Analysis, RFP Preparation, Contract Negotiation)

All user groups access Enterprise Services

Enterprise Services

• Finance
• IT
• Sales
• HR

Ensure your enterprise services are defined from the user perspective and are commonly used

If you are unsure whether a service is enterprise wide, ask yourself these two questions:

Leverage Info-Tech’s Sample Enterprise Services definition

2.1 Info-Tech’s Sample Enterprise Services definitions

Included with this blueprint is Info-Tech’s Sample Enterprise Services definitions.

The sample contains dozens of services common across most organizations; however, as a whole, they are not complete for every organization. They must be modified according to the business’ needs. Phase two will serve as a guide to identifying an enterprise service as well as how to fill out the necessary fields.

Info-Tech Insight

Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

The next slide will introduce you to the information for each service record that can be edited.

Info-Tech’s Sample Enterprise Services definitions is designed to be easily customized

2.1 Info-Tech’s Sample Enterprise Services definitions

Below is an example of a service record and its necessary fields of information. This is information that can be kept, deleted, or expanded upon.

Distinguish between a feature and a unique service

It can be difficult to determine what is considered a service itself, and what is a feature of another service. Use these tips and examples below to help you standardize this judgement.

Example 1

Web Conferencing has already been defined as a service. Is Audio Conferencing its own service or a feature of Web Conferencing?

Info-Tech Tip: Is Audio Conferencing run by the same application as the Web Conferencing? Does it use the same equipment? If not, Audio Conferencing is probably its own service.

Example 2

Web Conferencing has already been defined as a service. Is “Screen Sharing” its own service or a feature of Web Conferencing?

Info-Tech Tip: It depends on how the user interacts with Screen Sharing. Do they only screen share when engaged in a Web Conference? If so, Screen Sharing is a feature and not a service itself.

Example 3

VoIP is a popular alternative to landline telephone nowadays, but should it be part of the telephony service or a separate service?

Info-Tech Tip: It depends on how the VoIP phone is set up.

If the user uses the VoIP phone the same way they would use a landline phone – because the catalog is user facing – consider the VoIP as part of the telephone service.

If the user uses their computer application to call and receive calls, consider this a separate service on its own.

Info-Tech Insight

While there are some best practices for coming up with service definitions, it is not an exact science and you cannot accommodate everyone. When in doubt, think how most users would perceive the service.

Change or delete Info-Tech’s enterprise services definitions to make them your own

2.1 3 hours

You need to be as comprehensive as possible and try to capture the entire breadth of services IT provides to the business.

To achieve this, a three-step process is recommended.

1. First, assemble your project team. It is imperative to have representatives from the service desk. Host two separate workshops, one with the business and one with IT. These workshops should take the form of focus groups and should take no more than 1-2 hours.
2. Business Focus Group:

• In an open-forum setting, discuss what the business needs from IT to carry out their day-to-day activities.
• Engage user-group representatives and business relationship managers.

IT Focus Group:

• In a similar open-forum setting, determine what IT delivers to the business. Don’t think about it from a support perspective, but from an “ask” perspective – e.g. “Service Requests.”
• Engage the following individuals: team leads, managers, directors.

INPUT

• Modify Info-Tech’s sample services

OUTPUT

• A list of some of your business’ enterprise services

Materials

• Whiteboard/marker
• Info-Tech sample enterprise services

Participants

• Key members of the project team
• Service desk rep
• Business rep

Using Info-Tech’s Sample Enterprise Services, expand upon the services to add those that we did not include

2.2 1-3 hours (depending on size and complexity of the IT department)

Have your user hat on when documenting service features and descriptions. Try to imagine how the users interact with each service.

1. Once you have your service name, start with the service feature. This field lists all the functionality the service provides. Think from the user’s perspective and document the IT-related activities they need to complete.
2. Review the service feature fields with internal IT first to make sure there isn’t any information that IT doesn’t want to publish. Afterwards, review with business users to ensure the language is easy to understand and the features are relatable.
3. Lastly, create a high-level service description that defines the nature of the service in one or two sentences.

INPUT

• Collaborate and discuss to expand on Info-Tech’s example

OUTPUT

• A complete list of your business’ enterprise services

Materials

• Whiteboard/marker
• Info-Tech sample enterprise services

Participants

• Key members of the project team
• Service desk rep
• Business rep

Follow Info-Tech’s guidelines to establish categories for the enterprise services that IT provides to the business

Similar to the services and their features, there is no right or wrong way to categorize. The best approach is to do what makes sense for your organization and understand what your users think.

What are Service Categories?

Categories organize services into logical groups that the users can identify with. Services with similar functions are grouped together in a common category.

When deciding your categories, think about:

• What is best for the users?
• Look at the workflows from the user perspective: how and why do they use the service?
• Will the user connect with the category name?
• Will they think about the services within the category?

Sample categories

Categorize the services from the list below; how would you think to group them?

There is no right or wrong way to categorize services; it is subjective to how they are provided by IT and how they are used by the business. Use the aforementioned categories to group the following services. Sample solutions are provided on the following slide.

Tips and tricks:

1. Think about the technology behind the service. Is it the same application that provides the services? For example: is instant messaging run by the same application as email?
2. Consider how the service is used by the business. Are two services always used together? If instant messaging is always used during video conferencing, then they belong in the same category.
3. Consider the purpose of the services. Do they achieve the same outcomes? For example, document sharing is different from video conferencing, though they both support a collaborative working environment.

This is a sample of different categorizations – use these examples to think about which would better suit your business

Info-Tech Insight

Services can have multiple categories only if it means the users will be better off. Try to limit this as much as possible.

Neither of these two examples are the correct answer, and no such thing exists. The answers you came up with may well be better suited for the users in your business.

With key members of your project team, categorize the list of enterprise services you have created

2.3 1 hour

Before you start, you must have a modified list of all defined enterprise services and a modified list of categories.

1. Write down the service names on sticky notes and write down the categories either on the whiteboard or on the flipchart.
2. Assign the service to a category one at a time. For each service, obtain consensus on how the users would view the service and which category would be the most logical choice. In some cases, discuss whether a service should be included in two categories to create better searchability for the users.
3. If a consensus could not be reached on how to categorize a service, review the service features and category name. In some cases, you may go back and change the features or modify or create new categories if needed.

INPUT

• Collaborate and discuss to expand on Info-Tech’s example

OUTPUT

• A complete list of your business’ enterprise services

Materials

• Whiteboard/marker
• Info-Tech sample enterprise services

Participants

• Key members of the project team
• Service desk rep
• Business rep

Accounts & Access Services

• User ID & Access
• Remote Access
• Business Applications Access

Communication Services

• Telephone
• Email
• Mobile devices

Files & Documents

• Shared Folders
• File Storage
• File Restoration
• File Archiving

Collaboration

• Web Conferencing
• Audio Conferencing
• Video Conferencing
• Chat
• Document Sharing

Employee Services

• Onboarding & Off Boarding
• Benefits Self Service
• Time and Attendance
• Employee Records Management

Help & Support

• Service Desk
• Desk Side Support
• After Hours Support

Desktop, Equipment, & Software

• Printing
• Hardware Provisioning
• Software Provisioning
• Software Support
• Device Move
• Equipment Loaner

Education & Training Services

• Desktop Application Training
• Corporate Application Training
• Clinical Application Training
• IT Training Consultation

Connectivity

• BYOD (wireless access)
• Internet
• Guest Wi-Fi

IT Consulting Services

• Project Management
• Analysis
• RFP Reviews
• Solution Development
• Business Analysis/Requirements Gathering
• RFI/RFP Evaluation
• Security Consulting & Assessment
• Contract Management
• Contract Negotiation

IT department identifies a comprehensive list of enterprise services

CASE STUDY A
Industry Government
Source Onsite engagement

Challenge

Because of the breadth of services IT provides across several agencies, it was challenging to identify what was considered enterprise beyond just the basic ones (email, internet, etc.)

IT recognized that although the specific tasks of service could be different, there are many services that are offered universally across the organization and streamlining the service request and delivery process would reduce the burden on IT.

Solution

The client began with services that users interact with on a daily basis; this includes email, wireless, telephone, internet, printing, etc.

Then, they focused on common service requests from the users, such as software and hardware provisioning, as well as remote access.

Lastly, they began to think of other IT services that are provided across the organization, such as RFP/RFI support, project management analysis, employee onboarding/off-boarding, etc.

Results

By going through the lists and enterprise categories, the government was able to come up with a comprehensive list of all services IT provides to the business.

Classifying services such as onboarding meant that IT could now standardize IT services for new recruits and employee termination.

By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

Organization distinguishes features from services using Info-Tech’s tips and techniques

CASE STUDY B
Industry Government
Source Onsite engagement

Challenge

For some services, the project team had difficulty deciding on what was a service and what was a feature. They found it hard to distinguish between a service with features or multiple services.

For example, the client struggled to define the Wi-Fi services because they had many different user groups and different processes to obtain the service. Patients, visitors, doctors, researchers, and corporate employees all use Wi-Fi, but the service features for each user group were different.

Solution

The Info-Tech analyst came on-site and engaged the project team in a discussion around how the users would view the services.

The analyst also provided tips and techniques on identifying services and their features.

Because patients and visitors do not access Wi-Fi or receive support for the service in the same way as clinical or corporate employees, Wi-Fi was separated into two services (one for each user group).

Results

Using the tips and techniques that were provided during the onsite engagement, the project team was able to have a high degree of clarity on how to define the services by articulating who the authorized users are, and how to access the process.

This allowed the group to focus on the users’ perspective and create clear, unambiguous service features so that users could clearly understand eligibility requirements for the service and how to request them.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
2.1		Understand what enterprise services are The project team must have a clear understanding of what qualifies as an enterprise service. The onsite analysts will also promote a user-oriented mindset so the catalog focuses on business needs.
2.2		Identify enterprise services The Info-Tech analysts will provide a list of ready-to-use services and will work with the project team to change, add, and delete service definitions and to customize the service features.
2.3		Identify categories for enterprise services The Info-Tech analyst will again emphasize the importance of being service-oriented rather than IT-oriented. This will allow the group to come up with categories that are intuitive to the users.

PHASE 3

Identify and Define Line of Business Services

Design & Build a User-Facing Service Catalog

Step 3 – Create Line of Business Services Definitions

1. Complete the Project Charter
2. Create Enterprise Services Definitions
3. Create Line of Business Services Definitions
4. Complete Service Definitions

This step will walk you through the following activities:

• Identify lines of business (LOB) within the organization as well as the user groups within the different LOBs.
• Determine which one of Info-Tech’s two approaches is more suitable for your IT organization.
• Define and document LOB services using the appropriate approach.
• Categorize the LOB services based on the organization’s functional structure.

Step Insights

• Collaboration with the business significantly strengthens the quality of line of business service definitions. A significant amount of user input is crucial to create impactful and effective service definitions.
• If a strong relationship with the business is not in place, IT can look at business applications and the business activities they support in order to understand how to define line of business services.

Phase 3 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Communicate with your business users to get a clear picture of each line of business

Within a business unit, there are user groups that use unique applications and IT services to perform business activities. IT must understand which group is consuming each service to document to their needs and requirements. Only then is it logical to group services into lines of business.

Covering every LOB service is a difficult task. Info-Tech offers two approaches to identifying LOB services, though we recommend working alongside business user groups to have input on how each service is used directly from the users. Doing so makes the job of completing the service catalog easier, and the product more detailed and user friendly.

Some helpful questions to keep in mind when characterizing user groups:

• Where do they fall on the organizational chart?
• What kind of work do they do?
• What is included in their job description?
• What are tasks that they do in addition to their formal responsibilities?
• What do they need from IT to do their day-to-day tasks?
• What does their work day look like?
• When, why, and how do they use IT services?

Info-Tech Insight

With business user input, you can answer questions as specific as “What requirements are necessary for IT to deliver value to each line of business?” and “What does each LOB need in order to run their operation?”

Understand when it is best to use one of Info-Tech’s two approaches to defining LOB services

1. Business View

Business View is the preferred method for IT departments with a better understanding of business operations. This is because they can begin with input from the user, enabling them to more successfully define every service for each user group and LOB.

In addition, IT will also have a chance to work together with the business and this will improve the level of collaboration and communication. However, in order to follow this methodology, IT needs to have a pre-established relationship with the business and can demonstrate their knowledge of business applications.

2. IT View

The IT view begins with considering each business application used within the organization’s lines of business. Start with a broad view, following with a process of narrowing down, and then iterate for each business application.

This process leads to each unique service performed by every application within the business’ LOBs.

The IT view does not necessarily require a substantial amount of information about the business procedures. IT staff are capable of deducing what business users often require to maintain their applications’ functionality.

Use one of Info-Tech’s two methodologies to help you identify each LOB service

Choose the methodology that fits your IT organization’s knowledge of the business.

1. Business View

If you do have knowledge of business operations, using the business view is the better option and the service definition will be more relatable to the users.

2. IT View

For organizations that don’t have established relationships with the business or detailed knowledge of business activities, IT can decompose the application into services. They have more familiarity and comfort with the business applications than with business activities.

It is important to continue after the service is identified because it helps confirm and solidify the names and features. Determining the business activity and the user groups can help you become more user-oriented.

Identifying LOB services using Info-Tech’s Business View method

We will illustrate the two methodologies with the same example.

If you have established an ongoing relationship with the business and you are familiar with their business operations, starting with the LOB and user groups will ensure you cover all the services IT provides to the business and create more relatable service names.

Identifying LOB services using Info-Tech’s IT View method

If you want to understand what services IT provides to the Sales functional group, and you don’t have comprehensive knowledge of the department, you need to start with the IT perspective.

Info-Tech Insight

If you are concerned about the fact that people always associate a service with an application, you can include the application in the service name or description so users can find the service through a search function.

Group LOB services into functional groups as you did enterprise services into categories

3.1 Sample Line of Business Services Definitions – Functional Groups & Industry Examples

Like categories for enterprise services in Phase Two, LOB services are grouped into functional groups. Functional groups are the components of an organizational chart (HR, Finance, etc.) that are found in a company’s structure.

Functional Groups

Functional groups enable a clear view for business users of what services they need, while omitting services that do not apply to them. This does not overwhelm them, and provides them with only relevant information.

Industry Services

To be clear, industry services can be put into functional groups.

Info-Tech provides a few sample industry services (without their functional group) to give an idea of what LOB service is specific to these industries. Try to extrapolate from these examples to create LOB services for your business.

Use Info-Tech’s Sample LOB Services – Functional Group and Sample LOB Services – Industry Specific documents.

Info-Tech Insight

Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

Identify the user group and business activity within each line of business – Business view

3.1 30-45 minutes per line of business

Only perform this activity if you have a relationship with the business that can enable you to generate business input on service identifications and definitions.

In a group of your project participants, repeat the sequence for each LOB.

1. Brainstorm each user group within the LOB that is creating value for the business by performing functional activities.
2. Think of what each individual end user must do to create their value. Think of the bigger picture rather than specifics at this point. For example, sales representatives must communicate with clients to create value.
3. Now that you have each user group and the activities they perform, consider the specifics of how they go about doing that activity. Consider each application they use and how much they use that application. Think of any and all IT services that could occur as a result of that application usage.

INPUT

• A collaborative discussion (with a business relationship)

OUTPUT

• LOB services defined from the business perspective

Materials

• Sticky notes
• Whiteboard/marker

Participants

• Members of the project team
• Representatives from the LOBs

Identify the user group and business activity within each line of business – IT view

3.1 30-45 minutes per application

Only perform this activity if you cannot generate business input through your relationships, and must begin service definitions with business applications.

In a group of your project participants, repeat the sequence for each application.

1. Brainstorm all applications that the business provides through IT. Cross out the ones that provide enterprise services.
2. In broad terms, think about what the application is accomplishing to create value for the business from IT’s perspective. What are the modules? Is it recording interactions with the clients? Each software can have multiple functionalities.
3. Narrow down each functionality performed by the application and think about how IT helps deliver that value. Create a name for the service that the users can relate to and understand.

→ Optional

4. Now go beyond the service and think about the business activities. They are always similar to IT’s application functionality, but from the user perspective. How would the user think about what the application’s functionality to accomplish that particular service is? At this point, focus on the service, not the application.
5. Determine the user groups for each service. This step will help you complete the service record design in phase 4. Keep in mind that multiple user groups may access one service.

INPUT

• A collaborative discussion (without a business relationship)

OUTPUT

• LOB services defined from the IT perspective

Materials

• Sticky notes
• Whiteboard/marker

Participants

• Members of the project team

You must review your LOB service definitions with the business before deployment

Coming up with LOB service definitions is challenging for IT because it requires comprehension of all lines of business within the organization as well as direct interaction with the business users.

After completing the LOB service definitions, IT must talk to the business to ensure all the user groups and business activities are covered and all the features are accurate.

Here are some tips to reviewing your LOB Service Catalog generated content:

• If you plan to talk to a business SME, plan ahead to help complete the project in time for rollout.
• Include a business relationship manager on the project team to facilitate discussion if you do not have an established relationship with the business.

Sample Meeting Agenda

Go through the service in batches. Present 5-10 related services to the business first. Start with the service name and then focus on the features.

In the meeting, discuss whether the service features accurately sum up the business activities, or if there are missing key activities. Also discuss whether certain services should be split up into multiple services or combined into one.

Organization identifies LOB services using Info-Tech’s methodologies

CASE STUDY A
Industry Government
Source Onsite engagement

Challenge

There were many users from different LOBs, and IT provided multiple services to all of them. Tracking them and who had access to what was difficult.

IT didn’t understand who provided the services (service owner) and who the customers were (business owner) for some of the services.

Solution

After identifying the different Lines of Business, they followed the first approach (Business View) for those that IT had sufficient knowledge of in terms of business operations:

1. Identified lines of business
2. Identified user groups
3. Identified business activities

For the LOBs they weren’t familiar with, they used the IT view method, beginning with the application:

1. Identified business apps
2. Deduced the functionalities of each application
3. Traced the application back to the service and identified the service owner and business owner

Results

Through these two methodologies, IT was able to define services according to how the users both perceive and utilize them.

IT was able to capture all the services it provides to each line of business effectively without too much help from the business representatives.

By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.

Info-Tech helps organization to identify LOB services using the IT View

CASE STUDY B
Industry Healthcare
Source Onsite engagement

Challenge
The organization uses a major application containing several modules used by different users for various business activities.

The challenge was to break down the application into multiple services in a way that makes sense to the business users. Users should be able to find services specific to them easily.

Therefore, the project team must understand how to map the modules to different services and user groups.

Solution
The project team identified the major lines of business and took various user groups such as nurses and doctors, figured out their daily tasks that require IT services, and mapped each user-facing service to the functionality of the application.

The project team then went back to the application to ensure all the modules and functionalities within the application were accounted for. This helped to ensure that services for all user groups were covered and prepared to be released in the catalog.

Results
Once the project team had come up with a comprehensive list of services for each line of business, they were able to sit with the business and review the services.

IT was also able to use this opportunity to demonstrate all the services it provides. Having all the LOB services demonstrates IT has done its preparation and can show the value they help create for the business in a language the users can understand. The end result was a strengthened relationship between the business and the IT department.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
3.1		Understand what Line of Business services are The onsite analysts will provide a clear distinction between enterprise services and LOB services. The analysts will also articulate the importance of validating LOB services with the business.
3.2		Identify LOB services using the business’ view There are two methods for coming up with LOB services. If IT has comprehensive knowledge of the business, they can identify the services by outlining the user groups and their business activities.
3.3		Identify LOB services using IT’s view If IT does not understand the business and cannot obtain business input, Info-Tech’s analysts will present the second method, which allows IT to identify services with more comfortability through business applications/systems.
3.4		Categorize the LOB services into functional groups The analysts will help the project team categorize the LOB services based on user groups or functional departments.

PHASE 4

Complete Service Definitions

Design & Build a User-Facing Service Catalog

Step 4: Complete service definitions and service record design

1. Complete the Project Charter
2. Create Enterprise Services Definitions
3. Create Line of Business Services Definitions
4. Complete Service Definitions

This step will walk you through the following activities:

• Select which fields of information you would like to include in your service catalog design.
• Determine which fields should be kept internal for IT use only.
• Complete the service record design with business input if possible.

Step Insights

• Don’t overcomplicate the service record design. Only include the pieces of information the users really need to see.
• Don’t publish anything that you don’t want to be held accountable for. If you are not ready, keep the metrics and costs internal.
• It is crucial to designate a facilitator and a decision maker so confusions and disagreements regarding service definitions can be resolved efficiently.

Phase 3 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Utilize Info-Tech’s Services Definition Chart to map out your final service catalog design

Info-Tech’s Sample Services Definition Chart

Info-Tech has provided a sample Services Definition Chart with standard service definitions and pre-populated fields. It is up to you throughout this step to decide which fields are necessary to your business users, as well as how much detail you wish to include in each of them.

Info-Tech Insight

Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.

Tips and techniques for service record design

The majority of the fields in the service catalog are user facing, which means they must be written in business language that the users can understand.

If there is any confusion or disagreement in filling out the fields, a facilitator is required to lead the working groups in coming up with a definitive answer. If a decision is still not reached, it should be escalated to the decision maker (usually the service owner).

IT-Facing Fields

There are IT facing fields that should not be published to the business users – they are for the benefit of IT. For example, you may want to keep Performance Metrics internal to IT until you are ready to discuss it with the business.

If the organization is interested in creating a Technical Service Catalog following this initiative, these fields will provide a helpful starting place for IT to identify the people, process, and technology required to support user-facing services.

Info-Tech Insight

It is important for IT-facing fields to be kept internal. If business users are having trouble with a service and the service owner’s name is available to them, they will phone them for support even if they are not the support owner.

Design your service catalog with business input: have the user in mind

When completing the service record, adopt the principle that “Less is More.” Keep it simple and write the service description from the user’s perspective, without IT language. From the list below, pick which fields of information are important to your business users.

What do the users need to access the service quickly and with minimal assistance?

Identify service overview

“What information must I have in each service record? What are the fundamentals required to define a service?”

Necessary Fields – Service Description:

• Service name → a title for the service that gives a hint of its purpose.
• Service description → what the service does and expected outcomes.
• Service features → describe functionality of the service.
• Service category → an intuitive way to group the service.
• Support services → applications/systems required to support the service.

Description: Delivers electronic messages to and from employees.

Features:

• Desk phone
• Teleconference phones (meeting rooms)
• Voicemail
• Recover deleted voicemails
• Team line: call rings multiple phones/according to call tree
• Employee directory
• Caller ID, Conference calling

Category: Communications

Identify owners

Who is responsible for the delivery of the service and what are their roles?

Service Owner and Business Owner

Service owner → the IT member who is responsible and accountable for the delivery of the service.

Business owner → the business partner of the service owner who ensures the provided service meets business needs.

Example: Time Entry

Service Owner: Manager of Business Solutions

Business Owner: VP of Human Resources

Info-Tech Insight

For enterprise services that are used by almost everyone in the organization, the business owner is the CIO.

Identify access policies and procedures

“Who is authorized to access this service? How do they access it?”

Access Policies & Procedures

Authorized users → who can access the service.

Request process → how to request access to the service.

Approval requirement/process → what the user needs to have in place before accessing the service.

Example: Guest Wi-Fi

Authorized Users: All people on site not working for the company

Request Process: Self-Service through website for external visitors

Approval Requirement/Process: N/A

Info-Tech Insight

Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

Identify access policies and procedures

“Who is authorized to access this service? How do they access it?”

Access Policies & Procedures

Requirements & pre-requisites → details of what must happen before a service can be provided.

Turnaround time → how much time it will take to grant access to the service.

User responsibility → What the user is expected to do to acquire the service.

Example: Guest Wi-Fi

Requirements & Pre-requisites: Disclaimer of non-liability and acceptance

Turnaround time: Immediate

User Responsibility: Adhering to policies outlined in the disclaimer

Info-Tech Insight

Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.

Identify availability and service levels

“When is this service available to users? What service levels can the user expect?”

Availability & Service Levels

Support hours → what days/times is this service available to users?

Hours of availability/planned downtime → is there scheduled downtime for maintenance?

Performance metrics → what level of performance can the user expect for this service?

Example: Software Provisioning

Support Hours: Standard business hours

Hours of Availability/Planned Downtime: Standard business hours; can be agreed to work beyond operating hours either earlier or later

Performance Metrics: N/A

Info-Tech Insight

Manage user expectations by clearly documenting and communicating service levels.

Identify support policies and procedures

“How do I obtain support for this service?”

Support Policies & Procedures

Support process → what is the process for obtaining support for this service?

Support owner → who can users contact for escalations regarding this service?

Support documentation → where can users find support documentation for this service?

Example: Shared Folders

Support Process: Contact help desk or submit a ticket via portal

Support Owner: Manager, client support

Support Documentation: .pdf of how-to guide

Info-Tech Insight

Clearly documenting support procedures enables users to get the help they need faster and more efficiently.

Identify service costs and approvals

“Is there a cost for this service? If so, how much and who is expensing it?”

Costs

Internal Cost → do we know the total cost of the service?

Customer Cost → a lot of services are provided without charge to the business; however, certain service requests will be charged to a department’s budget.

Example: Hardware Provisioning

Internal Cost: For purposes of audit, new laptops will be expensed to IT.

Customer Cost: Cost to rush order 10 new laptops with retina displays for the graphics team. Charged for extra shipment cost, not for cost of laptop.

Info-Tech Insight

Set user expectations by clearly documenting costs associated with a service and how to obtain approval for these costs if required.

Complete the service record design fields for every service

4.1 3 Hours

This is the final activity to completing the service record design. It has been a long journey to make it here; now, all that is left is completing the fields and transferring information from previous activities.

1. Organize the services however you think is most appropriate. A common method of organization is alphabetically by enterprise category, and then each LOB functional group.
2. Determine which fields you would like to keep or edit to be part of your design. Also add any other fields you can think of which will add value to the user or IT. Remember to keep them IT facing if necessary.
3. Complete the fields for each service one by one. Keep in mind that for some services, a field or two may not apply to the nature of that service and may be left blank or filled with a null value (e.g. N/A).

INPUT

• A collaborative discussion

OUTPUT

• Completed service record design ready for a catalog

Materials

• Info-Tech sample service record design.

Participants

• Project stakeholders, business representatives

Info-Tech Insight

Don’t forget to delete or bring over the edited LOB and Enterprise services from the phase 2 and 3 deliverables.

Complete the service definitions and get them ready for publication

Now that you have completed the first run of service definitions, you can go back and complete the rest of the identified services in batches. You should observe increased efficiency and effectiveness in filling out the service definitions.

This blueprint’s purpose is to help you design a service catalog. There are a number of different platforms to build the catalog offered by application vendors. The sophistication of the catalog depends on the size of your business. It may be as simple as an Excel book, or something as complex as a website integrated with your service desk.

Determine how you want to publish the service catalog

There are various levels of maturity to consider when you are thinking about how to deploy your service catalog.

Organization uses the service catalog to outline IT’s and users’ responsibilities

CASE STUDY A
Industry Government
Source Onsite engagement

Challenge

The client had collected a lot of good information, but they were not sure about what to include to ensure the users could understand the service clearly.

They were also not sure what to keep internal so the service catalog did not increase IT’s workload. They want to help the business, but not appear as if they are capable of solving everything for everyone immediately. There was a fear of over-commitment.

Solution

The government created a Customer Responsibility field for each service, so it was not just IT who was providing solutions. Business users needed to understand what they had to do to receive some services.

The Service Owner and Business Owner fields were also kept internal so users would go through the proper request channel instead of calling Service Owners directly.

Lastly, the Performance Metrics field was kept internal until IT was ready to present service metrics to the business.

Results

The business was provided clarity on their responsibility and what was duly owed to them by IT staff. This established clear boundaries on what was to be expected of IT services projected into the future.

The business users knew what to do and how to obtain the services provided to them. In the meantime, they didn’t feel overwhelmed by the amount of information provided by the service catalog.

Organization leverages the service catalog as a tool to define IT workflows and business processes

CASE STUDY B
Industry Healthcare
Source Onsite engagement

Challenge

There is a lack of clarity and a lack of agreement between the client’s team members regarding the request/approval processes for certain services. This was an indication that there is a level of ambiguity around process. Members were not sure what was the proper way to access a service and could not come up with what to include in the catalog.

Different people from different teams had different ways of accessing services. This could be true for both enterprise and LOB services.

Solution

The Info-Tech analyst facilitated a discussion about workflows and business processes.

In particular, the discussion focused around the approval/authorization process, and IT’s workflows required to deliver the service. The Info-Tech analyst on site walked the client through their different processes to determine which one should be included in the catalog.

Results

The discussion brought clarity to the project team around both IT and business process. Using this new information, IT was able to communicate to the business better, and create consistency for IT and the users of the catalog.

The catalog design was a shared space where IT and business users could confer what the due process and responsibilities were from both sides. This increased accountability for both parties.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
4.1		Determine which fields should be included in the record design The analysts will present the sample service definitions record and facilitate a discussion to customize the service record so unique business needs are captured.
4.2		Determine which fields should be kept internal The onsite analysts will explain why certain fields are used but not published. The analysts will help the team determine which fields should be kept internal.
4.3		Complete the service definitions The Info-Tech analysts will help the group complete the full service definitions. This exercise will also provide the organization with a clear understanding of IT workflows and business processes.

Summary of accomplishment

Knowledge Gained

• Understanding why it is important to identify and define services from the user’s perspective.
• Understand the differences between enterprise services and line of business services.
• Distinguish service features from services.
• Involve the business users to define LOB services using either IT’s view or LOB’s view.

Processes Optimized

• Enterprise services identification and documentation.
• Line of business services identification and documentation.

Deliverables Completed

• Service catalog project charter
• Enterprise services definitions
• Line of business service definitions – functional groups
• Line of business service definitions – industry specific
• Service definition chart

Project step summary

Client Project: Design and Build a User-Facing Service Catalog

1. Launch the Project – Maximize project success by assembling a well-rounded team and managing all important stakeholders.
2. Identify Enterprise Services – Identify services that are used commonly across the organization and categorize them in a user-friendly way.
3. Identify Line of Business Services – Identify services that are specific to each line of business using one of two Info-Tech methodologies.
4. Complete the Service Definitions – Determine what should be presented to the users and complete the service definitions for all identified services.

Info-Tech Insight

This project has the ability to fit the following formats:

• Onsite workshop by Info-Tech Research Group consulting analysts.
• Do-it-yourself with your team.
• Remote delivery (Info-Tech Guided Implementation).

Related Info-Tech research

Establish a Service-Based Costing Model

Develop the right level of service-based costing capability by applying our methodology.

Transform Your Field Technical Support Services

Improve service and reduce costs through digital transformation.

Analyst Perspective

Improve staffing challenges through digital transformation.

Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

Sandi Conrad

Principal Research Director

Infrastructure & Operations Practice

Info-Tech Research Group

Executive Summary

Your Challenge

With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

Common Obstacles

Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

Info-Tech’s Approach

• Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
• Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
• Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

Info-Tech Insight

Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

Your challenge

This research is designed to help organizations who are looking to:

• Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
• Redefine the role of onsite technicians when the help desk is outsourced.
• Define requirements when supplementing with outsourced field services teams.
• Identify barriers to streamlining processes.
• Look for opportunities to streamline processes and better use technical teams.
• Communicate and manage change to support roles.

With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

What is field services?

Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

What challenges are you trying to solve within your field services offering?

Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

• Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
• Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
• What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
• Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
• Has the support value been defined?

Field services will see the biggest improvements through technology updates

Customer Intake Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.		Triage and Troubleshoot Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.
Improve Communications FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.		Schedule Technicians Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.
Enable Work From Anywhere FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.		Manage Expectations Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

Digital transformation can dramatically improve customer and technician experience

Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

Improve technician utilization and scheduling with field services management software

Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

Improve time to resolve while cutting costs by using visual remote support tools

Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

Enterprise Network Design Considerations

It is not just about connectivity.

Executive Summary

Info-Tech Insight

Connectivity and security are tightly coupled

Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

Many services are no longer within the network

The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

Users are demanding an anywhere, any device access model

Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

Enterprise networks are changing

The new network reality

The enterprise network of 2020 and beyond is changing:

• Services are becoming more distributed.
• The number of services provided “off network” is growing.
• Users are more often remote.
• Security threats are rapidly escalating.

The above statements are all accurate for enterprise networks, though each potentially to differing levels depending on the business being supported by the network. Depending on how affected the network in question currently is and will be in the near future, there are different common network archetypes that are best able to address these concerns while delivering business value at an appropriate price point.

High-Level Design Considerations

1. Understand Business Needs

Understand what the business needs are and where users and resources are located.

2. Define Your Trust Model

Trust is a spectrum and tied tightly to security.

3. Align With an Archetype

How will the network be deployed?

4. Understand Available Tooling

What tools are in the market to help achieve design principles?

Understand business needs

Mission

Never ignore the basics. Start with revisiting the mission and vision of the business to address relevant needs.

Users

Identify where users will be accessing services from. Remote vs. “on net” is a design consideration now more than ever.

Resources

Identify required resources and their locations, on net vs. cloud.

Controls

Identify required controls in order to define control points and solutions.

Define a trust model

Trust is a spectrum

• There is a spectrum of trust, from fully trusted to not trusted at all. Each organization must decide for their network (or each area thereof) the appropriate level of trust to assign.
• The ease of network design and deployment is directly proportional to the trust spectrum.
• When resources and users are outside of direct IT control, the level of appropriate trust should be examined closely.

Implicit

Trust everything within the network. Security is perimeter based and designed to stop external actors from entering the large trusted zone.

Controlled

Multiple zones of trust within the network. Segmentation is a standard practice to separate areas of higher and lower trust.

Zero

Verify trust. The network is set up to recognize and support the principle of least privilege where only required access is supported.

Align with an archetype

Archetypes are a good guide

• Using a defined archetype as a guiding principle in network design can help clarify appropriate tools or network structures.
• Different aspects of a network can have different archetypes where appropriate (e.g. IT vs. OT [operational technology] networks).

Traditional

Services are provided from within the traditional network boundaries and security is provided at the network edge.

Hybrid

Services are provided both externally and from within the traditional network boundaries, and security is primarily at the network edge.

Inverted

Services are provided primarily externally, and security is cloud centric.

Traditional networks

Resources within network boundaries

Moat and castle security perimeter

Abstract

A traditional network is one in which there are clear boundaries defined by a security perimeter. Trust can be applied within the network boundaries as appropriate, and traffic is generally routed through internally deployed control points that may be centralized. Traditional networks commonly include large firewalls and other “big iron” security and control devices.

Network Design Tenets

• The full network path from resource to user is designed, deployed, and controlled by IT.
• Users external to the network must first connect to the network to gain access to resources.
• Security, risk, and trust controls will be implemented by internal enterprise hardware/software devices.

Control

In the traditional network, it is assumed that all required control points can be adequately deployed across hardware/software that is “on prem” and under the control of central IT.

Info-Tech Insight

With increased cloud services provided to end users, this network is now more commonly used in data centers or OT networks.

Traditional networks

Defining Characteristics

• Traffic flows in a defined path under the control of IT to and from central IT resources.
• Due to visibility into, and the control of, the traffic between the end user and resources, IT can relatively simply implement the required security controls on owned hardware.

Common Components

• Traditional offices
• Remote users/road warriors
• Private data center/colocation space

Hybrid networks

Resources internal and external to network

Network security perimeter combined with cloud protection

Abstract

A hybrid network is one that combines elements of a traditional network with cloud resources. As some of these resources are not fully under the control of IT and may be completely “offnet” or loosely coupled to the on-premises network, the security boundaries and control points are less likely to be centralized. Hybrid networks allow the flexibility and speed of cloud deployment without leaving behind traditional network constructs. This generally makes them expensive to secure and maintain.

Network Design Tenets

• The network path from resource to user may not be in IT’s locus of control.
• Users external to the network must first connect to the network to gain access to internal resources but may directly access publicly hosted ones.
• Security, risk, and trust controls may potentially be implemented by a mixture of internal enterprise hardware/software devices and external control points.

Control

The hallmark of a hybrid network is the blending of public and private resources. This blending tends to necessitate both public and private points of control that may not be homogenous.

Info-Tech Insight

With multiple control points to address, take care in simplifying designs while addressing all concerns to ease operational load.

Hybrid networks

Defining Characteristics

• Traffic flows to central resources across a defined path under the control of IT.
• Traffic to cloud assets may be partially under the control of IT.
• For central resources, the traffic to and from the end user can have the required security controls relatively simply implemented on owned hardware.
• For public cloud assets, IT may or may not have some control over part of the path.

Common Components

• Traditional offices
• Remote users/road warriors
• Private data center/colocation space
• Public cloud assets (IaaS/PaaS/SaaS)

Inverted perimeter

Resources primarily external to the network

Security control points are cloud centric

Abstract

An inverted perimeter network is one in which security and control points cover the entire workflow, on or off net, from the consumer of services through to the services themselves with zero trust. Since the control plane is designed to encompass the workflow in a secure manner, much of the underlying connectivity can be abstracted. In an extreme version of this deployment, IT would abstract end-user access, and any cloud-based or on-premises resources would be securely published through the control plane with context-aware precision access.

Network Design Tenets

• The network path from resource to user is abstracted and controlled by IT through services like secure access service edge (SASE).
• Users only need internet access and appropriate credentials to gain access to resources.
• Security, risk, and trust controls will be implemented through external cloud based services.

Control

An inverted network abstracts the lower-layer connectivity away and focuses on implementing a cloud-based zero trust control plane.

Info-Tech Insight

This model is extremely attractive for organizations that consume primarily cloud services and have a large remote work force.

Inverted networks

Defining Characteristics

• The end user does not have to be in a defined location.
• All central resources that are to be accessed are hosted on cloud resources.
• IT has little to no control of the path between the end user and central resources.

Common Components

• Traditional offices
• Regent offices/shared workspaces
• Remote users/road warriors
• Public cloud assets (IaaS/PaaS/SaaS)

Understand available tooling

Don’t buy a hammer and go looking for nails

• A network archetype must be defined in order to understand what tools (hardware or software) are appropriate for consideration in a network build or refresh.
• Tools are purpose built and generally designed to solve specific problems if implemented and operated correctly. Choose the tools to align with the challenges that you are solving as opposed to choosing tools and then trying to use those purchases to overcome challenges.
• The purchase of a tool does not allow for abdication of proper design. Tools must be chosen appropriately and integrated properly to orchestrate the best solutions. Purchasing a tool and expecting the tool to solve all your issues rarely succeeds.

“It is essential to have good tools, but it is also essential that the tools should be used in the right way.” — Wallace D. Wattles

Software-defined WAN (SD-WAN)

Simplified branch office connectivity

Archetype Value: Traditional Networks

What It Is Not

SD-WAN is generally not a way to slash spending by lowering WAN circuit costs. Though it is traditionally deployed across lower cost access, to minimize risk and realize the most benefits from the platform many organizations install multiple circuits with greater bandwidths at each endpoint when replacing the more costly traditional circuits. Though this maximizes the value of the technology investment, it will result in the end cost being similar to the traditional cost plus or minus a small percentage.

What It Is

SD-WAN is a subset of software-defined networking (SDN) designed specifically to deploy a secure, centrally managed, connectivity agnostic, overlay network connecting multiple office locations. This technology can be used to replace, work in concert with, or augment more traditional costly connectivity such as MPLS or private point to point (PtP) circuits. In addition to the secure overlay, SD-WAN usually also enables policy-based, intelligent controls, based on traffic and circuit intelligence.

Why Use It

You have multiple endpoint locations connected by expensive lower bandwidth traditional circuits. Your target is to increase visibility and control while controlling costs if and where possible. Ease of centralized management and the ability to more rapidly turn up new locations are attractive.

Cloud access security broker (CASB)

Inline policy enforcement placed between users and cloud services

Archetype Value: Hybrid Networks

What It Is Not

CASBs do not provide network protection; they are designed to provide compliance and enforcement of rules. Though CASBs are designed to give visibility and control into cloud traffic, they have limits to the data that they generally ingest and utilize. A CASB does not gather or report on cloud usage details, licencing information, financial costing, or whether the cloud resource usage is aligned with the deployment purpose.

What It Is

A CASB is designed to establish security controls beyond a company’s environment. It is commonly deployed to augment traditional solutions to extend visibility and control into the cloud. To protect assets in the cloud, CASBs are designed to provide central policy control and apply services primarily in the areas of visibility, data security, threat protection, and compliance.

Why Use It

You a mixture of on-premises and cloud assets. In moving assets out to the cloud, you have lost the traditional controls that were implemented in the data center. You now need to have visibility and apply controls to the usage of these cloud assets.

Secure access service edge (SASE)

Convergence of security and service access in the cloud

Archetype Value: Inverted Networks

What It Is Not

Though the service will consist of many service offerings, SASE is not multiple services strung together. To present the value proposed by this platform, all functionality proposed must be provided by a single platform under a “single pane of glass.” SASE is not a mature and well-established service. The market is still solidifying, and the full-service definition remains somewhat fluid.

What It Is

SASE exists at the intersection of network-as-a-service and network-security-as-a-service. It is a superset of many network and security cloud offerings such as CASB, secure web gateway, SD-WAN, and WAN optimization. Any services offered by a SASE provider will be cloud hosted, presented in a single stack, and controlled through a single pane of glass.

Why Use It

Your network is inverting, and services are provided primarily as cloud assets. In a full realization of this deployment’s value, you would abstract how and where users gain initial network access yet remain in control of the communications and data flow.

Activity

Understand your enterprise network options

Activity: Network assessment in an hour

• Learn about the Enterprise Network Roadmap Technology Assessment Tool
• Complete the Enterprise Network Roadmap Technology Assessment Tool

This activity involves the following participants:

• IT strategic direction decision makers.
• IT managers responsible for network.
• Organizations evaluating platforms for mission critical applications.

Outcomes of this step:

• Completed Enterprise Network Roadmap Technology Assessment Tool

Info-Tech Insight

Review your design options with security and compliance in mind. Infrastructure is no longer a standalone entity and now tightly integrates with software-defined networks and security solutions.

Build an assessment in an hour

Learn about the Enterprise Network Roadmap Technology Assessment Tool.

This workbook provides a high-level analysis of a technology’s readiness for adoption based on your organization’s needs.

• The workbook then places the technology on a graph that measures both the readiness and fit for your organization. In addition, it provides warnings for specific issues and lets you know if you have considerable uncertainty in your answers.
• At a glance you can now communicate what you are doing to help the company:
  • Grow
  • Save money
  • Reduce risk
• Regardless of your specific audience, these are important stories to be able to tell.

Build an assessment in an hour

Complete the Enterprise Network Roadmap Technology Assessment Tool.

Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

1. Weightings: Adjust the Weighting tab to meet organizational needs. The provided weightings for the overall solution areas are based on a generic firm; individual firms will have different needs.
2. Data Entry: For each category, answer the questions for the technology you are considering. When you have completed the questionnaire, go to the next tab for the results.
3. Results: The Enterprise Network Roadmap Technology Assessment Tool provides a value versus readiness assessment of your chosen technology customized to your organization.

Related Info-Tech Research

Effectively Acquire Infrastructure Services

Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

There are very few IT infrastructure components you should be housing internally – outsource everything else.

Build Your Infrastructure Roadmap

Move beyond alignment: Put yourself in the driver’s seat for true business value.

Drive Successful Sourcing Outcomes With a Robust RFP Process

Leverage your vendor sourcing process to get better results.

Research Authors

Scott Young, Principal Research Advisor, Info-Tech Research Group

Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

Troy Cheeseman, Practice Lead, Info-Tech Research Group

Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

Bibliography

Ahlgren, Bengt. “Design considerations for a network of information.” ACM Digital Library, 21 Dec. 2008.

Cox Business. “Digital transformation is here. Is your business ready to upgrade your mobile work equation?” BizJournals, 1 April 2022. Accessed April 2022.

Elmore, Ed. “Benefits of integrating security and networking with SASE.” Tech Radar, 1 April 2022. Web.

Greenfield, Dave. “From SD-WAN to SASE: How the WAN Evolution is Progressing.” Cato Networks, 19 May 2020. Web

Korolov, Maria. “What is SASE? A cloud service that marries SD-WAN with security.” Network World, 7 Sept. 2020. Web.

Korzeniowski, Paul, “CASB tools evolve to meet broader set of cloud security needs.” TechTarget, 26 July 2019. Accessed March 2022.

Embed Business Relationship Management in IT

Show that IT is worthy of Trusted Partner status.

Executive Brief

Analyst Perspective

Relationships are about trust.

As long as humans are involved in enabling technology, it will always remain important to ensure that business relationships support business needs. At the cornerstone of those relationships is trust and the establishment of business value. Without trust, you won’t be believed, and without value, you won’t be invited to the business table.

Business relationship management can be a role, a capability, or a practice – either way it’s essential to ensure it exists within your organization. Show that IT can be a trusted partner by showing the value that IT offers.

Allison Straker Research Director, CIO Practice Info-Tech Research Group

Your challenge: Why focus on business relationship management?

Is IT saying this about business partners? I don’t know what my business needs and so we can’t add as much value as we’d like. My partners don’t give us the opportunity to provide new ideas to solve business problems My partners listen to third parties before they listen to IT. We’re too busy and don’t have the capacity to help my partners.

Are business partners saying this about IT? IT does not create and deliver valuable services/solutions that resolve my business pain points. IT does not come to me with innovative solutions to my business problems/challenges/issues. IT blocks my efforts to drive the business forward using innovative technology solutions. IT does not advocate for my needs with the decision makers in the organization.

Common obstacles

While organizations realize they need to do better, they often don’t know how to improve.

Organizations want to:

• Understand and strategically align to business goals
• Ensure stakeholders are satisfied
• Show project value/success

… these are all things that a mature business relationship can do to improve your organization.

Key improvement areas identified by business leaders and IT leaders

Info-Tech’s approach

BRMs who focus on achieving business value can improve organizational results.

Business relationships can take a strategic, tactical, or operational perspective.

While all levels are needed, focus on a strategic perspective for optimal outcomes.

Create business value through:

• Applying your knowledge of the business so that conversations aren’t about what IT provides. Focus on what the overall business requires.
• Ensuring your knowledge includes what is going on internally at your organization and also what occurs externally within and outside the industry (e.g. vendors, technologies used in similar industries or with similar customer interactions).
• Discussing with the perspective of “what’s in it for [insert business partner here]” – don’t just present IT’s views.
• Building a trusted strategic relationship – don’t just do well at the basics but also focus on the strategy that can move the organization to where it needs to be.

Neither you nor your partners can view IT as separate from your overall business…

…your IT goals need to be aligned with those of the overall business

IT and other lines of business need to partner together – they are all part of the same overall business.

Why it’s important to establish a BRM program

	IT Benefits Provides IT with a view of the lines of business they empower Allows IT to be more proactive in providing solutions that help business partner teams Allows IT to better manage their workload, as new requests can be prioritized and understood	Business Benefits Provides business teams with a view of the services that IT can help them with Brings IT to the table with value-driven solutions Creates an overall roadmap aligning both partners
	Drive business value into the organization via innovative technology solutions. Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors). Enhance ability to execute business activities to meet end-customer requirements and expectations, resulting in more satisfied customers. Increase your business benefits by moving up higher – from operational to tactical to strategic.

When IT understands the business, they provide better value

Understanding all parties – including the business needs and context – is critical to effective business relationships.

Establishing a focus on business relationship management is key to improving IT satisfaction.

When business partners are satisfied that IT understands their needs, they have a higher perception of the value of overall IT

The relationship between the perception of IT value and business satisfaction is strong (r=0.89). Can you afford not to increase your understanding of business needs?

(Source: Info-Tech Research Group diagnostic data/Business-Aligned IT Strategy blueprint (N=652 first-year organizations that completed the CIO Business Vision diagnostic))

BRM success is measurable

1) Survey your stakeholders to measure improvements in customer satisfaction		2) Measure BRM success against the goals for the practice
Business satisfaction survey Audience: Business leaders Frequency: Annual Metrics: Overall Satisfaction score Overall Value score Relationship Satisfaction: Understand needs Meet needs Communication

Maturing your BRM practice is a journey

Info-Tech has developed an approach that can be used by any organization to improve or successfully implement BRM.	Become a Trusted Partner and Advisor
	KNOWLEDGE OF INDUSTRY STRATEGIC	Value Creator and Innovator Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.
	KNOWLEDGE OF FUNCTIONS TACTICAL	Influencer and Advocate Two-way voice between IT and business, understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.
	TABLE STAKES: COMMUNICATION SERVICE DELIVERY PROJECT DELIVERY OPERATIONAL	Deliver Communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.
Foundation: Define and communicate the meaning and vision of BRM

At each level, keep maturing your BRM practice

(Adapted from BRM Institute Maturity Model and Info-Tech’s own model)

The Info-Tech path to implement BRM

Use Info-Tech’s ASPIRe method to create a continuously improving BRM practice.

Insight summary

BRM is not just about communication, it’s about delivering on business value.

Business relationship management isn’t just about having a pleasant relationship with stakeholders, nor is it about just delivering things they want. It’s about driving business value in everything that IT does and leveraging relationships with the business and IT, both within and outside your organization.

Understand your current state to determine the best direction forward.

Every organization will apply the BRM practice differently. Understand what’s needed within your organization to create the best fit.

BRM is not just a communication conduit between IT and the business.

When implemented properly, a BRM is a value creator, advocate, innovator, and influencer.

The BRM role must be designed to match the maturity level of the IT organization and the business.

Before you can create incremental business value, you must master the fundamentals of service and project delivery.

Info-Tech Insight

Knowledge of your current situation is only half the battle; knowledge of the business/industry is key.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable: Executive Buy-In and Communication Presentation Template Explain the need for the BRM practice and obtain buy-in from leadership and staff across the organization.	BRM Workbook Capture the thinking behind your organization’s BRM program.		BRM Stakeholder Engagement Plan Worksheet Worksheet to capture how the BRM practice will engage with stakeholders across the organization.
	BRM Role Expectations Worksheet How business relationship management will be supported throughout the organization at a strategic, tactical, and operational level.

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

ASSESS

To assess BRM, clarify what it means to you

Who are BRM relationships with?		The BRM has multiple arms/legs to ensure they’re aligned with multiple parties – the partners within the lines of business, external partners, and technology partners.
What does a BRM do?	Engage the right stakeholders – orchestrate key roles, resources, and capabilities to help stimulate, shape, and harvest business value. Connect partners (IT and other business) with the resources needed. Help stakeholders navigate the organization and find the best path to business value.
What does a BRM focus on?		Demand Shaping – Surfacing and shaping business demand Value Harvesting – Identifying ways to increase business value and providing insights Exploring – Rationalizing demand and reviewing new business, technology, and industry insights Servicing – Managing expectations and facilitating business strategy; business capability road mapping

Determine what business relationship management is

Many organizations face business dissatisfaction because they do not understand what the role of a BRM should be.

1.1 What is BRM?

Input: Your preliminary thoughts and ideas on BRM

Output: Themes summarizing what BRM will be at your organization

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Each team member will take a colored sticky note to capture what BRM is and what it isn’t.
2. As a group, review and discuss the sticky notes.
3. Group them into themes summarizing what BRM will be at your organization.
4. Leverage the workbook to brainstorm the definition of BRM at your organization.
5. Create a refined summary statement and capture it in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

It’s important to understand what the business thinks; ask them the right questions

Leverage the CIO Business Vision Diagnostic to provide clarity on: The organization’s view on satisfaction and importance of core IT services Satisfaction across business priorities IT’s capacity to meet business needs Contact your Account Representative to get started

1.2 Use their responses to help guide your BRM program

1 hour

Input: CIO-Business Vision Diagnostic, Other business feedback

Output: Summary of your partners’ view of the IT relationship

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team

1. Complete the CIO Business Vision diagnostic.
2. Analyze the findings from the Business Vision diagnostic or other business relationship and satisfaction surveys. Key areas to look at include:
   • Overall IT Satisfaction
   • IT Value
   • Relationship (Understands Needs, Communicates Effectively, Executes Requests, Trains Effectively)
   • Shadow IT
   • Capacity Needs
   • Business Objectives
3. Capture the following on your analysis:
   • Success stories – what your business partners are satisfied with
   • Challenges – are the responses consistent across departments?
4. Leverage the workbook to capture your findings the goals. Key highlights should be documented in the Executive Buy-In and Communication Template.

Use the BRM Workbook to capture ideas

Polish the goals in the Executive Buy-In and Communication Template

Perform a SWOT analysis to explore internal and external business factors

A SWOT analysis is a structured planning method organizations use to evaluate the effects of internal strengths and weaknesses and external opportunities and threats on a project or business venture.

Why It Is Important

• Business SWOT reveals internal and external trends that affect the business. You may uncover relevant information about the business that the other analysis methods did not reveal.
• The organizational strengths or weaknesses will shed some light on implications that you might not have considered otherwise, such as brand perception or internal staff capability to change.

Key Tips/Information

• Although this activity is simple in theory, there is much value to be gained when performed effectively.
• Focus on weaknesses that can cause a competitive disadvantage and strengths that can cause a competitive advantage.
• Rank your opportunities and threats based on impact and probability.
• Info-Tech members who have derived the most insights from a business SWOT analysis usually involved business stakeholders in the analysis.

Review these questions to help you conduct your SWOT analysis on the business

1.3 Analyze internal and external business factors using a SWOT analysis

1 hour

Input: IT and business stakeholder expertise

Output: Analysis of internal and external factors impacting the IT organization

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team

1. Break the group into two teams:
   • Assign team A internal strengths and weaknesses.
   • Assign team B external opportunities and threats.
2. Think about strengths, weaknesses, opportunities, and threats as they pertain to the IT-business relationship. Consider people, process, and technology elements.
3. Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the previous slide as guidance.
4. Pick someone from each group to fill in the SWOT grid.
5. Conduct a group discussion about the items on the list; identify implications for the BRM/IT.

Capture in the BRM Workbook

SITUATE

Your strategy informs your BRM program

Your strategy is a critical input into your program. Extract critical components of your strategy and convert them into a set of actionable principles that will guide the selection of your operating model.

Vision, Mission & Principles Leverage your vision and mission statements that communicate aspirations and purpose for key information that can be turned into design principles. Business Goal Implications Implications are derived from your business goals and will provide important context about the way BRM needs to change to meet its overarching objectives. Understand how those implications will change the way that work needs to be done – new capabilities, new roles, new modes of delivery, etc. Target-State Maturity Determine your target-state relationship maturity for your organization using the BRM goals that have been uncovered.

Outline your mission and vision for your BRM practice

If you don’t know where you’re trying to go, how do you know if you’ve arrived?

Establish the vision of what your BRM practice will achieve.

Your vision will paint a picture for your stakeholders, letting them know where you want to go with your BRM practice.

The vision will also help motivate and inspire your team members so they understand how they contribute to the organization. Your strategy must align with and support your organization’s strategy.

Good Visions Attainable – Aspirational but still within reach Communicable – Easy to comprehend Memorable – Not easily forgotten Practical – Solid, realistic Shared – Create a culture of shared ownership across the team/company

When Visions Fail Not Shared: Lack of buy-in, no alignment with stakeholders Impractical: No plan or strategy to deliver on the vision Unattainable: Set too far in the future Forgettable: Not championed, not kept in mind (Source: UX Magazine, 2011)

Derive the BRM vision statement

Begin the process of deriving the business relationship management vision statement by examining your business and user concerns. These are the problems your organization is trying to solve. Problem Statements First, ask what problems your organization hopes to solve. Analysis Second, ask what success would look like when those problems were solved. Vision Statement Third, polish the answer into a short but meaningful phrase. Paint the picture for your team and stakeholders so that they align on what BRM will achieve.

Vision statements demonstrate what your practice “aspires to be”

Your vision statement communicates a desired future state of the BRM organization. The statement is expressed in the present tense. It seeks to articulate the desired role of business relationship management and how it will be perceived.

Sample vision statements:

• To be a trusted advisor and partner in enabling business innovation and growth through an engaged design practice.
• The group will strive to become a world-class value center that is a catalyst for innovation.
• Apple: “We believe that we are on the face of the earth to make great products and that’s not changing.” (Mission Statement Academy, May 2019.)
• Coca-Cola: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

2.1 Vision generation

1 hour

Input: IT and business strategies

Output: Vision statement

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review the goals and the sample vision statements provided on the previous slide.
2. Brainstorm possible vision statements that can apply to your practice. Refer to the guidance provided on the previous page – ensure that it paints a picture for the reader to show the desired target state.
3. Leverage the workbook to brainstorm the vision. Capture the refined statement in the Executive Buy-In and Communication Template.

Use the BRM Workbook to capture ideas

Polish the goals in the Executive Buy-In and Communication Template

Create the mission statement from the problems and the vision statement

Your mission demonstrates your current intent and the purpose driving you to achieve your vision.

It reflects what the organization does for users/customers.

Make sure the practice’s mission statement reflects answers to the questions below: The questions: What does the organization do? How does the organization do it? For whom does the organization do it? What value is the organization bringing?

“A mission statement illustrates the purpose of the organization, what it does, and what it intends on achieving. Its main function is to provide direction to the organization and highlight what it needs to do to achieve its vision.” (Joel Klein, BizTank (in Hull, “Answer 4 questions to get a great mission statement.”))

2.2 Develop your own mission statement

1 hour

Input: IT and business strategies, Vision

Output: Mission statement

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review the goals and the vision statement generated in the previous activities.
2. Brainstorm possible mission statements that can apply to your BRM practice. Capture this in your BRM workbook.
3. Refine your mission statement. Refer to the guidance provided on the previous page – ensure that the mission provides “the why”. Document the refined mission statement in the Executive Buy-In and Communication Template.

“People don't buy what you do; they buy why you do it and what you do simply proves what you believe.” (Sinek, Transcript of “How Great Leaders Inspire Action.”)

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Areas that BRMs focus on include:

Establish how much of these your practice will focus on.

VALUE HARVESTING Tracks and reviews performance Identifies ways to increase business value Provides insights on the results of business change/initiatives		DEMAND SHAPING Isn’t just demand/intake management Surfaces and shapes business demand Is influenced by knowledge of the overall business and external entities
SERVICING Coordinates resources Manages expectations Facilitates business strategy, business capability road-mapping, and portfolio and program management		EXPLORING Identifies and rationalizes demand Reviews new business, technology, and industry insights Identifies business value initiatives

Establish what success means for your focus areas

Brainstorm objectives and success areas for your BRM practice.

	VALUE HARVESTING Success may mean that you: Understand the drivers and what the business needs to attain Demonstrate focus on value in discussions Ensure value is achieved, tracking it during and beyond deployment	DEMAND SHAPING Success may mean that you: Understand the business Are engaged at business meetings (invited to the table) Understand IT; communicate clarity around IT to the business Help IT prioritize needs
	SERVICING Success may mean that you: Understand IT services and service levels that are required Provide clarity around services and communicate costs and risks	EXPLORING Success may mean that you: Surface new opportunities based on understanding of pain points and growth needs Research and partner with others to further the business Engage resources with a focus on the value to be delivered

2.3 Establish BRM goals

1 hour

Input: Mission and vision statements

Output: List of goals

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team, BRM team

1. Use the previous slides as a starting point – review the focus areas and sample associated objectives.
2. Determine if all apply to your role.
3. Brainstorm the objectives for your BRM practice.
4. Discuss and refine the objectives and goals until the team agrees on your starting set.
5. Leverage the workbook to establish the goals. Capture refined goals in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

PLAN

Guiding principles help you focus the development of your practice

3.1 Establish guiding principles (optional activity)

Input: Mission and vision statements

Output: BRM guiding principles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Think about strengths, weaknesses, opportunities, and threats as well as the overarching goals, mission, and vision.
2. Identify a set of principles that the BRM practice should have. Guiding principles are shared, long-lasting beliefs that guide the use of business relationship management in your organization.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Establish the BRM partner model and alignment

Having the right model and support is just as important as having the right people.

Don’t boil the ocean: Start small

It may be useful to pilot the BRM practice with a small group within the organization – this gives you the opportunity to learn from the pilot and share best practices as you expand your BRM practice. You can leverage the pilot business unit’s feedback to help obtain buy-in from additional groups. Evaluate the approaches for your pilot:	Work With an Engaged Business Unit This approach can allow you to find a champion group and establish quick wins.	Target Underperforming Area(s) This approach can allow you to establish significant wins, providing new opportunities for value.
	Target the Area(s) Driving the Most Business Value Provide the largest positive impact on your portfolio’s ability to drive business value; for large strategic or transformative goals.	Work Across a Single Business Process This approach addresses a single business process or operation that exists across business units, departments, or locations. This, again, will allow you to limit the number of stakeholders.

Leverage BRM goals to determine where the role fits within the organization

Strategic BRMs are considered IT leaders, often reporting to the CIO.

In product-aligned organizations, the product owners will own the strategic business relationship from a product perspective (often across LOB), while BRMs will own the strategic role for the line(s) of businesses (often across products) that they hold a relationship with. The BRM role may be played by a product family leader.

BRMs may take on a more operational function when they are embedded within another group, such as the PMO. This manifests in:

• Accountability for projects and programs
• BRM conversations around projects and programs rather than overall needs
• Often, there is less focus on stimulating need, more about managing demand
• This structure may be useful for smaller organizations or where organizations are piloting the relationship capability

Use the IT structure and the business structure to determine how to align BRM and business partners. Many organizations ensure that each LOB has a designated BRM, but each BRM may work with multiple LOBs. Ensure your alignment provides an even and manageable distribution of work.

Don’t be intimidated by those who play a significant role in relationship management

	Business Relationship Manager: Portfolio View Ongoing with broader organization-wide objectives A BRM’s strategic perspective is focused across projects and products	The BRM will look holistically across a portfolio, rather than on specific projects or products. Their focus is ensuring value is delivered that impacts the overall organization. Multiple BRMs may be responsible for lines of businesses and ensure that products and project enable LOBs effectively.
	Business Analyst: Product or Project View Works within a project or product Accomplishes specific objectives within the project/product	The BA tends to be involved in project work – to that end, they are often brought in a bit before a project begins to better understand the context. They also often remain after the project is complete to ensure project value is delivered. However, their main focus is on delivering the objectives within the project.
	Product Owner: Product View Ongoing and strategic view of entire product, with product-specific objectives	The Product Owner bridges the gap between the business and delivery to ensure their product continuously delivers value. Their focus is on the product.

3.2 Establish the BRM’s place in the organizational structure

Input: BRM goals, IT organizational structure, Business organizational structure

Output: BRM operating model

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review the current organizational structure – both IT and overall business.
2. Think about the maturity of the IT organization and what you and your partners will be able to support at this stage in the relationship or journey. Establish whether it is necessary to start with a pilot.
3. Consider the reporting relationship that is required to support the desired maturity of your practice – who will your BRM function report into?
4. Consider the distribution of work from your business partners. Establish which BRM is responsible for which partners.
5. Document where the BRM fits in the organization in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Align your titles to your business partners and ensure it demonstrates your strategic goals

Determine the expectations for your BRM role(s)

Below are standard expectations from BRM job descriptions. Establish whether there are changes required for your organization.

Determine role expectations (slide 2 of 3)

Determine role expectations (slide 3 of 3)

3.3 Establish BRM expectations

Input: BRM goals

Output: BRM expectations

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review the BRM expectations on the previous slides.
2. Customize them – are they the appropriate set of expectations needed for your organization? What needs to be edited in or out?
3. Add relevant expectations – what are the things that need to be done in the BRM practice at your organization?
4. Leverage the workbook to brainstorm BRM expectations. Make sure you update them in the BRM Role Expectation Spreadsheet.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

3.4 Identify roles with BRM responsibilities

Input: BRM goals

Output: BRM-aligned roles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Various roles can play a part in the BRM practice, managing business relationships. Which ones make sense in your organization, given the BRM goals?
2. Identify the roles and capture in the BRM Role Expectation Spreadsheet. Use the Role Expectation Alignment tab, row 1.

Download the Role Expectations Worksheet

Determine the focus for each role that may manage business relationships

	STRATEGIC	Sets Direction: Focus of the activities is at the holistic, enterprise business level	“relating to the identification of long-term or overall aims and interests and the means of achieving them”	e.g. builds overarching relationships to enable and support the organization’s strategy; has strategic conversations
	TACTICAL	Figures Out the How: Focuses on the tactics required to achieve the strategic focus	“skillful in devising means to ends”	e.g. builds relationships specific to tactics (projects, products, etc.)
	OPERATIONAL	Executes on the Direction: Day-to-day operations; how things get done	“relating to the routine functioning and activities of a business or organization”	e.g. builds and leverages relationships to accomplish specific goals (within a project or product)

3.5 Align BRM capabilities to roles

Input: Current-state model, Business value matrix, Objectives and goals

Output: BRM-aligned roles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review each group of role expectations – Act as a Relationship Manager, Communicate with Business Stakeholders, etc. For each group, determine the focus each role can apply to it – strategic, tactical, or operational. Refer to the previous slide for examples.
2. Capture on the spreadsheet:
   • S – This role is required to have a strategic view of the capabilities. They are accountable and set direction for this aspect of relationship management.
   • T – Indicate if the role is required to have a tactical view of the capabilities. This would include whether the role is required to figure out how the capabilities will be done; for example, is the role responsible for carrying out service management or are they just involved to ensure that that set of expectations are being performed?
   • O – Indicate if the role will have an operational view – are they the ones responsible for doing the work?
   • Note: In some organizations, a role may have more than one of these.
3. The spreadsheet will highlight the cells in green if the role plays more of the strategic role, yellow for tactical, and brown for operational. This provides an overall visual of each role’s part in relationship management.
4. (Optional) Review each detailed expectation within the group. Evaluate whether specific roles will have a different focus on the unique role expectations.

Leverage the Role Expectations Worksheet

Sample role expectation alignment

IMPLEMENT

Speak the same language as your partners: Business Value

Business value represents the desired outcome from achieving business priorities.

Value is not only about revenue or reduced expenses. Use this internal-external and capability-financial business value matrix to more holistically consider what is valuable to stakeholders.

Improved Capabilities Enhance Services Products and services that enable business capabilities and improve an organization’s ability to perform its internal operations. Increase Customer Satisfaction Products and services that enable and improve the interaction with customers or produce practical market information and insights. Inward Outward Save Money Products and services that reduce overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not put in place. Make money (Return on Investment) Products and services that are specifically related to the impact on an organization’s ability to create a return on investment. Financial Benefits

Business Value Matrix Axes: Financial Benefits vs. Improved Capabilities Improved capabilities refers to the enhancement of business capabilities and skill sets. Financial Benefits refers to the degree in which the value source can be measured through monetary metrics and is often highly tangible. Inward vs. Outward Orientation Inward refers to value sources that have an internal impact an organization’s effectiveness and efficiency in performing its operations. Outward refers to value sources that come from interactions with external factors, such as the market or your customers.

4.1 Activity: Brainstorm sources of business value

Input: Product and service knowledge, Business process knowledge

Output: Understanding of different sources of business value

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Identify your key stakeholders. These individuals are the critical business strategic partners in the organization’s governing bodies.
2. Brainstorm the different types of business value that the BRM practice can produce.
3. Is the item more focused on improving capabilities or generating financial benefits?
4. Is the item focused on the customers you serve or the IT team?
5. Enter your value item into a cell on the Business Value Matrix based on where it falls on these axes.
6. Start to think about metrics you can use to measure how effective the product or service is at generating the value source.

Use the BRM Workbook to capture sources of business value

Brainstorm the different sources of business value (continued)

See appendix for more information on value drivers:

Example: Enhance Services Dashboards/IT Situational Awareness Improve measurement of services for data-driven analytics that can improve services Collaborate to support Enterprise Architecture Approval for and support of new applications per customer demand Provide consultation for IT issues Reach Customers Provide technology roadmaps for IT services and devices Improved "PR" presence: websites, service catalog, etc. Enhance customer experience Faster Time-to-market delivering innovative technologies and current services Reduce Costs Achieve better pricing through enterprise agreements for IT services that are duplicated across several orgs Prioritization/ development of roadmap Portfolio management / reduce duplication of services Evolve resourcing strategies to integrate teams (e.g. do more with less) Return on Investment Customer -focused dashboards Encourage use of centralized services through external collaboration capabilities that fit multiple use cases Devise strategies for measured/supported migration from older IT systems/software

Implications of ineffective stakeholder management

Cheat Sheet: Identify stakeholders

Ask stakeholders “who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

List the people who are identified through the following questions:		Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing? At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)? Will other stakeholders emerge as the phases are started and completed? Who is sponsoring the initiative?	Who benefits from the initiative? Who loses from the initiative? Who can make approvals? Who controls resources? Who has specialist skills? Who implements the changes? Who are the owners, governors, customers, and suppliers to impacted capabilities or functions?	Executives Peers Direct reports Partners Customers		Subcontractors Suppliers Contractors Lobby groups Regulatory agencies

Establish your stakeholder network “map”

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Your stakeholder map defines the influence landscape your BRM team operates in. It is every bit as important as the teams who enhance, support, and operate your products directly.

Notes on the network map

• Pay special attention to influencers who have many arrows; they are called “connectors,” and due to their diverse reach of influence, should themselves be treated as significant stakeholders.
• Don’t forget to consider the through-lines from one influencer through intermediate stakeholders or influencers to the final stakeholder – a single influencer may have additional influence via multiple, possibly indirect paths to a single stakeholder.

4.2 Visualize interrelationships among stakeholders to identify key influencers

Input: List of stakeholders

Output: Relationships among stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. List direct stakeholders for your area. Ensure it includes stakeholders across the organization (both IT and business units).
2. Determine the stakeholders of your stakeholders. Consider adding each of them to the stakeholder list: assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
3. Create a stakeholder network map to visualize relationships.
   • (Optional) Use black arrows to indicate the direction of professional influence.
   • (Optional) Use dashed green arrows to indicate bidirectional, informal influence relationships.
4. Capture the list or diagram of your stakeholders in your workbook.

Categorize your stakeholders with a stakeholder prioritization map

A stakeholder prioritization map help teams categorize their stakeholders by their level or influence and ownership.

There are four areas in the map and the stakeholders within each area should be treated differently.

• Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical and a lack of support can cause significant impediment to the objectives.
• Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
• Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
• Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

4.3 Group your stakeholders into categories

Input: Stakeholder Map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

Use the BRM Workbook to map your stakeholders

Define strategies for engaging stakeholders by type

Each group of stakeholders draws attention and resources away from critical tasks.

By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Apply a third dimension for stakeholder prioritization: support.

Support, in addition to interest and influence, is used to prioritize which stakeholders are should receive the focus of your attention. This table indicates how stakeholders are ranked:

Support can be determined by rating the following question: how likely is it that your stakeholder would recommend IT at your organization/your group? Our four categories of support:

• Blocker – beware of the blocker. These stakeholders do not support your cause and have the necessary drive to impede the achievement of your objectives.
• Semi-Supporter – while these stakeholders are committed to your objectives, they are somewhat apathetic to advocate on your behalf. They will support you so long as it does not require much effort from them to do so.
• Neutral – neutrals do not have much commitment to your objectives and are not willing to expend much energy to either support or detract from them.
• Supporter – these stakeholders are committed to your initiative and are willing to whole-heartedly provide you with support.

4.4 Update your stakeholder quadrant to include the three dimensions

Input: Stakeholder Map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would support your initiative/endeavor?
2. Map your results to the model in your workbook to determine each stakeholder’s category.

Use the BRM Workbook to map your stakeholders

Leverage your map to think about how to engage with your stakeholders

4.5 Create your engagement plan

Input: Stakeholder Map/list of stakeholders

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Leverage the BRM Stakeholder Engagement Plan spreadsheet. List your key stakeholders.
2. Consider: how do you show value at your current maturity level so that you can gain trust and your relationship can mature? Establish where your relationship lacks maturity, and consider whether you need to engage with them on a more strategic, tactical, or even operational manner.
   • At lower levels of maturity (Table Stakes), focus on service delivery, project delivery, and communication.
   • At mid-level maturity (Influencer/Advocate), focus on business pain points and a deeper knowledge of the business.
   • At higher maturity levels (Value Creator/Innovator), focus on creating value by leading innovative initiatives that drive the business forward.
3. Review the stakeholder quadrant. Update the frequency of your communication accordingly.
4. Capture the agenda for your engagements with them.

Your agenda should vary with the maturity of your relationship

Lower Maturity – Focus on service delivery, project delivery, and communication

Mid-Level Maturity – Focus on business pain points and a deeper knowledge of the business

Higher Maturity – Focus on creating value by leading innovative initiatives that drive the business forward

Stakeholder – Include both IT and business stakeholders at appropriate levels

Agenda – Manage stakeholders expectations, and clarify how your agenda will progress as the partnership matures

REASSESS & EMBED

Determine whether your business is satisfied with IT

	1	Survey your stakeholders to measure improvements in customer satisfaction.		Leverage the CIO Business Vision on a regular interval – most find that annual assessments drive success. Evaluate whether the addition or increased maturity of your BRM practice has improved satisfaction with IT.
	Business satisfaction survey Audience: Business leaders Frequency: Annual Metrics: Overall Satisfaction score Overall Value score Relationship Satisfaction: Understand needs Meet needs Communication

Check if you’ve met the BRM goals you set out to achieve

	2	Measure BRM success against the goals for the practice.		Evaluate whether the BRM practice has helped IT to meet the goals that you’ve established. For each of your goals, create metrics to establish how you will know if you’ve been successful. This might be how many or what type of interactions you have with your stakeholders, and/or it could be new connections with internal or external partners. Ensure you have established metrics to measure success at your goals.

5.1 Create metrics

Input: Goals, The attributes which can align to goal success

Output: Measurements of success

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Start with a consideration of your goals and objectives.
2. Identify key aspects that can support confirming if the goal was successful.
3. For each aspect, develop a method to measure success with a specific measurement.
4. When creating the KPI consider:
   • How you know if you are achieving your objective (performance)?
   • How frequently will you be measuring this?
   • Are you looking for an increase, decrease, or maintenance of the metric?

Use the BRM Workbook

Don’t wait all year to find out if you’re on track

Leverage the below questions to quickly poll your business partners on a more frequent basis.

Partner instructions: Please indicate how much you agree with each of the following statements. Use a scale of 1-5, where 1 is low agreement and 5 indicates strong agreement: Demand Shaping: My BRM is at the table and seeks to understand my business. They help me understand IT and helps IT prioritize my needs. Exploring: My BRM surfaces new opportunities based on their understanding of my pain points and growth needs. They engage resources with a focus on the value to be delivered. Servicing: The BRM obtains an understanding of the services and service levels that are required, clarifies them, and communicates costs and risks. Value Harvesting: Focus on value is evident in discussions – the BRM supports IT in ensuring value realization is achieved and tracks value during and beyond deployment.

Embedding the BRM practice also includes acknowledging the BRM’s part in balancing the IT portfolio

IT needs to juggle “keeping the lights on” initiatives with those required to add value to the organization. Partner with the appropriate resources (Project Management Office, Product Owners, System Owners, and/or others as appropriate within your organization) to ensure that all initiatives focus on value. Info-Tech Insight Not every organization will balance their portfolio in the same way. Some organizations have higher risk tolerance and so their higher priority goals may require that they accept more risk to potentially reap more returns.

80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business. (Source: Stage-Gate International and Product Development Institute, March/April 2009)

5.2 Prioritize your investments/ projects (optional activity)

Input: Value criteria

Output: Prioritized project listing

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Review and edit (if necessary) the criteria on tab 2 the Project Value Scorecard Development Tool.
   
2. Score initiatives and investments on tab 3 using your criteria.
   

5.3 Create a portfolio investment map (optional activity)

Input: Business capability map

Output: Portfolio investment map

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

1. Build a capability map, outlining the value streams that support your organization’s goals and the high-level capabilities (level 1) that support the value stream (and goals).
   For more support in establishing the capability map, see Document Your Business Architecture.
   
2. Identify high-value capabilities for the organization.
3. What are the projects and initiatives that will address the critical capabilities? Add these under the high-value capabilities.
4. This process will help you demonstrate how projects align to business goals. Enter your capabilities and projects in Info-Tech’s Initiative Portfolio Map Template.

Establish your annual BRM plan