Estimate Software Delivery With Confidence

  • Buy Link or Shortcode: {j2store}147|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $50,000 Average $ Saved
  • member rating average days saved: 20 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Estimation and planning practices set and reinforce the expectations of product delivery, which is a key driver of IT satisfaction.
  • However, today’s rapidly scaling and increasingly complex products and business needs create mounting pressure for teams to make accurate estimates with little knowledge of the problem or solution to it, risking poor-quality products.
  • Many organizations lack the critical foundations involved in making acceptable estimates in collaboration with the various perspectives and estimation stakeholders.

Our Advice

Critical Insight

  • Estimation reflects your culture and operating model. The accuracy of your estimates is dependent on the roles involved, which is not encouraged in traditional and top-down methodologies. Stakeholders must respect and support the team’s estimates.
  • Estimates support value delivery. IT satisfaction is driven by the delivery of valuable products and services. Estimates set the appropriate stakeholder expectations to ensure successful delivery and make the right decisions.
  • Estimates are more than just guesses. They are tools used to make critical business, product, and technical decisions and inform how to best utilize resources and funding.

Impact and Result

  • Establish the right expectations. Gain a grounded understanding of estimation value and limitations. Discuss estimation challenges to determine if poor practices and tactics are the root causes or symptoms.
  • Strengthen analysis and estimation practices. Obtain a thorough view of the product backlog item (PBI) through good analysis tactics. Incorporate multiple analysis and estimation tactics to verify and validate assumptions.
  • Incorporate estimates into your delivery lifecycle. Review and benchmark estimates, and update expectations as more is learned.

Estimate Software Delivery With Confidence Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should optimize your estimation practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Justify estimation optimization

Set the right stakeholder expectations for your delivery estimates and plans.

  • Estimate Software Delivery With Confidence – Phase 1: Justify Estimation Optimization
  • Estimation Quick Reference Template

2. Commit to achievable delivery

Adopt the analysis, estimation, commitment, and communication tactics to successfully develop your delivery plan.

  • Estimate Software Delivery With Confidence – Phase 2: Commit to Achievable Delivery

3. Mature your estimation practice

Build your estimation optimization roadmap.

  • Estimate Software Delivery With Confidence – Phase 3: Mature Your Estimation Practice
[infographic]

Workshop: Estimate Software Delivery With Confidence

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Set the Context

The Purpose

Discuss the decisions that estimates will help make.

Level set estimation expectations by clarifying what they can and cannot do.

Review the current state of your estimation practice.

Key Benefits Achieved

Grounded understanding of estimation that is accepted by all audiences and stakeholders.

Identification of whether estimation practices are the root cause of estimation challenges or a symptom of a different issue.

Activities

1.1 Define estimation expectations.

1.2 Reveal your root cause challenges.

Outputs

Estimation expectations

Root causes of estimation challenges

2 Build Your Estimation Practice

The Purpose

Discuss the estimation and planning practices used in the industry.

Define the appropriate tactics to use to make key business and delivery decisions.

Simulate the tactics to verify and validate their fit with your teams.

Key Benefits Achieved

Knowledge of good practices that can improve the effectiveness of your estimates and plans.

Practice using new tactics.

Activities

2.1 Ground estimation fundamentals.

2.2 Strengthen your analysis tactics.

2.3 Strengthen your estimation tactics.

2.4 Commit and communicate delivery.

2.5 Simulate your target state planning and estimation tactics.

Outputs

Estimation glossary and guiding principles

Defined analysis tactics

Defined estimation and consensus-building tactics

Defined commitment and communication tactics

Lessons learned

3 Define Your Optimization Roadmap

The Purpose

Review the scope and achievability of your improved estimation and planning practice.

Key Benefits Achieved

Realistic and achievable estimation optimization roadmap.

Activities

3.1 Mature your estimation practice.

Outputs

Estimation optimization roadmap

Create a Data Management Roadmap

  • Buy Link or Shortcode: {j2store}122|cart{/j2store}
  • member rating overall impact (scale of 10): 9.3/10 Overall Impact
  • member rating average dollars saved: $100,135 Average $ Saved
  • member rating average days saved: 36 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management

Data has quickly become one of the most valuable assets in any organization. But when it comes to strategically and effectively managing those data assets, many businesses find themselves playing catch-up. The stakes are high because ineffective data management practices can have serious consequences, from poor business decisions and missed revenue opportunities to critical cybersecurity risks.

Successful management and consistent delivery of data assets requires collaboration between the business and IT and the right balance of technology, process, and resourcing solutions.

Build an effective and collaborative data management practice

Data management is not one-size-fits-all. Cut through the noise around data management and create a roadmap that is right for your organization:

  • Align data management plans with business requirements and strategic plans.
  • Create a collaborative plan that unites IT and the business in managing data assets.
  • Design a program that can scale and evolve over time.
  • Perform data strategy planning and incorporate data capabilities into your broader plans.
  • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

This blueprint will help you design a data management practice that builds capabilities to support your organization’s current use of data and its vision for the future.

Create a Data Management Roadmap Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create a Data Management Roadmap Storyboard – Use this deck to help you design a data management practice and turn data into a strategic enabler for the organization.

Effective data delivery and management provides the business with new and improved opportunities to leverage data for business operations and decision making. This blueprint will help you design a data management practice that will help your team build capabilities that align to the business' current usage of data and its vision for the future.

  • Create a Data Management Roadmap – Phases 1-2

2. Data Management Strategy Planning Tools – Use these tools to align with the business and lay the foundations for the success of your data management practice.

Begin by using the interview guide to engage stakeholders to gain a thorough understanding of the business’ challenges with data, their strategic goals, and the opportunities for data to support their future plans. From there, these tools will help you identify the current and target capabilities for your data management practice, analyze gaps, and build your roadmap.

  • Data Strategy Planning Interview Guide
  • Data Management Assessment and Planning Tool
  • Data Management Project Charter Template

3. Stakeholder Communication and Assessment Tools – Use these templates to develop a communication strategy that will convey the value of the data management project to the organization and meet the needs of key stakeholders.

Strong messaging around the value and purpose of the data management practice is essential to ensure buy-in. Use these templates to build a business case for the project and socialize the idea of data management across the various levels of the organization while anticipating the impact on and reactions from key stakeholders.

  • Data Management Communication/Business Case Template
  • Project Stakeholder and Impact Assessment Tool

4. Data Management Strategy Work Breakdown Structure Template – Use this template to maintain strong project management throughout your data management project.

This customizable template will support an organized approach to designing a program that addresses the business’ current and evolving data management needs. Use it to plan and track your deliverables and outcomes related to each stage of the project.

  • Data Management Strategy Work Breakdown Structure Template

5. Data Management Roadmap Tools – Use these templates to plan initiatives and create a data management roadmap presentation.

Create a roadmap for your data management practice that aligns to your organization’s current needs for data and its vision for how it wants to use data over the next 3-5 years. The initiative tool guides you to identify and record all initiative components, from benefits to costs, while the roadmap template helps you create a presentation to share your project findings with your executive team and project sponsors.

  • Initiative Definition Tool
  • Data Management Roadmap Template

6. Track and Measure Benefits Tool – Use this tool to monitor the project’s progress and impact.

Benefits tracking enables you to measure the effectiveness of your project and make adjustments where necessary to realize expected benefits. This tool will help you track benefit metrics at regular intervals to report progress on goals and identify benefits that are not being realized so that you can take remedial action.

  • Track and Measure Benefits Tool

Infographic

Workshop: Create a Data Management Roadmap

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Develop Data Strategies

The Purpose

Understand the business’s vision for data and the role of the data management practice.

Determine business requirements for data.

Map business goals and strategic plans to create data strategies.

Key Benefits Achieved

Understanding of business’s vision for data

Unified vision for data management (business and IT)

Identification of the business’s data strategies

Activities

1.1 Establish business context for data management.

1.2 Develop data management principles and scope.

1.3 Develop conceptual data model (subject areas).

1.4 Discuss strategic information needs for each subject area.

1.5 Develop data strategies.

1.6 Identify data management strategies and enablers.

Outputs

Practice vision

Data management guiding principles

High-level data requirements

Data strategies for key data assets

2 Assess Data Management Capabilities

The Purpose

Determine the current and target states of your data management practice.

Key Benefits Achieved

Clear understanding of current environment

Activities

2.1 Determine the role and scope of data management within the organization.

2.2 Assess current data management capabilities.

2.3 Set target data management capabilities.

2.4 Identify performance gaps.

Outputs

Data management scope

Data management capability assessment results

3 Analyze Gaps and Develop Improvement Initiatives

The Purpose

Identify how to bridge the gaps between the organization’s current and target environments.

Key Benefits Achieved

Creation of key strategic plans for data management

Activities

3.1 Evaluate performance gaps.

3.2 Identify improvement initiatives.

3.3 Create preliminary improvement plans.

Outputs

Data management improvement initiatives

4 Design Roadmap and Plan Implementation

The Purpose

Create a realistic and action-oriented plan for implementing and improving the capabilities for data management.

Key Benefits Achieved

Completion of a Data Management Roadmap

Plan for how to implement the roadmap’s initiatives

Activities

4.1 Align data management initiatives to data strategies and business drivers.

4.2 Identify dependencies and priorities

4.3 Build a data management roadmap (short and long term)

4.4 Create a communication plan

Outputs

Data management roadmap

Action plan

Communication plan

Further reading

Contents

Executive Brief
Analyst Perspective
Executive Summary
Phase 1: Build Business and User Context
Phase 2: Assess Data Management and Build Your Roadmap
Additional Support
Related Research
Bibliography

Create a Data Management Roadmap

Ensure the right capabilities to support your data strategy.

EXECUTIVE BRIEF

Analyst Perspective

Establish a data management program to realize the data strategy vision and data-driven organization.

Data is one of the most valuable organizational assets, and data management is the foundation – made up of plans, programs, and practices – that delivers, secures, and enhances the value of those assets.

Digital transformation in how we do business and innovations like artificial intelligence and automation that deliver exciting experiences for our customers are all powered by readily available, trusted data. And there’s so much more of it.

A data management roadmap designed for where you are in your business journey and what’s important to you provides tangible answers to “Where do we start?” and “What do we do?”

This blueprint helps you build and enhance data management capabilities as well as identify the next steps for evaluating, strengthening, harmonizing, and optimizing these capabilities, aligned precisely with business objectives and data strategy.

Andrea Malick
Director, Research & Advisory, Data & Analytics Practice
Info-Tech Research Group

Frame the problem

Who this research is for
  • Data management professionals looking to improve the organization’s ability to leverage data in value-added ways
  • Data governance managers and data analysts looking to improve the effectiveness and value of their organization’s data management practice
This research will help you
  • Align data management plans with business requirements and strategic plans.
  • Create a collaborative plan that unites IT and the business in managing the organization’s data assets.
  • Design a data management program that can scale and evolve over time.
This research will also assist
  • Business leaders creating plans to leverage data in their strategic planning and business processes
  • IT professionals looking to improve the environment that manages and delivers data
This research will also help you
  • Perform data strategy planning and incorporate data capabilities and plans into your broader plans.
  • Identify gaps in current data services and the supporting environment and determine effective corrective actions.

Executive Summary

Your Challenge
  • The organizational appetite for data is increasing, with growing demands for data to better support business processes and inform decision making.
  • For data to be accessible and trustworthy for the business it must be effectively managed throughout its lifecycle.
  • With so much data circulating throughout our systems and a steady flow via user activity and business activities, it is imperative that we understand our data environment, focus our data services and oversight on what really matters, and work closely with business leads to ensure data is an integral part of the digital solution.
Common Obstacles
  • Despite the growing focus on data, many organizations struggle to develop an effective strategy for managing their data assets.
  • Successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.
  • Employees are doing their best to just get things done with their own spreadsheets and familiar patterns of behavior. It takes leadership to pause those patterns and take a thoughtful enterprise and strategic approach to a more streamlined – and transformed – business data service.
Info-Tech’s Approach
  • Incremental approach: Building a mature and optimized practice doesn’t occur overnight – it takes time and effort. Use this blueprint’s approach and roadmap results to support your organization in building a practice that prioritizes scope, increases the effectiveness of your data management practice, and improves your alignment with business data needs.
  • Build smart: Don’t do data management for data management’s sake; instead, align it to business requirements and the business’ vision for the organization’s data. Ensure initiatives and program investments best align to business priorities and support the organization in becoming more data driven and data centric.

Info-Tech Insight

Use value streams and business capabilities to develop a prioritized and practical data management plan that provides the highest business satisfaction in the shortest time.

Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

Data Management Capabilities

A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

Data is a business asset and needs to be treated like one

Data management is an enabler of the business and therefore needs to be driven by business goals and objectives. For data to be a strategic asset of the business, the business and IT processes that support its delivery and management must be mature and clearly executed.

Business Drivers
  1. Client Intimacy/Service Excellence
  2. Product and Service Innovations
  3. Operational Excellence
  4. Risk and Compliance Management
Data Management Enablers
  • Data Governance
  • Data Strategy Planning
  • Data Architecture
  • Data Operations Management
  • Data Risk Management
  • Data Quality Management

Industry spotlight: Risk management in the financial services sector

REGULATORY
COMPLIANCE

Regulations are the #1 driver for risk management.

US$11M:

Fine incurred by a well-known Wall Street firm after using inaccurate data to execute short sales orders.
“To successfully leverage customer data while maintaining compliance and transparency, the financial sector must adapt its current data management strategies to meet the needs of an ever-evolving digital landscape.” (Phoebe Fasulo, Security Scorecard, 2021)

Industry spotlight: Operational excellence in the public sector

GOVERNMENT
TRANSPARENCY

With frequent government scandals and corruption dominating the news, transparency to the public is quickly becoming a widely adopted practice at every level of government. Open government is the guiding principle that the public has access to the documents and proceedings of government to allow for effective public oversight. With growing regulations and pressure from the public, governments must adopt a comprehensive data management strategy to ensure they remain accountable to their rate payers, residents, businesses, and other constituents.

  1. Transparency Transparency is not just about access; it’s about sharing and reuse.
  2. Social and commercial value Everything from finding your local post office to building a search engine requires access to data.
  3. Participatory government Open data enables citizens to be more directly informed and involved in decision making.

Industry spotlight: Operational excellence and client intimacy in major league sports

SPORTS
ANALYTICS

A professional sports team is essentially a business that is looking for wins to maximize revenue. While they hope for a successful post-season, they also need strong quarterly results, just like you. Sports teams are renowned for adopting data-driven decision making across their organizations to do everything from improving player performance to optimizing tickets sales. At the end of the day, to enable analytics you must have top-notch information management.

Team Performance Benefits
  1. Talent identification
  2. In-game decision making
  3. Injury reduction
  4. Athlete performance
  5. Bargaining agreement
Team Performance Benefits
  1. Fan engagement
  2. Licensing
  3. Sports gambling
(Deloitte Insights, 2020)
Industry leaders cite data, and the insights they glean from it, as their means of standing apart from their competitors.

Industry spotlight: Operational excellence and service delivery within manufacturing and supply chain services

SUPPLY CHAIN
EFFICIENCY

Data offers key insights and opportunities when it comes to supply chain management. The supply chain is where the business strategy gets converted to operational service delivery of the business. Proper data management enables business processes to become more efficient, productive, and profitable through the greater availability of quality data and analysis.

Fifty-seven percent of companies believe that supply chain management gives them a competitive advantage that enables them to further develop their business (FinancesOnline, 2021).

Involving Data in Your Supply Chain

25%

Companies can reap a 25% increase in productivity, a 20% gain in space usage, and a 30% improvement in stock use efficiency if they use integrated order processing for their inventory system.

36%

Thirty-six percent of supply chain professionals say that one of the top drivers of their analytics initiatives is the optimization of inventory management to balance supply and demand.
(Source: FinancesOnline, 2021)

Industry spotlight: Intelligent product innovation and strong product portfolios differentiate consumer retailers and CPGs

INFORMED PRODUCT
DEVELOPMENT
Consumer shopping habits and preferences are notoriously variable, making it a challenge to develop a well-received product. Information and insights into consumer trends, shopping preferences, and market analysis support the probability of a successful outcome.

Maintaining a Product Portfolio
What is selling? What is not selling?

Product Development
  • Based on current consumer buying patterns, what will they buy next?
  • How will this product be received by consumers?
  • What characteristics do consumers find important?
A combination of operational data and analytics data is required to accurately answer these questions.
Internal Data
  • Organizational sales performance
External Data
  • Competitor performance
  • Market analysis
  • Consumer trends and preferences
Around 75% of ideas fail for organizational reasons – viability or feasibility or time to market issues. On the other hand, around 20% of product ideas fail due to user-related issues – not valuable or usable (Medium, 2020).

Changes in business and technology are changing how organizations use and manage data

The world moves a lot faster today

Businesses of today operate in real time. To maintain a competitive edge, businesses must identify and respond quickly to opportunities and events.

To effectively do this businesses must have accurate and up-to-date data at their fingertips.

To support the new demands around data consumption, data velocity (pace in which data is captured, organized, and analyzed) must also accelerate.

Data Management Implications
  • Strong integration capabilities
  • Intelligent and efficient systems
  • Embedded data quality management
  • Strong transparency into the history of data and its transformation

Studies and projections show a clear case of how data and its usage will grow and evolve.

Zettabyte Era

64.2

More Data

The amount of data created, consumed, and stored globally is forecast to increase rapidly, reaching 64.2 zettabytes in 2020 and projected to grow to over 180 zettabyes in 2025 (Statista, 2021).

Evolving Technologies

$480B

Cloud Proliferation

Global end-user spending on public cloud services is expected to exceed $480 billion next year (Info-Tech, 2021).

To differentiate and remain competitive in today’s marketplace, organizations are becoming more data-driven

Pyramid with a blue tip. Sublevels from top down are labelled 'Analytical Companies', 'Analytical Aspirations', 'Localized Analytics', and 'Analytically Impaired'.

Analytic Competitor

“Given the unforgiving competitive landscape, organizations have to transform now, and correctly. Winning requires an outcome-focused analytics strategy.” (Ramya Srinivasan, Forbes, 2021)
Data and the use of data analytics has become a centerpiece to effective modern business. Top-performing organizations across a variety of industries have been cited as using analytics five times more than lower performers (MIT Sloan).

The strategic value of data

Power intelligent and transformative organizational performance through leveraging data.

Respond to industry disruptors

Optimize the way you serve your stakeholders and customers

Develop products and services to meet ever-evolving needs

Manage operations and mitigate risk

Harness the value of your data

Despite investments in data initiatives, organizations are carrying high levels of data debt

Data debt is the accumulated cost that is associated with the suboptimal governance of data assets in an enterprise, like technical debt.

Data debt is a problem for 78% of organizations.

40%

of organizations say individuals within the business do not trust data insights.

66%

of organizations say a backlog of data debt is impacting new data management initiatives.

33%

of organizations are not able to get value from a new system or technology investment.

30%

of organizations are unable to become data-driven.

(Source: Experian, 2020)

The journey to being data-driven

The journey to becoming a data-driven organization requires a pit stop at data enablement.

The Data Economy

Diagram of 'The Data Economy' with three points on an arrow. 'Data Disengaged: You have a low appetite for data and rarely use data for decision making.' 'Data Enabled: Technology, data architecture, and people and processes are optimized and supported by data governance.' 'Data Driven: You are differentiating and competing on data and analytics, described as a “data first” organization. You’re collaborating through data. Data is an asset.'

Measure success to demonstrate tangible business value

Put data management into the context of the business:
  • Tie the value of data management and its initiatives back to the business capabilities that are enabled.
  • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

Don’t let measurement be an afterthought:

Start substantiating early on how you are going to measure success as your data management program evolves.

Build a right-sized roadmap

Formulate an actionable roadmap that is right-sized to deliver value in your organization.

Key considerations:
  • When building your data management roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
  • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data management partners, also be mindful of the more routine yet still demanding initiatives.
  • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data management milestones
Sample milestones:
  • Data Management Leadership & Org Structure Definition
    Define the home for data management, as approved by senior leadership.
  • Data Management Charter and Policies
    Create a charter for your program and build/refresh associated policies.
  • Data Culture Diagnostic
    Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
  • Use Case Build and Prioritization
    Build a use case that is tied to business capabilities. Prioritize accordingly.
  • Business Data Glossary/Catalog
    Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
  • Tools & Technology
    Explore the tools and technology offering in the data management space that would serve as an enabler to the program (e.g. RFI, RFP).

Insight summary

Overarching insight

Your organization’s value streams and the associated business capabilities require effectively managed data. Whether building customer service excellence or getting ahead of cyberattacks, a data management practice is the dependable mainstay supporting business operations and transformation.

Insight 1

Data – it’s your business.
Data is a digital imprint of business activities. Data architecture and flows are reflective of the organizational business architecture. Take data management capabilities as seriously as other core business capabilities.

Insight 2

Take a data-oriented approach.
Data management must be data-centric – with technology and functional enablement built around the data and its structure and flows. Maintain the data focus during project’s planning, delivery, and evaluation stages.

Insight 3

Get the business into the data business.
Data is not “IT’s thing.” Just as a bank helps you properly allocate your money to achieve your financial goals, IT will help you implement data management to support your business goals, but the accountability for data resides with the business.

Tactical insight

Data management is the program and environment we build once we have direction, i.e. a data strategy, and we have formed an ongoing channel with the guiding voice of the business via data governance. Without an ultimate goal in a strategy or the real requirements of the business, what are we building data systems and processes for? We are used to tech buzz words and placing our hope in promising innovations like artificial intelligence. There are no shortcuts, but there are basic proven actions we can take to meet the digital revolution head on and let our data boost our journey.

Key deliverable:

Data Management Roadmap Template

Use this template to guide you in translating your project's findings and outcomes into a presentation that can be shared with your executive team and project sponsors.

Sample of the 'Data Management Roadmap Template' key deliverable.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Data Management Assessment and Planning Tool

Use this tool to support your team in assessing and designing the capabilities and components of your organization's data management practice. Sample of the 'Data Management Assessment and Planning Tool' deliverable.

Data Culture Diagnostic and Scorecard

Sample of the 'Data Culture Diagnostic and Scorecard' deliverable.

Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

Business Capability Map

This template takes you through a business capability and value stream mapping to identify the data capabilities required to enable them. Sample of the 'Business Capability Map' deliverable.

Measure the value of this blueprint

Leverage this blueprint’s approach to ensure your data management initiatives align and support your key value streams and their business capabilities.
  • Aligning your data management program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
  • This alignment of data management with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.

Project outcome

Metric

Timely data delivery Time of data delivery to consumption
Improved data quality Data quality scorecard metrics
Data provenance transparency Time for data auditing (from report/dashboard to the source)
New reporting and analytic capabilities Number of level 2 business capabilities implemented as solutions
In Phase 1 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data management capabilities and strengths.

In Phase 2, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data management capabilities so that data is well positioned to deliver on those defined business metrics.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Create a Data Management Roadmap project overview

1. Build Business Context and Drivers for the Data Management Program 2. Assess Data Management and Build Your Roadmap
Best-Practice Toolkit

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

Guided Implementation
  • Call 1
  • Call 2
  • Call 3
  • Call 4
  • Call 5
  • Call 6
  • Call 7
  • Call 8
  • Call 9
Phase Outcomes
  • An understanding of the core components of an effective data management program
  • Your organization’s business capabilities and value streams
  • A business capability map for your organization
  • High-value use cases for data management
  • Vision and guiding principles for data management
  • An understanding of your organization’s current data management capabilities
  • Definition of target-state capabilities and gaps
  • Roadmap of priority data management initiatives
  • Business data domains and ownership

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Call #1: Understand drivers, business context, and scope of data management at your organization. Learn about Info-Tech’s approach and resources.

Call #2: Get a detailed overview of Info-Tech’s approach, framework, Data Culture Diagnostic, and blueprint.

Call #3:Align your business capabilities with your data management capabilities. Begin to develop a use case framework.

Call #4:Further discuss alignment of business capabilities to data management capabilities and use case framework.

Call #5: Assess your current data management capabilities and data environment. Review your Data Culture Diagnostic Scorecard, if applicable.

Call #6: Plan target state and corresponding initiatives.

Call #7: Identify program risks and formulate a roadmap.

Call #8: Identify and prioritize improvements. Define a RACI chart.

Call #9: Summarize results and plan next steps.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 Day 2 Day 3 Day 4 Day 5
Activities
Understand and contextualize

1.1 Review your data strategy.

1.2 Learn data management capabilities.

1.3 Discuss DM capabilities cross-dependencies and interactions.

1.4 Develop high-value use cases.

Assess current DM capabilities and set improvement targets

2.1 Assess you current DM capabilities.

2.2 Set targets for DM capabilities.

Formulate and prioritize improvement initiatives

3.1 Formulate core initiatives for DM capabilities improvement.

3.2 Discuss dependencies across the initiatives and prioritize them.

Plan for delivery dates and assign RACI

4.1 Plan dates and assign RACI for the initiatives.

4.2 Brainstorm initiatives to address gaps and enable business goals.

Next steps and wrap-up (offsite)

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables
  1. Understanding of the data management capabilities and their interactions and logical dependencies
  2. Use cases
  1. DM capability assessment results
  2. DM vision and guiding principles
  1. Prioritized DM capabilities improvement initiatives
  1. DM capabilities improvement roadmap
  2. Business data domains and ownership
  1. Workshop final report with key findings and recommendations

Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

What is data management and why is it needed?

“Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

Achieving successful management and consistent delivery of data assets throughout their lifecycle requires the collaboration of the business and IT and the balance of technology, process, and resourcing solutions.

Who:

This research is designed for:
  • Data management heads and professionals looking to improve their organization’s ability to leverage data in value-added ways.
  • Data management and IT professionals looking to optimize the data environment, from creation and ingestion right through to consumption.

Are your data management capabilities optimized to support your organization’s data use and demand?

What is the current situation?

Situation
  • The volume and variety of data are growing exponentially and show no sign of slowing down.
  • Business landscapes and models are evolving.
  • Users and stakeholders are becoming more and more data-centric, with maturing and demanding expectations.
Complication
  • Organizations struggle to develop a comprehensive approach to optimizing data management.
  • In their efforts to keep pace with the demands for data, data management groups often adopt a piecemeal approach that includes turning to tools as a means to address the needs.
  • Data architecture, models, and designs fail to deliver real and measurable business impact and value. Technology ROI is not realized.
Info-Tech Insight

A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

Info-Tech’s Data Management Framework

What Is Data Management?

Data management is the development, execution, and supervision of plans, policies, programs and practices that deliver, control, protect and enhance the value of data and information assets throughout their lifecycles.” (DAMA International, 2017)

The three-tiered Data Management Framework, tiers are labelled 'Data Management Enablers', 'Information Dimensions', and 'Business Information'.

Adapted from DAMA-DMBOK and Advanced Knowledge Innovations Global Solutions

Info-Tech’s Approach

Info-Tech’s Data Management Framework is designed to show how an organization’s business model sits as the foundation of its data management practice. Drawing from the requirements of the underpinning model, a practice is designed and maintained through the creation and application of the enablers and dimensions of data management.

Build a data management practice that is centered on supporting the business and its use of key data assets

Business Resources

Data subject areas provide high-level views of the data assets that are used in business processes and enable an organization to perform its business functions.

Classified by specific subjects, these groups reflect data elements that, when used effectively, are able to support analytical and operational use cases of data.

This layer is representative of the delivery of the data assets and the business’ consumption of the data.

Data is an integral business asset that exists across all areas of an organization

Equation stating 'Trustworthy and Usable Data' plus 'Well-Designed and Executed Processes' equals 'Business Capabilities and Functions'.
Data Management Framework with only the bottom tier highlighted.

For a data management practice to be effective it ultimately must show how its capabilities and operations better support the business in accessing and leveraging its key data assets.*

*This project focuses on building capabilities for data management. Leverage our data quality management research to support you in assessing the performance of this model.

Information dimensions support the different types of data present within an organization’s environment

Information Dimensions

Components at the Information Dimensions layer manage the different types of data and information present with an environment.

At this layer, data is managed based on its type and how the business is looking to use and access the data.

Custom capabilities are developed at this level to support:

  • Structured data
  • Semi-structured data
  • Unstructured data
The types, formats, and structure of the data are managed at this level using the data management enablers to support their successful execution and performance.
Data Management Framework with only the middle tier highlighted.

Build a data management practice with strong process capabilities

Use these guiding principles to contextualize the purpose and value for each data management enabler.

Data Management Framework with only the top tier highlighted.

Data Management Enablers

Info-Tech categorizes data management enablers as the processes that guide the management of the organization’s data assets and support the delivery.

Govern and Direct

  • Ensures data management practices and processes follow the standards and policies outlined for them
  • Manages the executive oversight of the broader practice

Align and Plan

  • Aligns data management plans to the business’ data requirements
  • Creates the plans to guide the design and execution of data management components

Build, Acquire, Operate, Deliver, and Support

  • Executes the operations that manage data as it flows through the business environment
  • Manages the business’ risks in relation to its data assets and the level of security and access required

Monitor and Improve

  • Analyzes the performance of data management components and the quality of business data
  • Creates and execute plans to improve the performance of the practice and the quality and use of data assets

Use Info-Tech’s assessment framework to support your organization’s data management planning

Info-Tech employs a consumer-driven approach to requirements gathering in order to support a data management practice. This will create a vision and strategic plan that will help to make data an enabler to the business as it looks to achieve its strategic objectives.

Data Strategy Planning

To support the project in building an accurate understanding of the organization’s data requirements and the role of data in its operations (current and future), the framework first guides organizations on a business and subject area assessment.

By focusing on data usage and strategies for unique data subject areas, the project team will be better able to craft a data management practice with capabilities that will generate the greatest value and proactively handle evolving data requirements.

Arrow pointing right.

Data Management Assessment

To support the design of a fit-for-purpose data management practice that aligns with the business’ data requirements this assessment will guide you in:

  • Determining the target capabilities for the different dimensions of data management.
  • Identifying the interaction dependencies and coordination efforts required to build a successful data management practice.

Create a Data Management Roadmap

Phase 1

Build Business Context and Drivers for the Data Management Program

Phase 1

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

Phase 2

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

This phase will walk you through the following activities:

  • Identify your business drivers and business capabilities.
  • Align data management capabilities with business goals.
  • Define scope and vision of the data management plan.
  • This phase involves the follow

This phase involves the following participants:

  • Data Management Lead/Information Management Lead, CDO, Data Lead
  • Senior Business Leaders
  • Business SMEs
  • Data Owners, Records Managers, Regulatory Subject Matter Experts (e.g. Legal Counsel, Security)

Step 1.1

Review the Data Management Framework

Activities

1.1.1 Walk through the main parts of the best-practice Data Management Framework

This step will guide you through the following activities:

  • Understand the main disciplines and makeup of a best-practice data management program.
  • Determine which data management capabilities are considered high priority by your organization.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map
Build Business Context and Drivers
Step 1.1 Step 1.2 Step 1.3 Step 1.4

Full page diagram of the 'Data & Analytics landscape'. Caption reads 'The key to landscaping your data environment lies in ensuring foundational disciplines are optimized in a way that recognizes the interdependency among the various disciplines.' Many foundational disciplines are color-coded to a legend determining whether its 'accountability sits with IT' or 'with the business; CDO'. An arrow labeled 'You Are Here' points to 'Data Management', which is coded in both colors meaning both IT and the business are accountable.

Full page illustration of the 'Create a Data Management Roadmap' using the image of a cargo ship labelled 'Data Management' moving in the direction of 'Business Strategy'. The caption at the top reads 'Data Management capabilities create new business value by augmenting data & optimizing it for analytics. Data is a digital imprint of organizational activities.'

Data Management Capabilities

A similar concept to the last one, with a ship moving toward 'Business Strategy', except the ship is cross-sectioned with different capabilities filling the interior of the silhouette. Below are different steps in data management 'Data Creation', 'Data Ingestion', 'Data Accumulation, 'Data Augmentation', 'Data Delivery', and 'Data Consumption'.

Build a Robust & Comprehensive Data Strategy

Business Strategy

Organizational Goals & Objectives

Business Drivers

Industry Drivers

Current Environment

Data Management Capability Maturity Assessment

Data Culture Diagnostic

Regulatory and Compliance Requirements

Data Strategy

Organizational Drivers and Data Value

Data Strategy Objectives & Guiding Principles

Data Strategy Vision and Mission

Data Strategy Roadmap

People: Roles and Organizational Structure

Data Culture & Data Literacy

Data Management and Tools

Risk and Feasibility

Unlock the Value of Data

Generate Game-Changing Insights

Fuel Data-Driven Decision Making

Innovate and Transform With Data

Thrive and Differentiate With a Data-Driven Culture

Elevate Organizational Data IQ

Build a Foundation for Data Valuation

What is a data strategy and why is it needed?

  • Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
  • For any CDO or equivalent data leader, a robust and comprehensive data strategy is the number one tool in your toolkit for generating measurable business value from data.
  • The data strategy will serve as the mechanism for making high-quality, trusted, and well-governed data readily available and accessible to deliver on your organizational mandate.

What is driving the need to formulate or refresh your organization’s data strategy?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent
  • Head of Data
  • Chief Analytics Officer (CAO)
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.

Info-Tech’s Data Governance Framework

Model of Info-Tech's Data Governance Framework titled 'Key to Data Enablement'. There are inputs, a main Data Governance cycle, and a selection of outputs. The inputs are 'Business Strategy' and 'Data Strategy' injected into the cycle via 'Strategic Goals & Objectives'. The cycle consists of 'Operating Model', 'Policies & Procedures', 'Data Literacy & Culture', 'Enterprise Projects & Services', 'Data Management', 'Data Privacy & Security', 'Data Leadership', and 'Data Ownership & Stewardship'. The latter two are part of 'Enterprise Governance's 'Oversight & Alignment' cycle. Outputs are 'Defined Data Accountability & Responsibility', 'Knowledge & Common Understanding of Data Assets', 'Trust & Confidence in Traceable Data', 'Improved Data ROI & Reduced Data Debt', and 'Support of Ethical Use of Data in a Data-Driven Culture'.

What is data governance and why is it needed?

  • Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
  • It should deliver agreed-upon models that are conducive to your organization’s operating culture, where there is clarity on who can do what with which data and via what means.
  • It is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization.
  • It promotes and drives responsible and ethical use and handling of data while helping to build and foster an organizational culture of data excellence.

Do you feel there is a clear definition of data accountability and responsibility in your organization?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent
  • Head of Data Governance, Lead Data Governance Officer
  • Head of Data
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function.

A diagram titled 'Data Platform Selection - Make complex tasks simple by applying proven methodology to connect businesses to software' with five steps. '1. Formalize a Business Strategy', '2. Identify Platform Specific Considerations', '3. Execute Data Platform Architecture Selection', 'Select Software', 'Achieve Business Goals'.

Info-Tech’s Data Platform Framework

Data pipeline for versatile and scalable data delivery

a diagram showing the path from 'Data Creation' to 'Data Accumulation', to 'Engineering & Augmentation', to 'Data Delivery'. Each step has a 'Fast Lane', 'Operational Lane', and 'Curated Lane'.

What are the data platform and practice and why are they needed?

  • The data platform and practice are two parts of the data and analytics equation:
    • The practice is about the operating model for data; that is, how stakeholders work together to deliver business value on your data platform. These stakeholders are a combination of business and IT from across the organization.
    • The platform is a combination of the architectural components of the data and analytics landscape that come together to support the role the business plays day to day with respect to data.
  • Don’t jump directly into technology: use Info-Tech tools to solve and plan first.
  • Create a continuous roadmap to implement and evolve your data practice and platform.
  • Promote collaboration between the business and IT by clearly defining responsibilities.

Does your data platform effectively serve your reporting and analytics capabilities?

Who:

This research is designed for:

  • Data and Information Leadership
  • Enterprise Information Architect
  • Data Architect
  • Data Engineer/Modeler

Info-Tech Insight

Info-Tech’s approach is driven by business goals and leverages standard data practice and platform patterns. This enables the implementation of critical and foundational data and analytics components first and subsequently facilitates the evolution and development of the practice and platform over time.

Info-Tech’s Reporting and Analytics Framework

Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layers is in turn driven by the enterprise reporting and analytics strategy.
A diagram of the 'Reporting and Analytics Framework' with 'Business vision/strategies' fed through four stages beginning with 'Business Intelligence: Reporting & Analytics Strategy', 'Data Warehouse: Data Warehouse/ Data Lake Strategy', 'Integration and Translation: Data Integration Strategy', 'Sources: Source Strategy (Content/Quality)'
The current states of your integration and warehouse platforms determine what data can be used for BI and analytics.
Your enterprise reporting and analytics strategy is driven by your organization’s vision and corporate strategy.

What is reporting and analytics and why is it needed?

  • Reporting and analytics bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed or evidence-based decision making.
  • The reporting and analytics strategy drives data warehouse and integration strategies and the data needs to support business decisions.
  • The reporting and analytics strategy ensures that the investment made in optimizing the data environment to support reporting and analytics is directly aligned with the organization’s needs and priorities and hence will deliver measurable business value.

Do you have a strategy to enable self-serve analytics? What does your operating model look like? Have you an analytics CoE?

Who:

This research is designed for:

  • Head of BI and Analytics
  • CIO or Business Unit (BU) Leader looking to improve reporting and analytics
  • Applications Lead

Info-Tech Insight

Formulating an enterprise reporting and analytics strategy requires the business vision and strategies to first be substantiated. Any optimization to the data warehouse, integration, and source layer is in turn driven by the enterprise reporting and analytics strategy.

Info-Tech’s Data Architecture Framework

Info-Tech’s methodology:
    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
Visual diagram of the first two parts of the methodology on the left. Objectives apply to the data architecture model, which appropriates tactical patterns, which leads to a focus.
    1. Select the areas of the five-tier architecture to focus on.
    2. Measure your current state.
    3. Set the targets of your desired optimized state.
    1. Roadmap your tactics.
    2. Manage and communicate change.
Visual diagram of the third part of the methodology on the left. A roadmap of tactics leads to communicating change.

What is data architecture and why is it needed?

  • Data architecture is the set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.
  • In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

Is your architecture optimized to sustainably deliver readily available and accessible data to users?

Who:

This research is designed for:

  • Data Architects or their equivalent
  • Enterprise Architects
  • Head of Data
  • CIO
  • Database Administrators

Info-Tech Insight

Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify your business’ priorities and adapt your data architecture to those needs.

A diagram titled 'Build Your Data Quality Program'. '1. Data Quality & Data Culture Diagnostics Business Landscape Exercise', '2. Business Strategy & Use Cases', '3. Prioritize Use Cases With Poor Quality'. 'Info-Tech Insight: As data is ingested, integrated, and maintained in the various streams of the organization's system and application architecture, there are multiple points where the quality of the data can degrade.' A data flow diagram points out how 'Data quality issues can occur at any stage of the data flow', and that it is better to 'Fix data quality root causes here' during the 'Data Creation', 'Data Ingestion', and 'Data Accumulation & Engineering' stages in order 'to prevent expensive cures here' in the 'Data Delivery' and 'Reporting & Analytics' stages.

What is data quality management and why is it needed?

  • Data is the foundation of decisions made at data-driven organizations.
  • Data quality management ensures that foundation is sustainably solid.
  • If there are problems with the organization’s underlying data, it can have a domino effect on many downstream business functions.
  • The transformational insights that executives are constantly seeking can be uncovered by a data quality practice that makes high-quality, trustworthy information readily available to the business users who need it.

Do your users have an optimal level of trust and confidence in the quality of the organization’s data?

Who:

This research is designed for:

  • Chief Data Officer (CDO) or equivalent Head of Data
  • Chief Analytics Officer (CAO)
  • Head of Digital Transformation
  • CIO

Info-Tech Insight

Data quality suffers most at the point of entry. The resulting domino effect of error propagation makes these errors among the most costly forms of data quality errors. Fix data ingestion, whether through improving your application and database design or improving your data ingestion policy, and you will fix a majority of data quality issues.

Info-Tech’s Enterprise Content Management Framework

Drivers Governance Information Architecture Process Policy Systems Architecture
Regulatory, Legal –›
Efficiency, Cost-Effectiveness –›
Customer Service –›
User Experience –›
  • Establish decision-making committee
  • Define and formalize roles (RACI, charter)
  • Develop policies
  • Create business data glossary
  • Decide who approves documents in workflow
  • Operating models
  • Information categories (taxonomy)
  • Classifications, retention periods
  • Metadata (for findability and as tags in automated workflows)
  • Review and approval process, e.g. who approves
  • Process for admins to oversee performance of IM service
  • Process for capturing and classifying incoming documents
  • Audit trails and reporting process
  • Centralized index of data and records to be tracked and managed throughout their lifecycle
  • Data retention policy
  • E-signature policy
  • Email policy
  • Information management policies
  • Access/privacy rules
  • Understand the flow of content through multiple systems (e.g. email, repositories)
  • Define business and technical requirements to select a new content management platform/service
  • Improve integrations
  • Right-size solutions for use case (e.g. DAM)
  • Communication/Change Management
  • Data Literacy

What is enterprise content management and why is it needed?

“Enterprise Content Management is the systematic collection and organization of information that is to be used by a designated audience – business executives, customers, etc. Neither a single technology nor a methodology nor a process, it is a dynamic combination of strategies, methods and tools used to capture, manage, store, preserve and deliver information supporting key organizational processes through its entire lifecycle.” (AIIM, 2021)

  • Changing your ECM capabilities is about changing organizational behavior; take an all-hands-on-deck approach to make the most of information gathering, create a vested interest, and secure buy-in.
  • It promotes and drives responsible and ethical use and handling of content while helping to build and foster an organizational culture of information excellence.

Who:

This research is designed for:

  • Information Architect
  • Chief Data Officer (CDO)
  • Head of Data, Information Management
  • Records Management
  • CIO

Info-Tech Insight

ECM is critical to becoming a digital and modernized operation, where both structured data (such as sales reports) and unstructured content (such as customer sentiment in social media) are brought together for a 360-degree view of the customer or for a comprehensive legal discovery.

Metadata management/Data cataloging

Overview

Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about data or information about information (NISO).

Metadata management is the function that manages and maintains the technology and processes that creates, processes, and stores metadata created by business processes and data.

90%

The majority of data is unstructured information like text, video, audio, web server logs, social media, and more (MIT Sloan, 2021).
As data becomes more unstructured, complex, and manipulated, the importance and value of metadata will grow exponentially and support improved:
  • Data consumption
  • Quality management
  • Risk management

Value of Effective Metadata Management

  • Supports the traceability of data through an environment.
  • Creates standards and logging that enable information and data to be searchable and cataloged.
  • Metadata schemas enable easier transferring and distribution of data across different environments.
Data about data: The true value of metadata and the management practices supporting it is its ability to provide deeper understanding and auditability to the data assets and processes of the business.
Metadata supports the use of:
Big Data
Unstructured data
Content and Documents
Unstructured and semi-structured data
Structured data
Master, reference, etc.

Critical Success Factors of Metadata Management

  • Consistent and documented data standards and definitions
  • Architectural planning for metadata
  • Incorporation of metadata into system design and the processing of data
  • Technology to support metadata creation, collection, storage, and reviews (metadata repository, meta marts, etc.)

Info-Tech’s Data Integration Framework

On one hand…

Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

On the other hand…

It is difficult to bring data together from different sources to generate insights and prevent stale data.

How can these two ideas be reconciled?

Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level and is used to design a common data-centric integration environment.

A diagram of the 'Data Integration Onion Framework' with five layers: 'Enterprise Business Processes', 'Enterprise Analytics', 'Enterprise Integration', 'Enterprise Data Repositories', and 'Enterprise Data' at the center.
Info-Tech’s Data Integration Onion Framework
Data-centric integration is the solution you need to bring data together to break down data silos.

What is data integration and why is it needed?

  • To get more value from their information, organizations are relying on increasingly more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of that data.
  • Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and that leads to the formation of data silos.
  • Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

Is your integration near real time and scalable?

Who:

This research is designed for:

  • Data Engineers
  • Business Analysts
  • Data Architects
  • Head of Data Management
  • Enterprise Architects

Info-Tech Insight

Every IT project requires data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.

Info-Tech’s Master Data Management Framework

Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).

The Data Management Framework from earlier with tier 2 item 'Reference and Master' highlighted.

Fundamental objective of MDM: Enable the business to see one view of critical data elements across the organization.

Phases of the MDM Framework. 'Phase 1: Build a Vision for MDM' entails a 'Readiness Assessment', then both 'Identify the Master Data Needs of the Business' and 'Create a Strategic Vision'. 'Phase 2: Create a Plan and Roadmap for the Organization’s MDM Program' entails 'Assess Current MDM Capabilities', then 'Initiative Planning', then 'Strategic Roadmap'.

What is MDM and why is it needed?

  • Master data management (MDM) “entails control over Master Data values and identifiers that enable consistent use, across systems, of the most accurate and timely data about essential business entities” (DAMA, 2017).
  • The fundamental objective of MDM is to enable the business to see one view of critical data elements across the organization.
  • What is included in the scope of MDM?
    • Party data (employees, customers, etc.)
    • Product/service data
    • Financial data
    • Location data

Is there traceability and visibility into your data’s lineage? Does your data pipeline facilitate that single view across the organization?

Who:

This research is designed for:

  • Chief Data Officer (CDO)
  • Head of Data Management, CIO
  • Data Architect
  • Head of Data Governance, Data Officer

Info-Tech Insight

Successful MDM requires a comprehensive approach. To be successfully planned, implemented, and maintained it must include effective capabilities in the critical processes and subpractices of data management.

Data Modeling Framework

  • The framework consists of the business, enterprise, application, and implementation layers.
  • The Business Layer encodes real-world business concepts via the conceptual model.
  • The Enterprise Layer defines all enterprise data asset details and their relationships.
  • The Application Layer defines the data structures as used by a specific application.
  • The Implementation Layer defines the data models and artifacts for use by software tools.
Data Modeling Framework with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

Model hierarchy

  • The Conceptual data model describes the organization from a business perspective.
  • The Message model is used to describe internal- and external-facing messages and is equivalent to the canonical model.
  • The Enterprise model depicts the whole organization and is divided into domains.
  • The Analytical model is built for specific business use cases.
  • Application models are application-specific operational models.
Model hierarchy with items from the 'Implementation Layer' contributing to items in the 'Application Layer' and 'Enterprise Layer' before turning into a 'Conceptual Model' in the 'Business Layer'.

Info-Tech Insight

The Conceptual model acts as the root of all the models required and used by an organization.

Data architecture and modeling processes

A diagram moving from right to left through 5 phases: 'Business concepts defined and organized', 'Business concepts enriched with attribution', 'Physical view of the data, still vendor agnostic', 'The view being used by developers and business', and 'Manage the progression of your data assets'.

Info-Tech Insight

The Conceptual data model adds relationships to your business data glossary terms and is the first step of the modeling journey.

Data operations

Objectives of Data Operations Management

  • Implement and follow policies and procedures to manage data at each stage of its lifecycle.
  • Maintain the technology supporting the flow and delivery of data (applications, databases, systems, etc.).
  • Control the delivery of data within the system environment.

Indicators of Successful Data Operations Management

  • Effective delivery of data assets to end users.
  • Successful maintenance and performance of the technical environment that collects, stores, delivers, and purges organizational data.
'Data Lifecycle' with steps 'Create', 'Acquire', 'Store', 'Maintain', 'Use', and 'Archive/Destroy'.
This data management enabler has a heavy focus on the management and performance of data systems and applications.
It works closely with the organization’s technical architecture to support successful data delivery and lifecycle management (data warehouses, repositories, databases, networks, etc.).

Step 1.2

Understand and Align to Business Drivers

Activities

1.2.1 Define your value streams

1.2.2 Identify your business capabilities

1.2.3 Categorize your organization’s key business capabilities

1.2.4 Develop a strategy map tied to data management

This step will guide you through the following activities:

  • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map.
  • Determine which business capabilities are considered high priority by your organization.
  • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

Identifying value streams

Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities.
There are several key questions to ask when endeavouring to identify value streams.

Key Questions

  • Who are your customers?
  • What are the benefits we deliver to them?
  • How do we deliver those benefits?
  • How does the customer receive the benefits?

1.2.1 Define value streams

1-3 hours

Input: Business strategy/goals, Financial statements, Info-Tech’s industry-specific business architecture

Output: List of organization-specific value streams, Detailed value stream definition(s)

Materials: Whiteboard/kanban board, Info-Tech’s Reference Architecture Template – contact your Account Representative for details, Other industry standard reference architecture models: BIZBOK, APQC, etc., Info-Tech’s Archimate models

Participants: Enterprise/Business Architect, Business Analysts, Business Unit Leads, CIO, Departmental Executive & Senior managers

Unify the organization’s perspective on how it creates value.

  1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
  2. Consider:
    • How does the organization deliver those benefits?
    • How does the customer receive the benefits?
    • What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
  3. Avoid:
    • Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.

Contact your Account Representative for access to Info-Tech’s Reference Architecture Template

Define or validate the organization’s value streams

Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

If the organization does not have a business architecture function to conduct and guide Activity 1.2.1, you can leverage the following approach:

  • Meet with key stakeholders regarding this topic, then discuss and document your findings.
  • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture–related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
  • Engage with these stakeholders to define and validate how the organization creates value. Consider:
    • Who are your main stakeholders? This will depend on the industry in which you operate. For example, they could be customers, residents, citizens, constituents, students, patients.
    • What are your stakeholders looking to accomplish?
    • How does your organization’s products and/or services help them accomplish that?
    • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
    • How do your stakeholders receive those benefits?

Align data management to the organization’s value realization activities.

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

Info-Tech Insight

Your organization’s value streams and the associated business capabilities require effectively managed and governed data. Without this, you could face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

Example of value streams – Retail Banking

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Retail Banking

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Retail Banking with five value chains. 'Attract Customers: Retail banks design new products to fill gaps in their product portfolios by analyzing the market for changing customer needs and new competitor offerings or pricing; Pricing a product correctly through analysis and rate setting is a delicate balance and fundamental to a bank’s success.' 'Supply Loans and Mortgages and Credit Cards: Selecting lending criteria helps banks decide on the segment of customer they should take on and the degree of risk they are willing to accept.' 'Provide Core Banking Services: Servicing includes the day-to-day interactions with customers for onboarding, payments, adjustments, and offboarding through multiple banking channels; Customer retention and growing share of wallet are crucial capabilities in servicing that directly impact the growth and profitability of retail banks.' 'Offer Card Services: Card servicing involves quick turnarounds on card delivery and acceptance at a large number of merchants; Accurate billing and customizable spending alerts are crucial in ensuring that the customer understands their spending habits.' 'Grow Investments and Manage Wealth: Customer retention can be increased through effective wealth management and additional services that will increase the number of products owned by a customer.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Retail Banking.

Example of value streams – Higher Education

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Higher Education

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Higher Education with five value chains. 'Shape Institutional Research: Institutional research provides direct benefits to both partners and faculty, ensuring efficient use of resources and compliance with ethical and methodological standards; This value stream involves all components of the research lifecycle, from planning and resourcing to delivery and commercialization.' 'Facilitate Curriculum Design: Curriculum design is the process by which learning content is designed and developed to achieve desired student outcomes; Curriculum management capabilities include curriculum planning, design and commercialization, curriculum assessment, and instruction management.' 'Design Student Support Services: Support services design and development provides a range of resources to assist students with academic success, such as accessibility, health and counseling, social services, housing, and academic skills development.' 'Manage Academic Administration: Academic administration involves the broad capabilities required to attract and enroll students in institutional programs; This value stream involves all components related to recruitment, enrollment, admissions, and retention management.' 'Deliver Student Services: Delivery of student services comes after curricular management, support services design, and academic administration. It comprises delivery of programs and services to enable student success; Program and service delivery capabilities include curriculum delivery, convocation management, and student and alumni support services.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

Example of value streams – Local Government

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Local Government

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Local Government with five value chains. 'Sustain Land, Property, and the Environment: Local governments act as the stewards of the regional land and environment that are within their boundaries; Regional government bodies are responsible for ensuring that the natural environment is protected and sustained for future citizens in the form of parks and public land.' 'Facilitate Civic Engagement: Local governments engage with constituents to maintain a high quality of life through art, culture, and education.' 'Protect Local Health and Safety: Health concerns are managed by a local government through specialized campaigns and clinics; Emergency services are provided by the local authority to protect and react to health and safety concerns including police and firefighting services.' 'Grow the Economy: Economic growth is a cornerstone of a strong local government. Growth comes from flourishing industries, entrepreneurial success, high levels of employment, and income from tourism.' 'Provide Regional Infrastructure: Local governments ensure that infrastructure is built, maintained, and effective in meeting the needs of constituents. (Includes: electricity, water, sustainable energy sources, waste collection, transit, and local transportation.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

Example of value streams – Manufacturing

Value streams connect business goals to the organization’s value realization activities.

Example value stream descriptions for: Manufacturing

Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities. Example Value Stream for Manufacturing with three value chains. 'Design Product: Manufacturers proactively analyze their respective markets for any new opportunities or threats; They design new products to serve changing customer needs or to rival any new offerings by competitors; A manufacturer’s success depends on its ability to develop a product that the market wants at the right price and quality level.' 'Produce Product: Optimizing production activities is an important capability for manufacturers. Raw materials and working inventories need to be managed effectively to minimize wastage and maximize the utilization of the production lines; Processes need to be refined continuously over time to remain competitive and the quality of the materials and final products needs to be strictly managed.' 'Sell Product: Once produced, manufacturers need to sell the products. This is done through distributors, retailers, and, in some cases, directly to the end consumer; After the sale, manufacturers typically have to deliver the product, provide customer care, and manage complaints; Manufacturers also randomly test their end products to ensure they meet quality requirements.'

For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

Define the organization’s business capabilities in a business capability map

A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

Working with the stakeholders as described in the slide entitled “Define or validate the organization’s value streams”:

  • Analyze the value streams to identify and describe the organization’s capabilities that support them.
  • Consider the objective of your value stream. (This can highlight which capabilities support which value stream.)
  • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
  • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

Align data management to the organization’s value realization activities.

Info-Tech Insight

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data management program must support.

For more information, refer to Info-Tech’s Document Your Business Architecture.

1.2.2 Identify your business capabilities

Input: List of confirmed value streams and their related business capabilities

Output: Business capability map with value streams for your organization

Materials: Your existing business capability map, Business Alignment worksheet provided in the Data Management Assessment and Planning Tool, Info-Tech’s Document Your Business Architecture blueprint

Participants: Key business stakeholders, Data stewards, Data custodians, Data leads and administrators

Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

  • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities reflect the organization’s current business environment.
  • If you do not have an existing business capability map, complete this activity to initiate the formulation of a map (value streams and related business capabilities):
    1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
    2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of one another, and typically will have a defined business outcome.

Example business capability map – Retail Banking

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

Example business capability map for: Retail Banking

Example business capability map for Retail Banking with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

Example business capability map – Higher Education

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data management program.

Example business capability map for: Higher Education

Example business capability map for Higher Education with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

Example business capability map – Local Government

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Local Government

Example business capability map for Local Government with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

Example business capability map – Manufacturing

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Manufacturing

Example business capability map for Manufacturing with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

Example business capability map – Retail

A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

Info-Tech Tip: Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

Example business capability map for: Retail

Example business capability map for Retail with value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

1.2.3 Categorize your organization’s key capabilities

Input: Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

Output: Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk) See next slide for an example

Materials: Your existing business capability map or the business capability map derived in Activity 1.2.2

Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

Determine which capabilities are considered high priority in your organization.

  1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future-state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
  2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
  3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

For more information, refer to Info-Tech’s Document Your Business Architecture.

Example of business capabilities categorization or heatmapping – Retail

This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

  • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
  • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

Example: Retail

Example business capability map for Retail with capabilities categorized into Cost Advantage Creators and Competitive Advantage creators via a legend. Value stream items as column headers, and rows 'Enabling', 'Shared', and 'Defining'.

For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

1.2.4 Develop a strategy map tied to data management

Input: Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

Output: A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and ultimately data programs

Materials: Your existing business capability map or the one created in Activity 1.2.2, Business strategy (see next slide for an example)

Participants: Key business stakeholders, Data stewards, Data custodians, Data governance working group

Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business–data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

  1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
  2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and ultimately data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
  3. Confirm the strategy mapping with other relevant stakeholders.

Example of a strategy map tied to data management

  • Strategic objectives are the outcomes the organization is looking to achieve.
  • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
  • Business capabilities define what a business does to enable value creation in value streams.
  • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap that will enable one or multiple business capabilities in its desired target state.

Info-Tech Tip: Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

Example: Retail

Example of a strategy map tied to data management with diagram column headers 'Strategic Objectives' (are realized through...) 'Value Streams' (are enabled by...) 'Key Capabilities' (are driven by...) 'Data Capabilities and Initiatives'. Row headers are objectives and fields are composed of three examples of each column header.

For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

Step 1.3

Build High-Value Use Cases for Data Management

Activities

1.3.1 Build high-value use cases

This step will guide you through the following activities:

  • Understand the main disciplines and makeup of a best-practice data management program.
  • Determine which data management capabilities are considered high priority by your organization.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

1.3.1 Build high-value use cases

Input: Value streams and business capabilities as defined by business leaders, Business stakeholders’ subject area expertise, Data custodian systems, integration, and data knowledge

Output: Use cases that articulate data-related challenges, needs, or opportunities that are tied to defined business capabilities and hence, if addressed, will deliver measurable value to the organization

Materials: Your business capability map from Activity 1.2.2, Info-Tech’s Data Use Case Framework Template, Whiteboard or flip charts (or shared screen if working remotely), Markers/pens

Participants: Key business stakeholders, Data stewards and business SMEs, Data custodians, Data leads and administrators

This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

  1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
  2. Leverage Info-Tech’s Data Use Case Framework Template as seen on the next slide.
  3. Have the stakeholders move through each breakout session outlined in the use case worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
  4. Debrief and document results in the Data Use Case Framework Template.
  5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

Download Info-Tech’s Data Use Case Framework Template

Data use cases

Sample Data

The following is the list of use cases as articulated by key stakeholders at [Organization Name].

The stakeholders see these as areas that are relevant and highly valuable for delivering strategic value to [Organization Name].

Use Case 1: Customer/Student/Patient/Resident 360 View

Use Case 2: Project/Department Financial Performance

Use Case 3: Vendor Lifecycle Management

Use Case 4: Project Risk Management

Prioritization of use cases

Example table for use case prioritization. Column headers are 'Use Case', 'Order of Priority', and 'Comments'. Fields are empty.

Use case 1

Sample Data

Problem statement:

  • We are not realizing our full growth potential because we do not have a unified 360 view of our customers/clients/[name of external stakeholder].
  • This impacts: our cross-selling; upselling; talent acquisition and retention; quality of delivery; ability to identify and deliver the right products, markets, and services...

If we could solve this:

  • We would be able to better prioritize and position ourselves to meet evolving customer needs.
  • We would be able to optimize the use of our limited resources.

Use case 1: challenges, risks, and opportunities

Sample Data

  1. What is the number one risk you need to alleviate?
    • Loss of potential revenue, whether from existing or net new customers.
      • How?
        • By not maximizing opportunities with customers or even by losing customers; by not understanding or addressing their greatest needs
        • By not being able to win potential new customers because we don’t understand their needs
  2. What is the number one opportunity you wish to see happen?
    • The ability to better understand and anticipate the needs of both existing and potential customers.
  3. What is the number one pain point you have when working with data?
    • I can’t do my job with confidence because it’s not based on comprehensive, sound, reliable data. My group spends significant time reconciling data sets with little time left for data use and analysis.
  4. What are your challenges in performing the activity today?
    • I cannot pull together customer data in a timely manner due to having a high level of dependence on specific individuals with institutional knowledge rather than having easy access to information.
    • It takes too much time and effort to pull together what we know about a customer.
    • The necessary data is not consolidated or readily/systematically available for consumption.
    • These challenges are heightened when dealing with customers across markets.

Use case 1 (cont'd)

Sample Data

  1. What does “amazing” look like if we solve this perfectly?
    • Employees have immediate, self-service access to necessary information, leading to better and more timely decisions. This results in stronger business and financial growth.
  2. What other business unit activities/processes will be impacted/improved if we solve this?
    • Marketing/bid and proposal, staffing, procurement, and contracting strategy
  3. What compliance/regulatory/policy concerns do we need to consider in any solution?
    • PII, GDPR, HIPAA, CCPA, etc.
  4. What measures of success/change should we use to prove the value of the effort (KPIs/ROI)?
    • Win rate, number of services per customer, gross profit, customer retention, customer satisfaction scores, brand awareness, and net promoter score
  5. What are the steps in the process/activity today?
    • Manual aggregation (i.e. pull data from systems into Excel), reliance on unwritten knowledge, seeking IT support, canned reports

Use case 1 (cont'd)

Sample Data

  1. What are the applications/systems used at each step?
    • Salesforce CRM, Excel, personal MS Access databases, SharePoint
  2. What data elements (domains) are involved, created, used, or transformed at each step?
    • Bid and proposal information, customer satisfaction, forecast data, list of products, corporate entity hierarchy, vendor information, key staffing, recent and relevant news, and competitor intelligence

Use case worksheet

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

1.

What business capability (or capabilities) in your business area is this use case tied to?

Examples: Demand Planning, Assortment Planning, Allocation & Replenishment, Fulfillment Planning, Customer Management
2.

What are your data-related challenges in performing this today?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

3.

What are the steps in the process/activity today?

4.

What are the applications/systems used at each step today?

5.

What data domains are involved, created, used, or transformed at each step today?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

6.

What does an ideal or improved state look like?

7.

What other business units, business capabilities, activities, or processes will be impacted and/or improved if this were to be solved?

8.

Who are the stakeholders impacted by these changes? Who needs to be consulted?

9.

What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

10.

What compliance, regulatory, or policy concerns do we need to consider in any solution?

11.

What measures of success or change should we use to prove the value of the effort (KPIs/ROI)? What is the measurable business value of doing this?

Use case worksheet (cont’d.)

Objective: This business needs gathering activity will help you highlight and create relevant use cases around data-related problems or opportunities. They should be clear and contained and, if addressed, will deliver value to the organization.

10.

Conclusion: What are the data capabilities that need to be optimized, addressed, or improved to support or help realize the business capability (or capabilities) highlighted in this use case?

(Tip: This will inform your future-state data capabilities optimization planning and roadmapping activities.)

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

Challenges
  • Data is not suitable for analytics. It takes lot of effort to clean data.
  • Data intervals are not correct and other data quality issues.
  • The roles are not clearly defined.
  • Lack of communication between key stakeholders.
  • Inconsistent data/reporting/governance in the agencies. This has resulted in number of issues for Covid-19 emergency management. Not able to report accurately on number of cases, deaths, etc.
  • Data collection systems changed overtime (forms, etc.).
  • GIS has done all the reporting. However, why GIS is doing all the reporting is not clear. GIS provides critical information for location. Reason: GIS was ready with reporting solution ArcGIS.
  • Problem with data collection, consolidation, and providing hierarchical view.
  • Change in requirements, metrics – managing crisis by email and resulting in creating one dashboard after another. Not sure whether these dashboards being used.
  • There is a lot of manual intervention and repeated work.
What Does Amazing Look Like?
  • One set of dashboards (or single dashboard) – too much time spend on measure development
  • Accurate and timely data
  • Automated data
  • Access to granular data (for researchers and other stakeholders)
  • Clear ownership of data and analytics
  • It would have been nice to have governance already prior to this crisis
  • Proper metrics to measure usage and value
  • Give more capabilities such as predictive analytics, etc.
Related Processes/Impact
  • DPH
  • Schools
  • Business
  • Citizens
  • Resources & Funding
  • Data Integration & GIS
  • Data Management
  • Automated Data Quality
Compliance
  • HIPAA, FERPA, CJIS, IRS
  • FEMA
  • State compliance requirement – data classification
  • CDC
  • Federal data-sharing agreements/restrictions
Benefits/KPIs
  • Reduction in cases
  • Timely response to outbreak
  • Better use of resources
  • Economic impact
  • Educational benefits
  • Trust and satisfaction

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

Current Steps in Process Activity (Systems)
  1. Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM
  2. KYEM stores this information/data
  3. Deduplicate data (emergency preparedness group)
  4. Generate dashboard using ArcGIS
  5. Map to monitor status of the update
  6. Error correction using web portal (QAQC)
  7. Download Excel/CVS after all 97 hospital reports
  8. Sent to federal platform (White House, etc.)
  9. Generate reports for epidemiologist (done manually for public reporting)
Data Flow diagram

Data flow diagram.

SystemsData Management Dimensions
  1. Data Governance
  2. Data Quality
  3. Data Integrity
  4. Data Integration
  1. Data Architecture
  2. Metadata
  3. Data Warehouse, Reporting & Analytics
  4. Data Security

Data Management Workshop
Use Case 1: Covid-19 Emergency Management

[SAMPLE]

Problem Statement

Inability to provide insights to DPH due to inconsistent data, inaccurate reporting, missing governance, and unknown data sources resulting in decisions that impact citizens being made without accurate information.

List Future Process Steps

Prior to COVID-19 Emergency Response:

  • ArcGIS data integrated available in data warehouse/data lake.
  • KYEM data integrated and available in data warehouse/data lake.
  • CHFS data integrated and available in data warehouse/data lake.
  • Reporting standards and tools framework established.

After COVID-19 Emergency Response:

  • Collect data through Survey123 using ArcGIS (hospitals are managed to report by 11 am) – owned KYEM.
  • Error correction using web portal (QAQC).
  • Generate reports/dashboard/files as per reporting/analytical requirements:
    • Federal reporting
    • COVID dashboards
    • Epidemiologist reports
    • Lab reporting
Future Process and Data Flow

Data flow diagram with future processes.

Step 1.4

Create a Vision and Guiding Principles for Data Management

Activities

1.4.1 Craft a vision

1.4.2 Create guiding principles

This step will guide you through the following activities:

  • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach.
  • Determine which business capabilities are considered high priority by your organization.
  • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Build Business Context and Drivers

Step 1.1 Step 1.2 Step 1.3 Step 1.4

1.4.1 Craft a vision

Input: Organizational vision and mission statements, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

Output: Vision and mission statements

Materials: Markers and pens, Whiteboard, Online whiteboard, Vision samples and templates

Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

Complete the vision statement to set the direction, the “why,” for the changes we’re making. The vision is a reference point that should galvanize everyone in the organization and set guardrails for technical and process decisions to follow.

  1. Bring together key business stakeholders (content owners, SMEs, and relevant IT custodians) to craft a data management vision statement.
  2. Start by brainstorming keywords, such as customer-focused, empower the business, service excellence, findable and manageable, protected, accessible, paperless.
  3. Highlight the keywords that resonate most with the group. Refer to example vision statements for ideas.

Create a common data management vision that is consistently communicated to the organization

A data management program should be an enterprise-wide initiative.

  • To create a strong vision for data management, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
  • Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
  • The data management program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
Stock image of a megaphone with multiple icons pouring from its opening.

Info-Tech Tips

  • Use information from the stakeholder interviews to derive business goals and objectives.
  • Work to integrate different opinions and perspectives into the overall vision for data management.
  • Brainstorm guiding principles for content and understand the overall value to the organization.

Create compelling vision and mission statements for the organization’s future data management practice

A vision represents the way your organization intends to be in the future.

A clear vision statement helps align the entire organization to the same end goal.

Your vision should be brief, concise, and inspirational; it is attempting to say a lot in a few words, so be very thoughtful and careful with the words you choose. Consider your strengths across departments – business and IT, the consumers of your services, and your current/future commitments to service quality.

Remember that a vision statement is internally facing for other members of your company throughout the process.

A mission expresses why you exist.

While your vision is a declaration of where your organization aspires to be in the future, your mission statement should communicate the fundamental purpose of the data management practice.

It identifies the function of the practice, what it produces, and its high-level goals that are linked to delivering timely, high-quality, relevant, and valuable data to business processes and end users. Consider if the practice is responsible for providing data for analytical and/or operational use cases.

A mission statement should be a concise and clear statement of purpose for both internal and external stakeholders.

“The Vision is the What, Where or Who you want the company to become. The Mission is the WHY the company exists, it is your purpose, passion or cause.” (Doug Meyer-Cuno, Forbes, 2021)

Data Management Vision and Mission Statements: Draft

Vision and mission statements crafted by the workshop participants. These statements are to be reviewed, refined into a single version, approved by members of the senior leadership team, and then communicated to the wider organization.

Corporate

Group 1

Group 2

Vision:
Create and maintain an institution of world-class excellence.
Vision: Vision:
Mission:
Foster an economic and financial environment conducive to sustainable economic growth and development.
Mission: Mission:

Information management framework

The information management framework is a way to organize all the ECM program’s guidelines and artifacts

Information management framework with 'Information Management Vision' above six principles. Below them are 'Information Management Policies' and 'Information Management Standards and Procedures.'

The vision is a statement about the organization’s goals and provides a basis to guide decisions and rally employees toward a shared goal.

The principles or themes communicate the organization’s priorities for its information management program.

Policies are a set of official guidelines that determine a course of action. For example: Company is committed to safety for its employees.

Procedures are a set of actions for doing something. For example: Company employees will wear protective gear while on the production floor.

Craft your vision

Use the insights you gathered from users and stakeholders to develop a vision statement
  • The beginning of a data management practice is a clear set of goals and key performance indicators (KPIs).
    A good set of goals takes time and input from senior leadership and stakeholders.
  • The data management program lead is selling a compelling vision of what is possible.
  • The vision also helps set the scope and expectations about what the data management program lead is and is not doing.
  • Be realistic about what you can do and how long it will take to see a difference.
Table comparing the talk (mission statements, vision statements, and values) with the walk (strategies/goals, objectives, and tactical plans). Example vision statements:
  • The organization is dedicated to creating an enabling structure that helps the organization get the right information to the right people at the right time.
  • The organization is dedicated to creating a program that recognizes data as an asset, establishing a data-centric culture, and ensuring data quality and accessibility to achieve service excellence.
The vision should be short, memorable, inspirational and draw a clear picture of what that future-state data management experience looks like.

Is it modern and high end, with digital self-service?

Is it a trusted and transparent steward of customer assets?

1.4.2 Create guiding principles

Input: Sample data management guiding principles, Stakeholder survey results and elicitation findings, Use cases, Business and data capability map

Output: Data management guiding principles

Materials: Markers and pens, Whiteboard, Online whiteboard, Guiding principles samples and templates

Participants: Key business stakeholders, Data managers, Data owners, Business leads and SMEs, Project team, Project sponsor

Draft a set of guiding principles that express your program’s values as a framework for decisions and actions and keep the data strategy alive.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to craft a set of data management guiding principles.
  2. Refer to industry sample guiding principles for data management.
  3. Discuss what’s important to stakeholders and owners, e.g. security, transparency, integrity. Good guiding principles address real challenges.
  4. A helpful tip: Craft principles as “We will…” statements for the problems you’ve identified.

Twelve data management universal principles

[SAMPLE]
Principle Definitions
Data Is Accessible Data is accessible across the organization based on individuals’ roles and privileges.
Treat Data as an Asset Treat data as a most valuable foundation to make right decisions at the right time. Manage the data lifecycle across organization.
Manage Data Define strategic enterprise data management that defines, integrates, and effectively retrieves data to generate accurate, consistent insights.
Define Ownership & Stewardship Organizations should clearly appoint data owners and data stewards and ensure all team members understand their role in the company’s data management system.
Use Metadata Use metadata to ensure data is properly managed by tacking how data has been collected, verified, reported, and analyzed.
Single Source of Truth Ensure the master data maintenance across the organization.
Ensure Data Quality Ensure data integrity though out the lifecycle of data by establishing a data quality management program.
Data Is Secured Classify and maintain the sensitivity of the data.
Maximize Data Use Extend the organization’s ability to make the most of its data.
Empower the Users Foster data fluency and technical proficiency through training to maximize optimal business decision making.
Share the Knowledge Share and publish the most valuable insights appropriately.
Consistent Data Definitions Establish a business data glossary that defines consistent business definitions and usage of the data.

Create a Data Management Roadmap

Phase 2

Assess Data Management and Build Your Roadmap

Phase 1

1.1 Review the Data Management Framework

1.2 Understand and Align to Business Drivers

1.3 Build High-Value Use Cases

1.4 Create a Vision

Phase 2

2.1 Assess Data Management

2.2 Build Your Data Management Roadmap

2.3 Organize Business Data Domains

This phase will walk you through the following activities:

  • Understand your current data management capabilities.
  • Define target-state capabilities required to achieve business goals and enable the data strategy.
  • Identify priority initiatives and planning timelines for data management improvements.

This phase involves the following participants:

  • Data Management Lead/Information Management Lead, CDO, Data Lead
  • Senior Business Leaders
  • Business SMEs
  • Data owners, records managers, regulatory subject matter experts (e.g. legal counsel, security)

Step 2.1

Assess Your Data Management Capabilities

Activities

2.1.1 Define current state of data management capabilities

2.1.2 Set target state and identify gaps

This step will guide you through the following activities:

  • Assess the current state of your data management capabilities.
  • Define target-state capabilities required to achieve business goals and enable the data strategy.
  • Identify gaps and prioritize focus areas for improvement.

Outcomes of this step

  • A prioritized set of improvement areas aligned with business value stream and drivers

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

Define current state

The Data Management Assessment and Planning Tool will help you analyze your organization’s data requirements, identify data management strategies, and systematically develop a plan for your target data management practice.
  • Based on Info-Tech’s Data Management Framework, evaluate the current-state performance levels for your organization’s data management practice.
  • Use the CMMI maturity index to assign values 1 to 5 for each capability and enabler.

A visualization of stairs numbered up from the bottom. Main headlines of each step are 'Initial and Reactive', 'Managed while developing DG capabilities', 'Defined DG capabilities', 'Quantitatively Managed by DG capabilities', and 'Optimized'.

Sample of the 'Data Management Current State Assessment' form the Data Management Assessment and Planning Tool.

2.1.1 Define current state

Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map

Output: Current-state data management capabilities

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g. Data Governance, Data Quality, Risk.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign current-state maturity levels in each question of the worksheet.
  2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
  3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
  4. In tab 4, “Current State Assessment,” populate a current-state value for each item in the Data Management Capabilities worksheet.
  5. Once you’ve entered values in tab 4, a visual and summary report of the results will be generated on tab 5, “Current State Results.”

2.1.2 Set target state and identify gaps

Input: Stakeholder survey results and elicitation findings, Use cases, Business and data management capability map to identify priorities

Output: Target-state data management capabilities, Gaps identification and analysis

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Assign a maturity level value from 1 to 5 for each question in the assessment tool, organized into capabilities, e.g., Data Governance, Data Quality, Risk.

  1. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to assign target-state maturity levels in each question of the worksheet.
  2. Remember that there is more distance between levels 4 and 5 than there is between 1 and 2 – the distance between levels is not even throughout.
  3. To help assign values, think of the higher levels as representing cross-enterprise standardization, monitored for continuous improvement, formalized and standardized, while the lower levels mean applied within individual units, not formalized or tracked for performance.
  4. In tab 6, “Target State & Gap Analysis,” enter maturity values in each item of the Capabilities worksheet in the Target State column.
  5. Once you’ve assigned both target-state and current-state values, the tool will generate a gap analysis chart on tab 7, “Gap Analysis Results,” where you can start to decide first- and second-line priorities.

Step 2.2

Build Your Data Management Roadmap

Activities

2.2.1 Describe gaps

2.2.2 Define gap initiatives

2.2.2 Build a data management roadmap

This step will guide you through the following activities:

  • Identify and understand data management gaps.
  • Develop data management improvement initiatives.
  • Build a data management–prioritized roadmap.

Outcomes of this step

  • A foundation for data management initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

2.2.1 Describe gaps

Input: Target-state maturity level

Output: Detail and context about gaps to lead planners to specific initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Based on the gaps result, describe the nature of the gap, which will lead to specific initiatives for the data management plan:

  1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, enter additional context about the nature and extent of each gap in the Gap Description column.
  2. Based on the best-practices framework we walked through in Phase 1, note the specific areas that are not fully developed in your organization; for example, we don’t have a model of our environment and its integrations, or there isn’t an established data quality practice with proactive monitoring and intervention.

2.2.2 Define gap initiatives

Input: Gaps analysis, Gaps descriptions

Output: Data management initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Based on the gap analysis, start to define the data management initiatives that will close the gaps and help the organization achieve its target state.

  1. In tab 6, “Target State & Gap Analysis,” the same tab where you entered your target-state maturity level, note in the Gap Initiative column what actions you can take to address the gap for each item. For example, if we found through diagnostics and use cases that users didn’t understand the meaning of their data or reports, an initiative might be, “Build a standard enterprise business data catalog.”
  2. It’s an opportunity to brainstorm, to be creative, and think about possibilities. We’ll use the roadmap step to select initiatives from this list.
  3. There are things we can do right away to make a difference. Acknowledge the resources, talent, and leadership momentum you already have in your organization and leverage those to find activities that will work in your culture. For example, one company held a successful Data Day to socialize the roadmap and engage users.

2.2.3 Build a data management roadmap

Input: Gap initiatives, Target state and current-state assessment

Output: Data management initiatives and roadmap

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Start to list tangible actions you will take to address gaps and achieve data objectives and business goals along with timelines and responsibility:

  1. With an understanding of your priority areas and specific gaps, and referring back to your use cases, draw up specific initiatives that you can track, measure, and align with your original goals.
  2. For example, in data governance, initiatives might include:
    • Assign data owners and stewards for all data assets.
    • Consolidate disparate business data catalogs.
    • Create a data governance charter or terms of reference.
  3. Alongside the initiatives, fill in other detail, especially who is responsible and timing (start and end dates). Assigning responsibility and some time markers will help to keep momentum alive and make the work projects real.

Step 2.3

Organize Business Data Domains

Activities

2.3.1 Define business data domains and assign owners

This step will guide you through the following activities:

  • Identify business data domains that flow through and support the systems environment and business processes.
  • Define and organize business data domains with assigned owners, artifacts, and profiles.
  • Apply the domain map to building governance program.

Outcomes of this step

  • Business data domain map with assigned owners and artifacts

Assess Data Management and Build Your Roadmap

Step 2.1 Step 2.2 Step 2.3

2.3.1 Define business data domains

Input: Target-state maturity level

Output: Detail and context about gaps to lead planners to specific initiatives

Materials: Data Management Assessment and Planning Tool

Participants: Key business stakeholders, Business leads and SMEs, Project team, Project sponsor, Data leads, Data custodians

Identify the key data domains for each line of business, where the data resides, and the main contact or owner.

  1. We have an understanding of what the business wants to achieve, e.g. build customer loyalty or comply with privacy laws. But where is the data that can help us achieve that? What systems is that data moving and living in and who, if anyone, owns it?
  2. Define the main business data domains apart from what system it may be spread over. Use the worksheet on the next slide as an example.
  3. Examples of business data domains: Customer, Product, Vendor.
  4. Each domain should have owners and associated business processes. Assign data domain owners, application owners, and business process owners.

Business and data domains

[SAMPLE]

Business Domain App/Data Domains Business Stewards Application Owners Business Owners
Client Experience and Sales Tech Salesforce (Sales, Service, Experience Clouds), Mulesoft (integration point) (Any team inputting data into the system)
Quality and Regulatory Salesforce
Operations Salesforce, Salesforce Referrals, Excel spreadsheets, SharePoint
Finance Workday, Sage 300 (AccPac), Salesforce, Moneris Finance
Risk/Legal Network share drive/SharePoint
Human Resources Workday, Network share drive/SharePoint HR team
Corporate Sales Salesforce (Sales, Service, Health, Experience Clouds),
Sales and Client Success Mitel, Outlook, PDF intake forms, Workday, Excel. Sales & Client Success Director, Marketing Director CIO, Sales & Client Success Director, Marketing Director

Embrace the technology

Make the available data governance tools and technology work for you:
  • Data catalog
  • Business data glossary
  • Data lineage
  • Metadata management
While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
Array of logos of tech companies whose products are used for this type of work: Informatica, Collibra, Tibco, Alation, Immuta, TopQuadrant, and SoftwareReviews.

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
Photo of an analyst.

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:
Sample of the Data Governance Strategy Map slide from earlier.

Build Your Business and User Context

Work with your core team of stakeholders to build out your data management roadmap, aligning data management initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
Sample of a 'Data Management Enablers' table.

Formulate a Plan to Get to Your Target State

Develop a data management future-state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

Related Info-Tech Research

Stock image of people pointing to a tablet with a dashboard.

Build a Robust and Comprehensive Data Strategy

Key to building and fostering a data-driven culture.
Sample of the 'Data & Analytics Landscape' slide from earlier.

Understand the Data and Analytics Landscape

Optimize your data and analytics environment.
Stock image of co-workers looking at the same thing.

Build a Data Pipeline for Reporting and Analytics

Data architecture best practices to prepare data for reporting and analytics.

Research Contributors

Name Position Company
Anne Marie Smith Board of Directors DAMA International
Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
Mario Cantin Chief Data Strategist Prodago
Martin Sykora Director NexJ Analytics
Michael Blaha Author, Patterns of Data Modeling Consultant
Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
Ranjani Ranganathan Product Manager, Research – Workshop Delivery Info-Tech Research Group
Reddy Doddipalli Senior Workshop Director Info-Tech Research Group

Bibliography

AIIM, “What is Enterprise Content Management (ECM)?” Intelligent Information Management Glossary, AIIM, 2021. Web.

BABOK V3: A Guide to Business Analysis Body of Knowledge. IIBA, 2014. Web.

Barton, Dominic, and David Court. "Three Keys To Building a Data-Driven Strategy." McKinsey and Company, 1 Mar. 2013. Web.

Boston University Libraries. "Data Life Cycle » Research Data Management | Boston University." Research Data Management RSS. Boston University, n.d. Accessed Oct. 2015.

Chang, Jenny. “97 Supply Chain Statistics You Must Know: 2020 / 2021 Market Share Analysis & Data.” FinancesOnline, 2021. Web.

COBIT 5: Enabling Information. ISACA, 2013. Web.

CSC (Computer Sciences Corporation), Big Data Infographic, 2012. Web.

DAMA International. DAMA-DMBOK Guide. 1st ed., Technics Publications, 2009. Digital.

DAMA International. “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK2 Guide).” 2nd ed., 2017. Accessed June 2017.

Davenport, Thomas H. "Analytics in Sports: The New Science of Winning." International Institute for Analytics, 2014. Web.

Department of Homeland Security. Enterprise Data Management Policy. Department of Homeland Security, 25 Aug. 2014. Web.

Enterprise Data Management Data Governance Plan. US Federal Student Aid, Feb. 2007. Accessed Oct. 2015.

Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021.

Fasulo, Phoebe. “6 Data Management Trends in Financial Services.” SecurityScorecard, 3 June 2021. Web.

Georgia DCH Medicaid Enterprise – Data Management Strategy. Georgia Department of Community Health, Feb. 2015. Accessed Oct. 2015.

Hadavi, Cyrus. “Use Exponential Growth of Data to Improve Supply Chain Operations.” Forbes, 5 Oct. 2021. Web.

Harbert, Tam. “Tapping the power of unstructured data.” MIT Sloan, 1 Feb. 2021. Web.

Hoberman, Steve, and George McGeachie. Data Modeling Made Simple with PowerDesigner. Technics Pub, 2011. Print.

“Information Management Strategy.” Information Management – Alberta. Service Alberta, Nov.-Dec. 2013. Web.

Jackson, Brian, et al. “2021 Tech Trends.” Info-Tech Research Group, 2021. Web.

Jarvis, David, et al. “The hyperquantified athlete: Technology, measurement, and the business of sports.” Deloitte Insights, 7 Dec. 2020. Web.

Bibliography

Johnson, Bruce. “Leveraging Subject Area Models.” EIMInsight Magazine, vol. 3, no. 4, April 2009. Accessed Sept. 2015.

Lewis, Larry. "How to Use Big Data to Improve Supply Chain Visibility." Talking Logistics, 14 Sep. 2014. Web.

McAfee, Andrew, and Erik Brynjolfsson. “Big Data: The Management Revolution,” Harvard Business Review, vol. 90, no. 10, 2012, pp. 60-68.

Meyer-Cuno, Doug. “Is A Vision Statement Important?” Forbes, 24 Feb. 2021. Web.

MIT. “Big Data: The Management Revolution.” MIT Center for Digital Business, 29 May 2014. Accessed April 2014.

"Open Framework, Information Management Strategy & Collaborative Governance.” MIKE2 Methodology RSS, n.d. Accessed Aug. 2015.

PwC. “Asset Management 2020: A Brave New World.” PwC, 2014. Accessed April 2014.

Riley, Jenn. Understanding Metadata: What is Metadata, and What is it For: A Primer. NISO, 1 Jan. 2017. Web.

Russom, Philip. "TDWI Best Practices Report: Managing Big Data." TDWI, 2013. Accessed Oct. 2015.

Schneider, Joan, and Julie Hall. “Why Most Product Launches Fail.” Harvard Business Review, April 2011. Web.

Sheridan, Kelly. "2015 Trends: The Growth of Information Governance | Insurance & Technology." InformationWeek. UBM Tech, 10 Dec. 2014. Accessed Nov. 2015.

"Sports Business Analytics and Tickets: Case Studies from the Pros." SloanSportsConference. Live Analytics – Ticketmaster, Mar. 2013. Accessed Aug. 2015.

Srinivasan, Ramya. “Three Analytics Breakthroughs That Will Define Business in 2021.” Forbes, 4 May 2021. Web.

Statista. “Amount of data created, consumed, and stored 2010-2020.” Statista, June 2021. Web.

“Understanding the future of operations: Accenture Global Operations Megatrends research.” Accenture Consulting, 2015. Web.

Vardhan, Harsh. “Why So Many Product Ideas Fail?” Medium, 26, Sept. 2020. Web.

Threat Preparedness Using MITRE ATT&CK®

  • Buy Link or Shortcode: {j2store}252|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting
  • To effectively protect your business interests, you need to be able to address what the most pressing vulnerabilities in your network are. Which attack vectors should you model first? How do you adequately understand your threat vectors when attacks continually change and adapt?
  • Security can often be asked the world but given a minimal budget with which to accomplish it.
  • Security decisions are always under pressure from varying demands that pull even the most well-balanced security team in every direction.
  • Adequately modeling any and every possible scenario is ineffective and haphazard at best. Hoping that you have chosen the most pressing attack vectors to model will not work in the modern day of threat tactics.

Our Advice

Critical Insight

  • Precision is critical to being able to successfully defend against threats.
    • Traditional threat modeling such as STRIDE or PASTA is based on a spray-and-pray approach to identifying your next potential threat vector. Instead, take a structured risk-based approach to understanding both an attacker’s tactics and how they may be used against your enterprise. Threat preparedness requires precision, not guesswork.
  • Knowing is half the battle.
    • You may be doing better than you think. Undoubtedly, there is a large surface area to cover with threat modeling. By preparing beforehand, you can separate what’s important from what’s not and identify which attack vectors are the most pressing for your business.
  • Be realistic and measured.
    • Do not try to remediate everything. Some attack vectors and approaches are nearly impossible to account for. Take control of the areas that have reasonable mitigation methods and act on those.
  • Identify blind spots.
    • Understand what is out there and how other enterprises are being attacked and breached. See how you stack up to the myriad of attack tactics that have been used in real-life breaches and how prepared you are. Know what you’re ready for and what you’re not ready for.
  • Analyze the most pressing vectors.
    • Prioritize the attack vectors that are relevant to you. If an attack vector is an area of concern for your business, start there. Do not cover the entire tactics list if certain areas are not relevant.
  • Detection and mitigation lead to better remediation.
    • For each relevant tactic and techniques, there are actionable detection and mitigation methods to add to your list of remediation efforts.

Impact and Result

Using the MITRE ATT&CK® framework, Info-Tech’s approach helps you understand your preparedness and effective detection and mitigation actions.

  • Learn about potential attack vectors and the techniques that hostile actors will use to breach and maintain a presence on your network.
  • Analyze your current protocols versus the impact of an attack technique on your network.
  • Discover detection and mitigation actions.
  • Create a prioritized series of security considerations, with basic actionable remediation items. Plan your next threat model by knowing what you’re vulnerable to.
  • Ensure business data cannot be leaked or stolen.
  • Maintain privacy of data and other information.
  • Secure the network connection points.
  • Mitigate risks with the appropriate services.

This blueprint and associated tool are scalable for all types of organizations within various industry sectors, allowing them to know what types of risk they are facing and what security services are recommended to mitigate those risks.

Threat Preparedness Using MITRE ATT&CK® Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why threat preparedness is a crucial first step in defending your network against any attack type. Review Info-Tech’s methodology and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Attack tactics and techniques

Review a breakdown of each of the various attack vectors and their techniques for additional context and insight into the most prevalent attack tactics.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 1: Attack Tactics and Techniques

2. Threat Preparedness Workbook mapping

Map your current security protocols against the impacts of various techniques on your network to determine your risk preparedness.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 2: Threat Preparedness Workbook Mapping
  • Enterprise Threat Preparedness Workbook

3. Execute remediation and detective measures

Use your prioritized attack vectors to plan your next threat modeling session with confidence that the most pressing security concerns are being addressed with substantive remediation actions.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 3: Execute Remediation and Detective Measures
[infographic]

Establish Realistic IT Resource Management Practices

  • Buy Link or Shortcode: {j2store}435|cart{/j2store}
  • member rating overall impact (scale of 10): 9.5/10 Overall Impact
  • member rating average dollars saved: $36,337 Average $ Saved
  • member rating average days saved: 28 Average Days Saved
  • Parent Category Name: Portfolio Management
  • Parent Category Link: /portfolio-management
  • As CIO, you oversee a department that lacks the resource capacity to adequately meet organizational demand for new projects and services.
  • More projects are approved by the steering committee (or equivalent) than your department realistically has the capacity for, and you and your staff have little recourse to push back. If you have a PMO – and that PMO is one of the few that provides usable resource capacity projections – that information is rarely used to make strategic approval and prioritization decisions.
  • As a result, project quality and timelines suffer, and service delivery lags. Your staff are overallocated, but you lack statistical evidence because of incomplete estimates, allocations, and very little accurate data.

Our Advice

Critical Insight

  • IT’s capacity for new project work is largely overestimated. Much of IT’s time is lost to tasks that go unregulated and untracked (e.g. operations and support work, break-fixes and other reactive work) before project work is ever approved. When projects are approved, it is done so with little insight or concern for IT’s capacity to realistically complete that work.
  • The shift to matrix work structures has strained traditional methods of time tracking. Day-to-day demand is chaotic, and staff are pulled in multiple directions by numerous people. As fast-paced, rapidly changing, interruption-driven environments become the new normal, distractions and inefficiencies interfere with productive project work and usable capacity data.
  • The executive team approves too many projects, but it is not held to account for this malinvestment of time. Instead, it’s up to individual workers to sink or swim, as they attempt to reconcile, day after day, seemingly infinite organizational demand for new services and projects with their finite supply of working hours.

Impact and Result

  • Instill a culture of capacity awareness. For years, the project portfolio management (PPM) industry has helped IT departments report on demand and usage, but has largely failed to make capacity part of the conversation. This research helps inject capacity awareness into project and service portfolio planning, enabling IT to get proactive about constraints before overallocation spirals, and project and service delivery suffers.
  • Build a sustainable process. Efforts to improve resource management often falter when you try to get too granular too quickly. Info-Tech’s approach starts at a high level, ensuring that capacity data is accurate and usable, and that IT’s process discipline is mature enough to maintain the data, before drilling down into greater levels of precision.
  • Establish a capacity book of record. You will ultimately need a tool to help provide ongoing resource visibility. Follow the advice in this blueprint to help with your tool selection, and ensure you meet the reporting needs of both your team and executives.

Establish Realistic IT Resource Management Practices Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a resource management strategy, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Take stock of organizational supply and demand

Set the right resource management approach for your team and create a realistic estimate of your resource supply and organizational demand.

  • Balance Supply and Demand with Realistic Resource Management Practices – Phase 1: Take Stock of Organizational Supply and Demand
  • Resource Management Supply-Demand Calculator
  • Time Audit Workbook
  • Time-Tracking Survey Email Template

2. Design a realistic resource management process

Build a resource management process to ensure data accuracy and sustainability, and make the best tool selection to support your processes.

  • Balance Supply and Demand with Realistic Resource Management Practices – Phase 2: Design a Realistic Resource Management Process
  • Resource Management Playbook
  • PPM Solution Vendor Demo Script
  • Portfolio Manager Lite 2017

3. Implement sustainable resource management practices

Develop a plan to pilot your resource management processes to achieve maximum adoption, and anticipate challenges that could inhibit you from keeping supply and demand continually balanced.

  • Balance Supply and Demand with Realistic Resource Management Practices – Phase 3: Implement Sustainable Resource Management Practices
  • Process Pilot Plan Template
  • Project Portfolio Analyst / PMO Analyst
  • Resource Management Communications Template
[infographic]

Workshop: Establish Realistic IT Resource Management Practices

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Take Stock of Organizational Supply and Demand

The Purpose

Obtain a high-level view of current resource management practices.

Identify current and target states of resource management maturity.

Perform an in-depth time-tracking audit and gain insight into how time is spent on project versus non-project work to calculate realized capacity.

Key Benefits Achieved

Assess current distribution of accountabilities in resource management.

Delve into your current problems to uncover root causes.

Validate capacity and demand estimations with a time-tracking survey.

Activities

1.1 Perform a root-cause analysis of resourcing challenges facing the organization.

1.2 Create a realistic estimate of project capacity.

1.3 Map all sources of demand on resources at a high level.

1.4 Validate your supply and demand assumptions by directly surveying your resources.

Outputs

Root-cause analysis

Tab 2 of the Resource Management Supply-Demand Calculator, the Time Audit Workbook, and survey templates

Tabs 3 and 4 of the Resource Management Supply-Demand Calculator

Complete the Time Audit Workbook

2 Design a Realistic Resource Management Process

The Purpose

Construct a resource management strategy that aligns with your team’s process maturity levels.

Determine the resource management tool that will best support your processes.

Key Benefits Achieved

Activities

2.1 Action the decision points in Info-Tech’s seven dimensions of resource management.

2.2 Review resource management tool options, and depending on your selection, prepare a vendor demo script or review and set up Info-Tech’s Portfolio Manager Lite.

2.3 Customize a workflow and process steps within the bounds of your seven dimensions and informed by your tool selection.

Outputs

A wireframe for a right-sized resource management strategy

A vendor demo script or Info-Tech’s Portfolio Manager Lite.

A customized resource management process and Resource Management Playbook.

3 Implement Sustainable Resource Management Practices

The Purpose

Develop a plan to pilot your new processes to test whether you have chosen the right dimensions for maintaining resource data.

Develop a communication plan to guide you through the implementation of the strategy and manage any resistance you may encounter.

Key Benefits Achieved

Identify and address improvements before officially instituting the new resource management strategy.

Identify the other factors that affect resource productivity.

Implement a completed resource management solution.

Activities

3.1 Develop a pilot plan.

3.2 Perform a resource management start/stop/continue exercise.

3.3 Develop plans to mitigate executive stakeholder, team, and structural factors that could inhibit your implementation.

3.4 Finalize the playbook and customize a presentation to help explain your new processes to the organization.

Outputs

Process Pilot Plan Template

A refined resource management process informed by feedback and lessons learned

Stakeholder management plan

Resource Management Communications Template

Further reading

Establish Realistic IT Resource Management Practices

Holistically balance IT supply and demand to avoid overallocation.

Analyst perspective

Restore the right accountabilities for reconciling supply and demand.

"Who gets in trouble at the organization when too many projects are approved?

We’ve just exited a period of about 20-25 years where the answer to the above question was usually “nobody.” The officers of the corporation held nobody to account for the malinvestment of resources that comes from approving too many projects or having systemically unrealistic project due dates. Boards of directors failed to hold the officers accountable for that. And shareholders failed to hold boards of directors accountable for that.

But this is shifting right under our feet. Increasingly, PMOs are being managed with the mentality previously reserved for those in the finance department. In many cases, the PMOs are now reporting to the CFO! This represents a very simple and basic reversion to the concept of fiduciary duty: somebody will be held to account for the consumption of all those hours, and somebody should be the approver of projects who created the excess demand." – Barry Cousins Senior Director of Research, PMO Practice Info-Tech Research Group

Our understanding of the problem

This Research Is Designed For:

  • IT leaders who lack actionable evidence of a resource-supply, work-demand imbalance.
  • CIOs whose departments struggle to meet service and project delivery expectations with given resources.
  • Portfolio managers, PMO directors, and project managers whose portfolio and project plans suffer due to unstable resource availability.

This Research Will Help You:

  • Build trustworthy resource capacity data to support service and project portfolio management.
  • Develop sustainable resource management practices to help you estimate, and continually validate, your true resource capacity for services and projects.
  • Identify the demands that deplete your resource capacity without creating value for IT.

This Research Will Also Assist:

  • Steering committee and C-suite management who want to improve IT’s delivery of projects.
  • Project sponsors that want to ensure their projects get the promised resource time by their project managers.

This Research Will Help Them:

  • Ensure sufficient supply of time for projects to be successfully completed with high quality.
  • Communicate the new resource management practice and get stakeholder buy-in.

Executive summary

Situation

  • As CIO, you oversee a department that lacks the resource capacity to adequately meet organizational demand for new projects and services. As a result, project quality and timelines suffer, and service delivery lags.
  • You need a resource management strategy to help bring balance to supply and demand in order to improve IT’s ability to deliver.

Complication

  • The shift to matrix work structures has strained traditional methods of time tracking. Day-to-day demand is chaotic; staff are pulled in multiple directions by numerous people, making usable capacity data elusive.
  • The executive team approves too many projects, but is not held to account for the overspend on time. Instead, the IT worker is made liable, expected to simply get things done under excessive demands.

Resolution

  • Instill a culture of capacity awareness. For years, the project portfolio management (PPM) industry has helped IT departments report on demand and usage, but it has largely failed to make capacity part of the conversation. This research helps inject capacity awareness into project and service portfolio planning, enabling IT to get proactive about constraints before overallocation spirals, and project and service delivery suffers.
  • Build a sustainable process. Efforts to get better at resource management often falter when you try to get too granular too quickly. Info-Tech’s approach starts at a high level, ensuring that capacity data is accurate and usable, and that IT’s process discipline is mature enough to maintain the data, before drilling down into greater levels of precision.
  • Establish a capacity hub. You will ultimately need a tool to help provide ongoing resource visibility. Follow the advice in this blueprint to help with your tool selection and ensure the reporting needs of both your team and executives are met.

Info-Tech Insight

  1. Take a realistic approach to resource management. New organizational realities have made traditional, rigorous resource projections impossible to maintain. Accept reality and get realistic about where IT’s time goes.
  2. Make IT’s capacity perpetually transparent. The best way to ensure projects are approved and scheduled based upon the availability of the right teams and skills is to shine a light into IT’s capacity and hold decision makers to account with usable capacity reports.

The availability of staff time is rarely factored into IT project and service delivery commitments

As a result, a lot gets promised and worked on, and staff are always busy, but very little actually gets done – at least not within given timelines or to expected levels of quality.

Organizations tend to bite off more than they can chew when it comes to project and service delivery commitments involving IT resources.

While the need for businesses to make an excess of IT commitments is understandable, the impacts of systemically overallocating IT are clearly negative:

  • Stakeholder relations suffer. Promises are made to the business that can’t be met by IT.
  • IT delivery suffers. Project timelines and quality frequently suffer, and service support regularly lags.
  • Employee engagement suffers. Anxiety and stress levels are consistently high among IT staff, while morale and engagement levels are low.

76% of organizations say they have too many projects on the go and an unmanageable and ever-growing backlog of things to get to. (Cooper, 2014)

Almost 70% of workers feel as though they have too much work on their plates and not enough time to do it. (Reynolds, 2016)

Resource management can help to improve workloads and project results, but traditional approaches commonly fall short

Traditional approaches to resource management suffer from a fundamental misconception about the availability of time in 2017.

The concept of resource management comes from a pre-World Wide Web era, when resource and project plans could be based on a relatively stable set of assumptions.

In the old paradigm, the availability of time was fairly predictable, as was the demand for IT services, so there was value to investing time into rigorous demand forecasts and planning.

Resource projections could be based in a secure set of assumptions – i.e. 8 hour days, 40 hour weeks – and staff had the time to support detailed resource management processes that provided accurate usage data.

Old Realities

  • Predictability. Change tended to be slow and deliberate, providing more stability for advanced, rigorous demand forecasts and planning.
  • Fixed hierarchy. Tasks, priorities, and decisions were communicated through a fixed chain of command.
  • Single-task focus. The old reality was more accommodating to sustained focus on one task at a time.

96% of organizations report problems with the accuracy of information on employee timesheets. (Dimensional, 2013)

Old reality resource forecasting inevitably falters under the weight of unpredictable demands and constant distractions

New realities are causing demands on workers’ time to be unpredictable and unrelenting, making a sustained focus on a specific task for any length of time elusive.

Part of the old resource management mythology is the idea that a person can do (for example) eight different one-hour tasks in eight hours of continuous work. This idea has gone from harmlessly mistaken to grossly unrealistic.

The predictability and focus have given way to more chaotic workplace realities. Technology is ubiquitous, and the demand for IT services is constant.

A day in IT is characterized by frequent task-switching, regular interruptions, and an influx of technology-enabled distractions.

Every 3 minutes and 5 seconds: How often the typical office worker switches tasks, either through self-directed or other-directed interruptions. (Schulte, 2015)

12 minutes, 40 seconds: The average amount of time in-between face-to-face interruptions in matrix organizations. (Anderson, 2015)

23 minutes, 15 seconds: The average amount of time it takes to become on task, productive, and focused again after an interruption. (Schulte, 2015)

759 hours: The average number of hours lost per employee annually due to distractions and interruptions. (Huth, 2015)

The validity of traditional, rigorous resource planning has long been an illusion. New realities are making the sustained focus and stable assumptions that old reality projections relied on all but impossible to maintain.

For resource management practices to be effective, they need to evolve to meet new realities

New organizational realities have exacerbated traditional approaches to time tracking, making accurate and usable resource data elusive.

The technology revolution that began in the 1990s ushered in a new paradigm in organizational structures. Matrix reporting structures, diminished supervision of knowledge workers, massive multi-tasking, and a continuous stream of information and communications from the outside world have smashed the predictability and stability of the old paradigm.

The resource management industry has largely failed to evolve. It remains stubbornly rooted in old realities, relying on calculations and rollups that become increasingly unsustainable and irrelevant in our high-autonomy staff cultures and interruption-driven work days.

New Realities

  • Unpredictable. Technologies and organizational strategies change before traditional IT demand forecasts and project plans can be realized.
  • Matrix management. Staff can be accountable to multiple project managers and functional managers at any given time.
  • Multi-task focus. In the new reality, workers’ attentions are scattered across multiple tasks and projects at any given time.

87% of organizations report challenges with traditional methods of time tracking and reporting. (Dimensional, 2013)

40% of working time is not tracked or tracked inaccurately by staff. (actiTIME, 2016)

Poor resource management practices cost organizations dearly

While time is money, the statistics around resource visibility and utilization suggest that the vast majority of organizations don’t spend their available time all that wisely.

Research shows that ineffective resource management directly impacts an organization’s bottom line, contributing to such cost drains as the systemic late delivery of projects and increased project costs.

Despite this, the majority of organizations fail to treat staff time like the precious commodity it is.

As the results of a 2016 survey show, the top three pain points for IT and PMO leaders all revolve around a wider cultural negligence concerning staff time (Alexander, TechRepublic, 2016):

  • Overcommitted resources
  • Constant change that affects staff assignments
  • An inability to prioritize shared resources

Top risks associated with poor resource management

Inability to complete projects on time – 52%

Inability to innovate fast enough – 39%

Increased project costs – 38%

Missed business opportunities – 34%

Dissatisfied customers or clients – 32%

12 times more waste – Organizations with poor resource management practices waste nearly 12 times more resource hours than high-performing organizations. (PMI, 2014)

The concept of fiduciary duty represents the best way to bring balance to supply and demand, and improve project outcomes

Unless someone is accountable for controlling the consumption of staff hours, too much work will get approved and committed to without evidence of sufficient resourcing.

Who is accountable for controlling the consumption of staff hours?

In many ways, no question is more important to the organization’s bottom line – and certainly, to the effectiveness of a resource management strategy.

Historically, the answer would have been the executive layer of the organization. However, in the 1990s management largely abdicated its obligation to control resources and expenditures via “employee empowerment.”

Controls on approvals became less rigid, and accountability for choosing what to do (and not do) shifted onto the shoulders of the individual worker. This creates a current paradigm where no one is accountable for the malinvestment…

…of resources that comes from approving too many projects. Instead, it’s up to individual workers to sink-or-swim, as they attempt to reconcile, day after day, seemingly infinite organizational demand with their finite supply of working hours.

If your organization has higher demand (i.e. approved project work) than supply (i.e. people’s time), your staff will be the final decision makers on what does and does NOT get worked on.

Effective time leadership distinguishes top performing senior executives

"Everything requires time… It is the one truly universal condition. All work takes place in time and uses up time. Yet most people take for granted this unique, irreplaceable and necessary resource. Nothing else, perhaps, distinguishes effective executives as much as their tender loving care of time." – Peter Drucker (quoted in Frank)

67% of employees surveyed believe their CEOs focus too much on decisions based in short-term financial results and not enough time on decisions that create a stable, positive workplace for staff. (2016 Edelman Trust Barometer)

Bring balance to supply and demand with realistic resource management practices

Use Info-Tech’s approach to resource management to capture an accurate view of where your time goes and achieve sustained visibility into your capacity for new projects.

Realistic project resource management starts by aligning demand with capacity, and then developing tactics to sustain alignment, even in the chaos of our fast-paced, rapidly changing, interruption-driven project environments.

This blueprint will help you develop practices to promote and maintain accurate resourcing data, while developing tactics to continually inform decision makers’ assumptions about how much capacity is realistically available for project work.

This research follows a three-phase approach to sustainable practices:

  1. Take Stock of Organizational Supply and Demand
  2. Design a Realistic Resource Management Process
  3. Implement Sustainable Resource Management Practices

Info-Tech’s three-phase framework is structured around a practical, tactical approach to resource management. It’s not about what you put together as a one-time snapshot. It’s about what you can and will maintain every week, even during a crisis. When you stop maintaining resource management data, it’s nearly impossible to catch up and you’re usually forced to start fresh.

Info-Tech’s approach is rooted in our seven dimensions of resource management

Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

Default project vs. non-project ratio

How much time is available for projects once non-project demands are factored in?

Reporting frequency

How often is the allocation data verified, reconciled, and reported for use?

Forecast horizon

How far into the future can you realistically predict resource supply?

Scope of allocation

To whom is time allocated?

Allocation cadence

How long is each allocation period?

Granularity of time allocation

What’s the smallest unit of time to allocate?

Granularity of work assignment

What is time allocated to?

This blueprint will help you make the right decisions for your organization across each of these dimensions to ensure your resource management practices match your current process maturity levels.

Once your framework is defined, we’ll equip you with a tactical plan to help keep supply and demand continually balanced

This blueprint will help you customize a playbook to ensure your allocations are perpetually balanced week after week, month after month.

Developing a process is one thing, sustaining it is another.

The goal of this research isn’t just to achieve a one-time balancing of workloads and expect that this will stand the test of time.

The true test of a resource management process is how well it facilitates the flow of accurate and usable data as workloads become chaotic, and fires and crises erupt.

  • Info-Tech’s approach will help you develop a playbook and a “rebalancing routine” that will help ensure your allocations remain perpetually current and balanced.
  • The sample routine to the right shows you an example of what this rebalancing process will look like (customizing this process is covered in Phase 3 of the blueprint).

Sample “rebalancing” routine

  • Maintain a comprehensive list of the sources of demand (i.e. document the matrix).
  • Catalog the demand.
  • Allocate the supply.
  • Forecast the capacity to your forecast horizon.
  • Identify and prepare work packages or tasks for unsatisfied demand to ensure that supply can be utilized if it becomes free.
  • Reconcile any imbalance by repeating steps 1-5 on update frequency, say, weekly or monthly.

Info-Tech’s method is complemented by a suite of resource management tools and templates

Each phase of this blueprint is accompanied by supporting deliverables to help plan your resource management strategy and sustain your process implementation.

Resource management depends on the flow of information and data from the project level up to functional managers, project managers, and beyond – CIOs, steering committees, and senior executives.

Tools are required to help plan, organize, and facilitate this flow, and each phase of this blueprint is centered around tools and templates to help you successfully support your process implementation.

Take Stock of Organizational Supply and Demand

Tools and Templates:

Design a Realistic Resource Management Process

Tools and Templates:

Implement Sustainable Resource Management Practices

Tools and Templates:

Use Info-Tech’s Portfolio Manager Lite to support your new process without a heavy upfront investment in tools

Spreadsheets can provide a viable alternative for organizations not ready to invest in an expensive tool, or for those not getting what they need from their commercial selections.

While homegrown solutions like spreadsheets and intranet sites lack the robust functionality of commercial offerings, they have dramatically lower complexity and cost-in-use.

Info-Tech’s Portfolio Manager Lite is a sophisticated, scalable, and highly customizable spreadsheet-based solution that will get your new resource management process up and running, without a heavy upfront cost.

Kinds of PPM solutions used by Info-Tech clients

Homemade – 46%

Commercial – 33%

No Solution – 21%

(Info-Tech Research Group (2016), N=433)

The image shows 3 sheets with charts and graphs.

Samples of Portfolio Manager Lite's output and reporting tabs

Info-Tech’s approach to resource management is part of our larger project portfolio management framework

This blueprint will help you master the art of resource management and set you up for greater success in other project portfolio management capabilities.

Resource management is one capability within Info-Tech’s larger project portfolio management (PPM) framework.

Resource visibility and capacity awareness permeates the whole of PPM, helping to ensure the right intake decisions get made, and projects are scheduled according to resource and skill availability.

Whether you have an existing PPM strategy that you are looking to optimize or you are just starting on your PPM journey, this blueprint will help you situate your resource management processes within a larger project and portfolio framework.

Info-Tech’ s PPM framework is based on extensive research and practical application, and complements industry standards such as those offered by PMI and ISACA.

Project Portfolio Management
Status & Progress Reporting
Intake, Approval, & Prioritization Resource Management Project Management Project Closure Benefits Tracking
Organizational Change Management
Intake → Execution→ Closure

Realize the value that improved resource management practices could bring to your organization

Spend your company’s HR dollars more efficiently.

Improved resource management and capacity awareness will allow your organization to improve resource utilization and increase project throughput.

CIOs, PMOs, and portfolio managers can use this blueprint to improve the alignment between supply and demand. You should be able to gauge the value through the following metrics:

Near-Term Success Metrics (6 to 12 months)

  • Increased frequency of currency (i.e. more accurate and usable resource data and reports).
  • Improved job satisfaction from project resources due to more even workloads.
  • Better ability to schedule project start dates and estimate end dates due to recourse visibility.

Long-Term Success Metrics (12 to 24 months)

  • More projects completed on time.
  • Reclaimed capacity for project work.
  • A reduction in resource waste and increased resource utilization on productive project work.
  • Ability to track estimated vs. actual budget and work effort on projects.

In the past 12 months, Info-Tech clients have reported an average measured value rating of $550,000 from the purchase of workshops based on this research.

Info-Tech client masters resource management by shifting the focus to capacity forecasting

CASE STUDY

Industry Education

Source Info-Tech Client

Situation

  • There are more than 200 people in the IT organization.
  • IT is essentially a shared services environment with clients spanning multiple institutions across a wide geography.
  • The PMO identified dedicated resources for resource management.

Complication

  • The definition of “resource management” was constantly shifting between accounting the past (i.e. time records), the present (i.e. work assignments), and the future (i.e. long term project allocations).
  • The task data set (i.e. for current work assignments) was not aligned to the historic time records or future capacity.
  • It was difficult to predict or account for the spend, which exceeded 30,000 hours per month.

“We’re told we can’t say NO to projects. But this new tool set and approach allows us to give an informed WHEN.” – Senior PMO Director, Education

Resolution

  • The leadership decided to forecast and communicate their resource capacity on a 3-4 month forecast horizon using Info-Tech’s Portfolio Manager 2017.
  • Unallocated resource capacity was identified within certain skill sets that had previously been assessed as fully allocated. While some of the more high-visibility staff were indeed overallocated, other more junior personnel had been systemically underutilized on projects.
  • The high demand for IT project resourcing was immediately placed in the context of a believable, credible expression of supply.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Establish Realistic IT Resource Management Practices – project overview

1. Take Stock of Organizational Supply and Demand 2. Design a Realistic Resource Management Process 3. Implement Sustainable Resource Management Practices
Best-Practice Toolkit

1.1 Set a resource management course of action

1.2 Create realistic estimates of supply and demand

2.1 Customize the seven dimensions of resource management

2.2 Determine the resource management tool that will best support your process

2.3 Build process steps to ensure data accuracy and sustainability

3.1 Pilot your resource management process to assess viability

3.2 Plan to engage your stakeholders with your playbook

Guided Implementations
  • Scoping call
  • Assess how accountability for resource management is currently distributed
  • Create a realistic estimate of project capacity
  • Map all sources of demand on resources at a high level
  • Set your seven dimensions of resource management
  • Jump-start spreadsheet-based resource management with Portfolio Manager Lite
  • Build on the workflow to determine how data will be collected and who will support the process
  • Define the scope of a pilot and determine logistics
  • Finalize resource management roles and responsibilities
  • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
Onsite Workshop

Module 1:

  • Take Stock of Organizational Supply and Demand

Module 2:

  • Design a Realistic Resource Management Process

Module 3:

  • Implement Sustainable Resource Management Practices

Phase 1 Outcome:

  • Resource Management Supply-Demand Calculator

Phase 2 Outcome:

  • Resource Management Playbook

Phase 3 Outcome:

  • Resource Management Communications Template

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
Activities

Introduction to PPM and resource management

1.1 Complete and review PPM Current State Scorecard Assessment

1.2 Perform root cause analysis of resource management challenges

1.3 Initiate time audit survey of management and staff

Take stock of supply and demand

2.1 Review the outputs of the time audit survey and analyze the data

2.2 Analyze project and non-project demands, including the sources of those demands

2.3 Set the seven dimensions of resource management

Design a resource management process

3.1 Review resource management tool options

3.2 Prepare a vendor demo script or review Portfolio Manager Lite

3.3 Build process steps to ensure data accuracy and sustainability

Pilot and refine the process

4.1 Define methods for piloting the strategy (after the workshop)

4.2 Complete the Process Pilot Plan Template

4.3 Conduct a mock resource management meeting

4.4 Perform a RACI exercise

Communicate and implement the process

5.1 Brainstorm potential implications of the new strategy and develop a plan to manage stakeholder and staff resistance to the strategy

5.2 Customize the Resource Management Communications Template

5.3 Finalize the playbook

Deliverables
  1. PPM Current State Scorecard Assessment
  2. Root cause analysis
  3. Time Audit Workbook and survey templates
  1. Resource Management Supply-Demand Calculator
  1. Portfolio Manager Lite
  2. PPM Solution Vendor Demo Script
  3. Tentative Resource Management Playbook
  1. Process Pilot Plan Template
  2. RACI chart
  1. Resource Management Communications Template
  2. Finalized Resource Management Playbook

Phase 1

Take Stock of Organizational Resource Supply and Demand

Phase 1 Outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Take Stock of Organizational Resource Supply and Demand

Proposed Time to Completion (in weeks): 1-2 weeks

Step 1.1: Analyze the current state

Start with an analyst kick-off call:

  • Discuss the goals, aims, benefits, and challenges of resource management
  • Identify who is currently accountable for balancing resource supply and demand

Then complete these activities…

  • Assess the current distribution of accountabilities in resource management
  • Delve into your current problems to uncover root causes
  • Make a go/no-go decision on developing a new resource management practice
Step 1.2: Estimate your supply and demand

Review findings with analyst:

  • Root causes of resource management
  • Your current impression about the resource supply-demand imbalance

Then complete these activities…

  • Estimate your resource capacity for each role
  • Estimate your project/non-project demand on resources
  • Validate the findings with a time-tracking survey

With these tools & templates:

  • Resource Management Supply-Demand Calculator
  • Time-Tracking Survey Email Template

Phase 1 Results & Insights:

A matrix organization creates many small, untraceable demands that are often overlooked in resource management efforts, which leads to underestimating total demand and overcommitting resources. To capture them and enhance the success of your resource management effort, focus on completeness rather than precision. Precision of data will improve over time as your process maturity grows.

Step 1.1: Set a resource management course of action

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:
  • Determine your resource management process capability level
  • Assess how accountability for resource management is currently distributed
This step involves the following participants:
  • CIO / IT Director
  • PMO Director/ Portfolio Manager
  • Functional / Resource Managers
  • Project Managers
Outcomes of this step
  • Current distribution of accountability for resource management practice
  • Root-cause analysis of resourcing challenges facing the organization
  • Commitment to implementing a right-sized resource management practice

“Too many projects, not enough resources” is the reality of most IT environments

A profound imbalance between demand (i.e. approved project work and service delivery commitments) and supply (i.e. people’s time) is the top challenge IT departments face today..

In today’s organizations, the desires of business units for new products and enhancements, and the appetites of senior leadership to approve more and more projects for those products and services, far outstrip IT’s ability to realistically deliver on everything.

The vast majority of IT departments lack the resourcing to meet project demand – especially given the fact that day-to-day operational demands frequently trump project work.

As a result, project throughput suffers – and with it, IT’s reputation within the organization.

Info-Tech Insight

Where does the time go? The portfolio manager (or equivalent) should function as the accounting department for time, showing what’s available in IT’s human resources budget for projects and providing ongoing visibility into how that budget of time is being spent.

Resource management can help to even out staff workloads and improve project and service delivery results

As the results of a recent survey* show, the top three pain points for IT and PMO leaders all revolve around a wider cultural negligence concerning staff time:

  • Overcommitted resources
  • Constant change that affects staff assignments
  • An inability to prioritize shared resources

A resource management strategy can help to alleviate these pain points and reconcile the imbalance between supply and demand by achieving the following outcomes:

  • Improving resource visibility
  • Reducing overallocation, and accordingly, resource stress
  • Reducing project delay
  • Improving resource efficiency and productivity

Top risks associated with poor resource management

Inability to complete projects on time – 52%

Inability to innovate fast enough – 39%

Increased project costs – 38%

Missed business opportunities – 34%

Dissatisfied customers or clients – 32%

12 times more waste – Organizations with poor resource management practices waste nearly 12 times more resource hours than high-performing organizations. (PMI, 2014)

Resource management is a core process in Info-Tech’s project portfolio management framework

Project portfolio management (PPM) creates a stable and secure infrastructure around projects.

PPM’s goal is to maximize the throughput of projects that provide strategic and operational value to the organization. To do this, a PPM strategy must help to:

Info-Tech's Project Portfolio Management Process Model
3. Status & Progress Reporting [make sure the projects are okay]
1. Intake, Approval, & Prioritization [select the right projects] 2. Resource Management [Pick the right time and people to execute the projects Project Management

4. Project Closure

[make sure the projects get done]

5. Benefits Tracking

[make sure they were worth doing]

Organizational Change Management
Intake → Execution→ Closure

If you don’t yet have a PPM strategy in place, or would like to revisit your existing PPM strategy before implementing resource management practices, see Info-Tech’s blueprint, Develop a Project Portfolio Management Strategy.

Effective resource management is rooted in a relatively simple set of questions

However, while the questions are rather simple, the answers become complicated by challenges unique to matrix organizations and other workplace realities in 2017.

To support the goals of PPM more generally, resource management must (1) supply quality work-hours to approved and ongoing projects, and (2) supply reliable data with which to steer the project portfolio.

To do this, a resource management strategy must address a relatively straightforward set of questions.

Key Questions

  • Who assigns the resources?
  • Who feeds the data on resources?
  • How do we make sure it’s valid?
  • How do we handle contingencies when projects are late or when availability changes?

Challenges

  • Matrix organizations require project workers to answer to many masters and balance project work with “keep the lights on” activities and other administrative work.
  • Interruptions, distractions, and divided attention create consistent challenges for workplace productivity.

"In matrix organizations, complicated processes and tools get implemented to answer the deceptively simple question “what’s Bob going to work on over the next few months?” Inevitably, the data captured becomes the focus of scrutiny as functional and project managers complain about data inaccuracy while simultaneously remaining reluctant to invest the effort necessary to improve quality." – Kiron Bondale

Determine your organization’s resource management capability level with a maturity assessment

1.1.1
10 minutes

Input

  • Organizational strategy and culture

Output

  • Resource management capability level

Materials

  • N/A

Participants

  • PMO Director/ Portfolio Manager
  • Project Managers
  • Resource Managers

Kick-off the discussion on the resource management process by deciding which capability level most accurately describes your organization’s current state.

Capability Level Descriptions
Capability Level 5: Optimized Our organization has an accurate picture of project versus non-project workloads and allocates resources accordingly. We periodically reclaim lost capacity through organizational and behavioral change.
Capability Level 4: Aligned We have an accurate picture of how much time is spent on project versus non-project work. We allocate resources to these projects accordingly. We are checking in on project progress bi-weekly.
Capability Level 3: Pixelated We are allocating resources to projects and tracking progress monthly. We have a rough estimate of how much time is spent on project versus non-project work.
Capability Level 2: Opaque We match resource teams to projects and check in annually, but we do not forecast future resource needs or track project versus non-project work.
Capability Level 1: Unmanaged Our organization expects projects to be finished, but there is no process in place for allocating resources or tracking project progress.

If resources are poorly managed, they prioritize work based on consequences rather than on meeting demand

As a result, matrix organizations are collectively steered by each resource and its individual motives, not by managers, executives, or organizational strategy.

In a matrix organization, demands on a resource’s time come from many directions, each demand unaware of the others. Resources are expected to prioritize their work, but they typically lack the authority to formally reject demand, so demand frequently outstrips the supply of work-hours the resource can deliver.

When this happens, the resource has three options:

  1. Work more hours, typically without compensation.
  2. Choose tasks not to do in a way that minimizes personal consequences.
  3. Diminish work quality to meet quantity demands.

The result is an unsustainable system for those involved:

  1. Resources cannot meet expectations, leading to frustration and disengagement.
  2. Managers cannot deliver on the projects or services they manage and struggle to retain skilled resources who are looking elsewhere for “greener pastures.”
  3. Executives cannot execute strategic plans as they lose decision-making power over their resources.

Scope your resource management practices within a matrix organization by asking “who?”

Resource management boils down to a seemingly simple question: how do we balance supply and demand? Balancing requires a decision maker to make choices; however, in a matrix organization, identifying this decision maker is not straightforward:

Balance

  • Who decides how much capacity should be dedicated to project work versus administrative or operational work?
  • Who decides how to respond to unexpected changes in supply or demand?

Supply

  • Who decides how much total capacity we have for each necessary skill set?
  • Who manages the contingency, or redundancy, of capacity?
  • Who validates the capacity supply as a whole?
  • Who decides what to report as unexpected changes in supply (and to whom)?

Demand

  • Who generates demand on the resource that can be controlled by their manager?
  • Who generates demand on the capacity that cannot be controlled by their manager?
  • Who validates the demand on capacity as a whole?
  • Who decides what to report as unexpected changes in demand (and to whom)?

The individual who has the authority to make choices, and who is ultimately liable for those decisions, is an accountable person. In a matrix organization, accountability is dispersed, sometimes spilling over to those without the necessary authority.

To effectively balance supply and demand, senior management must be held accountable

Differentiate between responsibility and accountability to manage the organization’s project portfolio effectively.

Responsibility

The responsible party is the individual (or group) who actually completes the task.

Responsibility can be shared.

VS.

Accountability

The accountable person is the individual who has the authority to make choices, and is ultimately answerable for the decision.

Accountability cannot be shared.

Resources often do not have the necessary scope of authority to make resource management choices, so they can never be truly accountable for the project portfolio. Instead, resources are accountable for making available trustworthy data, so the right people can make choices driven by organizational strategy.

The next activity will assess how accountability for resource management is currently distributed in your organization.

Assess the current distribution of accountability for resource management practice

1.1.2
15 minutes

Input

  • Organizational strategy and culture

Output

  • Current distribution of accountabilities for resource management

Materials

  • Whiteboard/flip chart
  • Markers

Participants

  • CIO
  • PMO Director/ Portfolio Manager

Below is a list of tasks in resource management that require choices. Discuss who is currently accountable and whether they have the right authority and ability to deliver on that accountability.

Resource management tasks that require choices Accountability
Current Effective?
Identify all demands on resources
Prioritize identified project demands
Prioritize identified operational demands
Prioritize identified administrative demands
Prioritize all of the above demands
Enumerate resource supply
Validate resource supply
Collect and validate supply and demand data
Defer or reject work beyond available supply
Adjust resource supply to meet demand

Develop coordination between project and functional managers to optimize resource management

Because resources are invariably responsible for both project and non-project work, efforts to procure capacity for projects cannot exist in isolation.

IT departments need many different technical skill sets at their disposal for their day-to-day operations and services, as well as for projects. A limited hiring budget for IT restricts the number of hires with any given skill, forcing IT to share resources between service and project portfolios.

This resource sharing produces a matrix organization divided along the lines of service and projects. Functional and project managers provide respective oversight for services and projects. Resources split their available work-hours toward service and project tasks according to priority – in theory.

However, in practice, two major challenges exist:

  1. Poor coordination between functional and project managers causes commitments beyond resource capacity, disputes about resource oversight, and animosity among management, all while resources struggle to balance unclear priorities.
  2. Resources have a “third boss,” namely uncontrolled demands from the rest of the business, which lack both visibility and accountability.

The image shows a board balanced on a ball (labelled Resource Management), with two balls on either end of it (Capacity Supply on the left, and Demand on the right), and another board balanced on top of the right ball, with two more balls balanced on either side of it (Projects on the left and Operational, Administrative, Etc. on the right).

Resource management processes must account for the numerous small demands generated in a matrix organization

Avoid going bankrupt $20 at a time: small demands add up to a significant chunk of work-hours.

Because resource managers must cover both projects and services within IT, the typical solution to allocation problems in matrix organizations is to escalate the urgency and severity of demands by involving the executive steering committee. Unfortunately, the steering committee cannot expend time and resources on all demands. Instead, they often set a minimum threshold for cases – 100-1,000 work-hours depending on the organization.

Under this resource management practice, small demands – especially the quick-fixes and little projects from “the third boss” – continue to erode project capacity. Eventually, projects fail to get resources because pesky small demands have no restrictions on the resources they consumed.

Realistic resource management needs to account for demand from all three bosses; however…

Info-Tech Insight

Excess project or service request intake channels lead to the proliferation of “off-the-grid” projects and tasks that lack visibility from the IT leadership. This can indicate that there may be too much red tape: that is, the request process is made too complex or cumbersome. Consider simplifying the request process and bring IT’s visibility into those requests.

Interrogate your resource management problems to uncover root causes

1.1.3
30 minutes to 1 hour

Input

  • Organizational strategy and culture

Output

  • Root causes of resource management failures

Materials

  • Whiteboard/flip chart
  • Sticky notes
  • Markers

Participants

  • CIO
  • PMO Director/ Portfolio Manager
  • Functional Managers
  • Project Managers
  1. Pick a starting problem statement in resource management. e.g. projects can’t get resource work-hours.
  2. Ask the participants “why”? Use three generic headings – people, processes, and technology – to keep participants focused. Keep the responses solution-agnostic: do not jump to solutions. If you have a large group, divide into smaller groups and use sticky notes to encourage more participation in this brainstorming step.
People Processes Technology
  • We don’t have enough people/skills.
  • People are tied up on projects that run late.
  • Functional and project managers appear to hoard resources.
  • Resources cannot prioritize work.
  • Resources are too busy responding to 911s from the business.
  • Resources cannot prioritize projects vs. operational tasks.
  • “Soft-closed” projects do not release resources for other work.
  • We don’t have tools that show resource availability.
  • Tools we have for showing resource availability are not being used.
  • Data is inaccurate and unreliable.
  1. Determine the root cause by iteratively asking “why?” up to five times, or until the chain of whys comes full circle. (i.e. Why A? B. Why B? C. Why C? A.) See below for an example.

1.1.2 Example of a root-cause analysis: people

The following is a non-exhaustive example:

The image shows an example of a root-cause analysis. It begins on the left with the header People, and then lists a series of challenges below. Moving toward the right, there are a series of headers that read Why? at the top of the chart, and listing reasons for the challenges below each one. As you read through the chart from left to right, the reasons for challenges become increasingly specific.

Right-size your resource management strategy with Info-Tech’s realistic resource management practice

If precise, accurate, and complete data on resource supply and demand was consistently available, reporting on project capacity would be easy. Such data would provide managers complete control over a resource’s time, like a foreman at a construction site. However, this theoretical scenario is incompatible with today’s matrixed workplace:

  • Sources of demand can lie outside IT’s control.
  • Demand is generated chaotically, with little predictability.
  • Resources work with minimal supervision.

Collecting and maintaining resource data is therefore nearly impossible:

  • Achieving perfect data accuracy creates unnecessary overhead.
  • Non-compliance by one project or resource makes your entire data set unusable for resource management.

This blueprint will guide you through right-sizing your resource management efforts to achieve maximum value-to-effort ratio and sustainability.


The image shows a graph with Quality, Value on the Y axis, and Required Effort on the X-Axis. The graph is divided into 3 categories, based on the criteria: Value-to-effort Ratio and Sustainability. The three sections are labelled at the top of the graph as: Reactive, “gut feel”-driven; Right-sized resource management; Full control, complete data. The 2nd section is bolded. The line in the graph starts low, rising through the 2nd section, and is stable at the top of the chart in the final section.

Choose your resource management course of action

Portfolio managers looking for a resource management solution have three mutually exclusive options:

Option A: Do Nothing

  • Rely on expert judgment and intuition to make portfolio choices.
  • Allow the third boss to dictate the demands of your resources.

Option B: Get Precise

  • Aim for granularity and precision of data with a solution that may demand more capacity than is realistically available by hiring, outsourcing, or over-allocating people’s time.
  • Require detailed, accurate time sheets for all project tasks.
  • For those choosing this option, proceed to Info-Tech’s Select and Implement a PPM Solution.

Option C: Get Realistic

  • Balance capacity supply and demand using abstraction.
  • Implement right-sized resource management practices that rely on realistic, high-level capacity estimates.
  • Reduce instability in data by focusing on resource capacity, rather than granular project demands and task level details.

This blueprint takes you through the steps necessary to accomplish Option C, using Info-Tech’s tools and templates for managing your resources.

Step 1.2: Create realistic estimates of supply and demand

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:
  • Create a realistic estimate of project capacity
  • Map all sources of demand on resources at a high level
  • Validate your supply and demand assumptions by directly surveying your resources
This step involves the following participants:
  • PMO Director / Portfolio Manager
  • Project Managers (optional)
  • Functional / Resource Managers (optional)
  • Project Resources (optional)
Outcomes of this step
  • A realistic estimate of your total and project capacity, as well as project and non-project demand on their time
  • Quantitative insight into the resourcing challenges facing the organization
  • Results from a time-tracking survey, which are used to validate the assumptions made for estimating resource supply and demand

Create a realistic estimate of your project capacity with Info-Tech’s Resource Management Supply-Demand Calculator

Take an iterative approach to capacity estimates: use your assumptions to create a meaningful estimate, and then validate with your staff to improve its accuracy.

Use Info-Tech’s Resource Management Supply-Demand Calculator to create a realistic estimate of your project capacity.

The calculator tool requires minimal upfront staff participation: you can obtain meaningful results with participation from even a single person, with insight on the distribution of your resources and their average work week or month. As the number of participants increases, the quality of analysis will improve.

The first half of this step guides you through how to use the calculator. The second half provides tactical advice on how to gather additional data and validate your resourcing data with your staff.

Download Info-Tech’s Resource Management Supply-Demand Calculator

Info-Tech Insight

What’s first, process or tools? Remember that process determines the quality of your data while data quality limits the tool’s utility. Without quality data, you cannot evaluate the success of the tool, so nail down your collection process first.

Break down your resource capacity into high-level buckets of time for each role

1.2.1
30 minutes - 1 hour

Input

  • Staff resource types
  • Average work week
  • Estimated allocations

Output

A realistic estimate of project capacity

Materials

Resource Management Supply-Demand Calculator

Participants

  • PMO Director
  • Resource/Functional Managers (optional)

We define four high-level buckets of resource time:

  • Absence: on average, a resource spends 14% of the year on vacation, statutory holidays, business holidays and other forms of absenteeism.
  • Administrative: time spent on meetings, recordkeeping, etc.
  • Operational: keeping the lights on; reactive work.
  • Projects: time to work on projects; typically, this bucket of time is whatever’s left from the above.

The image shows a pie chart with four sections: Absence - 6,698 14%; Admin - 10,286 22%; Keep the Lights On - 15, 026 31%; Project Capacity 15, 831 33%.

Instructions for working through Tab 2 of the Resource Management Supply-Demand Calculator are provided in the next two sections. Follow along to obtain your breakdown of annual resource capacity in a pie chart.

Break down your resource capacity into high-level buckets of time for each role

1.2.1
Resource Management Supply-Demand Calculator, Tab 2: Capacity Supply

Discover how many work-hours are at your disposal by first accounting for absences.

The image shows a section of the Resource Management Supply-Demand Calculator, for calculating absences, with sample information filled in.

  1. Compile a list of each of the roles within your department.
  2. Enter the number of staff currently performing each role.
  3. Enter the number of hours in a typical work week for each role.
  4. Enter the foreseeable out-of-office time (vacation, sick time, etc.) Typically, this value is 12-16% depending on the region.

Hours per Year represents your total resource capacity for each role, as well as the entire department. This column is automatically calculated.

Working Time per Year represents your total resource capacity minus time employees are expected to spend out of office. This column is automatically calculated.

Info-Tech Insight

Example for a five-day work week:

  • 2 weeks (10 days) of statutory holidays
  • 3 weeks of vacation
  • 1.4 weeks (7 days) of sick days on average
  • 1 week (5 days) for company holidays

Result: 7.4/52 weeks’ absence = 14.2%

Break down your resource capacity into high-level buckets of time for each role (continued)

1.2.1
Resource Management Supply-Demand Calculator, Tab 2: Capacity Supply

Determine the current distribution of your resources’ time and your confidence in whether the resources indeed supply those times.

The image is a screen capture of the Working Time section of the calculator, with sample information filled in.

5. Enter the percentage of working time across each role that, on an annual basis, goes toward administrative duties (non-project meetings, training, time spent checking email, etc.) and keep-the-lights-on work (e.g. support and maintenance work).

While these percentages will vary by individual, a high-level estimate across each role will suffice for the purposes of this activity.

6. Express how confident you are in each resource being able to deliver the calculated project work hours in percentages.

Another interpretation for supply confidence is “supply control”: estimate your current ability to control this distribution of working time to meet the changing needs in percentages.

Percentage of your working time that goes toward project work is calculated based upon what’s left after your non-project working time allocations have been subtracted.

Create a realistic estimate of the demand from your project portfolio with the T-shirt sizing technique

1.2.2
15 minutes - 30 minutes

Input

  • Average work-hours for a project
  • List of projects
  • PPM Current State Scorecard

Output

A realistic estimate of resource demand from your project portfolio

Materials

Resource Management Supply-Demand Calculator

Participants

  • PMO Director
  • Project Managers (optional)

Quickly re-express the size of your project portfolio in resource hours required.

Estimating the resources required for a project in a project backlog can take a lot of effort. Rather than trying to create an accurate estimate for each project, a set of standard project sizes (often referred to as the “T-shirt sizing” technique) will be sufficiently accurate for estimating your project backlog’s overall demand.

Instructions for working through Tab 3 of the tool are provided here and in the next section.

1. For each type of project, enter the average number for work-hours.

Project Types Average Number of Work Hours for a Project
Small 80
Medium 200
Large 500
Extra-Large 1000

Improve your estimate of demand from your project portfolio by accounting for unproductive capacity spending

1.2.2
Resource Management Supply-Demand Calculator, Tab 3: Project Demand

2. Using your list of projects, enter the number of projects for each appropriate field.

The image shows a screen capture of the number of projects section of the Resource Management Supply-Demand Calculator, with sample information filled in.

3. Enter your resource waste data from the PPM Current State Scorecard (see next section). Alternatively, enter your best guess on how much project capacity is spent wastefully per category.

The image shows a screen capture of the Waste Assessment section of the Resource Management Supply-Demand Calculator, with sample information filled in, and a pie chart on the right based on the sample data.

Info-Tech Insight

The calculator estimates the project demand by T-shirt-sizing the work-hours required by projects to be delivered within the next 12 months and then adding the corresponding wasted capacity. This may be a pessimistic estimate, but it is more realistic because projects tend to be delivered late more than early.

Estimate how much project capacity is wasted with Info-Tech’s PPM Current State Scorecard

Call 1-888-670-8889 or contact your Account Manager for more information.

This step is highly recommended but not required.

Info-Tech’s PPM Current State Scorecard diagnostic provides a comprehensive view of your portfolio management strengths and weaknesses, including project portfolio management, project management, customer management, and resource utilization.

Use the wisdom-of-the-crowd to estimate resource waste in:

  • Cancelled projects
  • Inefficiency
  • Suboptimal assignment of resources
  • Unassigned resources
  • Analyzing, fixing, and redeploying

50% of PPM resource is wasted on average, effectively halving your available project capacity.

Estimate non-project demand on your resources by role

1.2.3
45 minutes - 1 hour

Input

  • Organizational chart
  • Knowledge of staff non-project demand

Output

Documented non-project demands and their estimated degree of fluctuation

Materials

Resource Management Supply-Demand Calculator

Participants

  • PMO Director
  • Functional Managers (optional)
Document non-project demand that could eat into your project capacity.

When discussing project demands, non-project demands (administrative and operational) are often underestimated and downplayed – even though, in reality, they take a de facto higher priority to project work. Use Tab 4 of the tool to document these non-project demands, as well as their sources.

The image shows a screen capture from Tab 4 of the tool, with sample information filled in.

1. Choose a role using a drop-down list.

2. Enter the type and the source of the demand.

3. Enter the size and the frequency of the demand in hours.

4. Estimate how stable the non-project demands are for each role.

Examine and discuss your supply-demand analysis report

1.2.4
30 minutes - 1 hour

Input

Completed Resource Management Supply-Demand Calculator

Output

Supply-Demand Analysis Report

Materials

Resource Management Supply-Demand Calculator

Participants

  • PMO Director
  • Functional Managers
  • Project Managers

Start a data-driven discussion on resource management using the capacity supply-demand analysis report.

Tab 5 of the calculator is a report that contains the following analysis:

  1. Overall resource capacity supply and demand gap
  2. Project capacity supply vs. demand gap
  3. Non-project capacity supply vs. demand balance
  4. Resource capacity confidence

Each analysis is described and explained in the following four sections. Examine the report and discuss the following among the activity participants:

  1. How is your perception of the current resource capacity supply-demand balance affected by this analysis? How is it confirmed? Is it changed?
  2. Perform a root-cause analysis of problems revealed by the report. For each observation, ask “why?” repeatedly – generally, you can arrive at the root cause in four iterations.
  3. Refer back to Activity 1.1.2: current distribution of accountability for resource management. In your situation, how would you prioritize which resource management tasks to improve? Who are the involved stakeholders?

Examine your supply-demand analysis report: overall resource capacity gap

1.2.4
Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

1. Examine your resource capacity supply and demand gap.

The top of the report on Tab 5 shows a breakdown of your annual resource supply and demand, with resource capacity shown in both total hours and percentage of the total. For the purposes of the analysis, absence is averaged. If total demand is less than available resource supply, the surplus capacity will be displayed as “Free Capacity” on the demand side.

The Supply & Demand Analysis table displays the realistic project capacity, which is calculated by subtracting non-project supply deficit from the project capacity. This is based on the assumption that all non-project work must get done. The difference between the project demand and the realistic project capacity is your supply-demand gap, in work-hours.

If your supply-demand gap is zero, recognize that the project demand does not take into account the project backlog: it only takes into account the projects that are expected to be delivered within the next 12 months.

Examine your supply-demand analysis report: project capacity gap

1.2.4
Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

2. Examine your project capacity supply vs. demand gap.

The project capacity supply and demand analysis compares your available annual project capacity with the size of your project portfolio, expressed in work-hours.

The supply side is further broken down to productive vs. wasted project capacity. The demand side is broken down to three buckets of projects: those that are active, those that sit in the backlog, and those that are expected to be added within 12 months. Percentage values are expressed in terms of total project capacity.

A key observation here is the limitation to which reducing wasteful spending of resources can get to the project portfolio backlog. In this example, even a theoretical scenario of 100% productive project capacity will not likely result in net shrinkage of the project portfolio backlog. To achieve that, either the total project capacity must be increased, or less projects must be approved.

Note: the work-hours necessary for delivering projects that are expected to be completed within 12 months is not shown in this visualization, as they should be represented within the other three categories of projects.

Examine your supply-demand analysis report: non-project capacity gap

1.2.4
Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

3. Drill down on the non-project capacity supply-demand balance by each role.

The non-project capacity supply and demand analysis compares your available non-project capacity and their demands in a year, for each role, in work-hours.

With this chart, you can:

  1. Observe which roles are “running hot,” (i.e. they have more demand than available supply).
  2. Verify your non-project/project supply ratio assumptions in Tab 2 of the tool / Activity 1.2.1.

Tab 5 also provides similar breakdowns for administrative and keep-the-lights-on capacity supply and demand by each role.

Examine your supply-demand analysis report: resource capacity confidence (RCC)

1.2.4
Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

4. Examine your resource capacity confidence.

In our approach, we introduce a metric called Resource Capacity Confidence (RCC). Conceptually, RCC is defined as follows:

Resource Capacity Confidence = SC × DS × SDR

Term Name Description
SC Supply Control How confident are you that the supply of your resources’ project capacity will be delivered?
DS Demand Stability How wildly does demand fluctuate? If it cannot be controlled, can it be predicted?
SDR Supply-Demand Ratio How severely does demand outstrip supply?

In this context, RCC can be defined as follows:

"Given the uncertainty that our resources can supply hours according to the assumed project/non-project ratio, the fluctuations in non-project demand, and the overall deficit in project capacity, there is about 50% chance that we will be able to deliver the projects we are expected to deliver within the next 12 months."

Case study: Non-project work is probably taking far more time than you might like

CASE STUDY

Industry Government

Source Info-Tech Client

"When our customers get a budget for a project, it’s all in capital. It never occurs to them that IT has a limited number of hours. "

Challenge

  • A small municipal government was servicing a wide geographic area for information technology and infrastructure services.
  • There was no meaningful division of IT resources between support and project work.
  • Previous IT leadership tried a commercial PPM tool and stopped paying maintenance fees for it because of lack of adoption.
  • Projects were tracked inconsistently in multiple places.

Solution

  • New project requests were approved with IT involvement.
  • Project approvals were entirely associated with the capital budget required and resourcing was never considered to be a constraint.
  • The broad assumption was that IT time was generally available for project work.
  • In reality, the IT personnel had almost no time for project work.

Results

  • The organization introduced Info-Tech’s Grow Your Own PPM Solution template with minor modifications.
  • They established delivery dates for projects based on available time.
  • Time was allocated for projects based on person, project, percentage of time, and month.
  • They prioritized project allocations above reactive support work.

Validate your resourcing assumptions with your staff by surveying their use of time

Embrace the reality of imperfect IT labor efficiency to improve your understanding of resource time spend.

Use Info-Tech’s time-tracking survey to validate your resourcing assumptions and get additional information to improve your understanding of resource time spent: imperfect labor efficiency and continuous partial attention.

Causes of imperfect IT labor inefficiency
  • Most IT tasks are unique to their respective projects and contexts. A component that took 30 minutes to install last year might take two hours to install this year due to system changes that occurred since then.
  • Many IT tasks come up unexpectedly due to the need to maintain and support systems implemented on past projects. This work is unpredictable in terms of specifics (what will break where, when, or how).
  • Task switching slows people down and consumes time.
  • Problem solving and solution design often requires unstructured time to think more openly. Some of the most valuable solutions are conceived or discovered when people aren’t regimented and focused on getting things done.

Info-Tech Insight

Part of the old resource management mythology is the idea that a person can do (for example) eight different one-hour tasks in eight hours of continuous work. This idea has gone from harmlessly mistaken to grossly unrealistic.

Constant interruptions lead to continuous partial attention that threatens real productivity

There’s a difference between being busy and getting things done.

“Working” on multiple tasks at once can often feel extremely gratifying in the short term because it distracts people from thinking about work that isn’t being done.

The bottom line is that continuous partial attention impedes the progress of project work.

Research on continuous partial attention
  • A study that analyzed interruptions and their effects on individuals in the workplace found that that “41% of the time an interrupted task was not resumed right away” (Mark, 2015).
  • Research has also shown that it can take people an average of 23 minutes to return to a task after being interrupted (Schulte, 2015).
  • Delays following interruptions are typically due to switching between multiple other activities before returning to the original task. In many cases, those tasks are much lower priorities – and in some cases not even work-related.

Info-Tech Insight

It may not be possible to minimize interruptions in the workplace, as many of these are considered to be urgent at the time. However, setting guidelines for how and when individuals can be interrupted may help to limit the amount of lost project time.

"Like so many things, in small doses, continuous partial attention can be a very functional behavior. However, in large doses, it contributes to a stressful lifestyle, to operating in crisis management mode, and to a compromised ability to reflect, to make decisions, and to think creatively."

– Linda Stone, Continuous Partial Attention

Define the goals and the scope of the time-tracking survey

1.2.5
30 minutes

Input

Completed Resource Management Supply-Demand Calculator

Output

Survey design for the time-tracking survey

Materials

N/A

Participants

  • PMO Director
  • Functional Managers
  • Project Managers

Discuss the following with the activity participants:

  1. Define the scope of the survey
    • Respondents: Comprehensive survey of individuals vs. a representative sample using roles.
    • Granularity: decide how in-depth the questions will be and how often the survey will be delivered.
    • Data Collection: what information do you want to collect?
      • Proportion of project vs. non-project work.
      • Time spent on administrative tasks.
      • Prevalence and impact of distractions.
      • Worker satisfaction.
  2. Determine the sample time period covered by the survey
    • Info-Tech recommends 2-4 weeks. Less than 2 weeks might not be a representative sample, especially during vacation seasons.
    • More than 4 weeks will impose unreasonable time and effort for diminishing returns; data quality will begin to deteriorate as participation declines.
  3. Determine the survey method
    • Use your organization’s preferred survey distributor/online survey tool, or conduct one-on-one interviews to capture data.

1.2.5 continued - Refine the questionnaire to improve the relevance and quality of insights produced by the survey

Start with Info-Tech’s recommended weekly survey questions:

  1. Estimate your daily average for number of hours spent on:
    1. Total work
    2. Project work
    3. Non-project work
  2. How many times are you interrupted with “urgent” requests requiring immediate response in a given day?
  3. How many people or projects did you complete tasks for this week?
  4. Rate your overall satisfaction with work this week.
  5. Describe any special tasks, interruptions, or requests that took your time and attention away from project work this week.

Customize these questions to suit your needs.

Info-Tech Insight

Maximize the number of survey responses you get by limiting the number of questions you ask. Info-Tech finds that participation drops off rapidly after five questions.

1.2.5 continued - Communicate the survey goals and steps, and conduct the survey

  1. Communicate the purpose and goals of the survey to maximize participation and satisfaction.
    • Provide background for why the survey is taking place. Clarify that the intention is to improve working conditions and management capabilities, not to play “gotcha” or hold workers accountable.
  2. Provide a timeline so expectations are clear about when possible next steps will occur, such as
    • Sharing and analyzing results
    • Making decisions
    • Taking action
  3. Reiterate what people are required or expected to do and how much effort is required. Provide reasonable and realistic estimates of how much time and effort people should spend on audit participation.
  4. Distribute the survey; collect and analyze the data.

Info-Tech Insight

Make sure that employees understand the purpose of the survey. It is important that they give honest responses that reflect the struggles they are encountering with balancing project and non-project work, not simply telling management what they want to hear.

Ensuring that employees know this survey is being used to help them, rather than scolding them for not completing work, will give you useful, insightful data on employee time.

Use Info-Tech’s Time-Tracking Survey Email Template for facilitating your communications.

Info-Tech Best Practice

Provide guidance to your resources with examples on how to differentiate project work vs. non-project work, administrative vs. keep-the-lights-on work, what counts as interruptions, etc.

Optimize your project portfolio to maintain continuous visibility into capacity

Now that you have a realistic picture of your realized project capacity and demand amounts, it’s time to use these values to tailor and optimize your resource management practices.

Based on desired outcomes for this phase, we have

  1. Determined the correct course of action to resolve your supply/demand imbalances.
  2. Assessed the overall project capacity of your portfolio.
  3. Cataloged sources of project and non-project demands.
  4. Performed a time audit to create an accurate and realistic picture of the time spent on different types of work.

In the next phase, we will:

  1. Wireframe a resource management process.
  2. Choose a resource management tool.
  3. Define data collection, analysis, and reporting steps within a sustainable resource management process.

The image is a screenshot from tab 6 of the Time Audit Workbook. The image shows two pie charts.

The image is a screenshot from tab 6 of the Time Audit Workbook. The image shows a pie chart.

Screenshots from tab 6 of the Time Audit Workbook.

Info-Tech Insight

The validity of traditional, rigorous resource planning has long been an illusion because the resource projections were typically not maintained. New realities such as faster project cycles, matrix organizations, and high-autonomy staff cultures have made the illusion impossible to maintain.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1.2 Assess the current distribution of accountability for resource management practice

Discuss who is currently accountable for various facets of resource management, and whether they have the right authority and ability to deliver on that accountability.

1.2.1 Create realistic estimates of supply and demand using Info-Tech’s Supply-Demand Calculator

Derive actionable, quantitative insight into the resourcing challenges facing the organization by using Info-Tech’s methodology that prioritizes completeness over precision.

Phase 2

Design a Realistic Resource Management Process

Phase 2 Outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 2: Draft a Resource Management Process

Proposed Time to Completion (in weeks): 3-6 weeks

Step 2.1: Determine the dimensions of resource management

Start with an analyst kick-off call:

  • Introduce the seven dimensions of resource management
  • Trade-off between granularity and utility of data

Then complete these activities…

  • Decide on the seven dimensions
  • Examine the strategy’s cost-of-use

With these tools & templates:

Resource Management Playbook

Step 2.2: Support your process with a resource management tool

Discuss with the analyst:

  • Inventory of available PPM tools
  • Overview of Portfolio Manager Lite 2017

Then complete these activities…

  • Populate the tool with data
  • Explore portfolio data with the workbook’s output tabs

With these tools & templates:

  • Portfolio Manager Lite
  • PPM Solution Vendor Demo Script
Step 2.3: Build process steps

Discuss with the analyst:

  • Common challenges of resource management practice
  • Recommendations for a pilot initiative

Then complete these activities…

  • Review and customize contents of the Resource Management Playbook

With these tools & templates:

  • Resource Management Playbook

Phase 2 Results & Insights:

Draft the resource management practice with sustainability in mind. It is about what you can and will maintain every week, even during a crisis: it is not about what you put together as a one-time snapshot. Once you stop maintaining resource data, it's nearly impossible to catch up.

Step 2.1: Customize the seven dimensions of resource management

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:
  • Establish a default project vs. non-project work ratio
  • Decide the scope of allocation for your strategy
  • Set your allocation cadence
  • Limit the granularity of time allocation
  • Define the granularity of work assignment
  • Apply a forecast horizon
  • Determine the update frequency
This step involves the following participants:
  • CIO / IT Director
  • PMO Director / Portfolio Manager
  • Functional / Resource Managers
  • Project Managers
Outcomes of this step
  • Seven dimensions of resource management, chosen to fit the current needs and culture of the organization
  • Parameters for creating a resource management process (downstream)

There is no one-size-fits-all resource management strategy

Don’t get boxed into a canned solution that doesn’t make sense for your department’s maturity level and culture.

Resource management strategies are commonly implemented “out-of-the-box,” via a commercial PPM or time-tracking tool, or an external third-party consultant in partnership with those types of tools.

While these solutions and best practices have insights to offer – and provide admirable maturity targets – they often outstrip the near-term abilities of IT teams to successfully implement, adopt, and support them.

Tailor an approach that makes sense for your department and organization. You don’t need complex and granular processes to get usable resourcing data; you just need to make sure that you’ve carved out a process that works in terms of providing data you can use.

  • In this step, we will walk you through Info-Tech’s seven dimensions of resource management to help wireframe your resource management process.
  • In the subsequent steps in this phase, we will develop these dimensions from a wireframe into a functioning process.

Info-Tech Insight

Put processes before tools. Most commercial PPM tools include a resource management function that was designed for hourly granularity. This is part of the fallacy of an old reality that was never real. Determine which goals are realistic and fit your solution to your problem.

Wireframe a strategy that will work for your department using Info-Tech’s seven dimensions of resource management

Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

In this step, we will walk you through the decision points in each dimension to determine the departmental specificities of your resource management strategy

Default project vs. non-project ratio

How much time is available for projects once non-project demands are factored in?

Reporting frequency

How often is the allocation data verified, reconciled, and reported for use?

Forecast horizon

How far into the future can you realistically predict resource supply?

Scope of allocation

To whom is time allocated?

Allocation cadence

How long is each allocation period?

Granularity of time allocation

What’s the smallest unit of time to allocate?

Granularity of work assignment

What is time allocated to?

Info-Tech Best Practice

Ensure that both the functional managers and the project managers participate in the following discussions. Without buy-in from both dimensions of the matrix organization, you will have difficulty making meaningful resource management data and process decisions.

Establish your default project versus non-project work ratio

2.1.1
30 minutes

Input

  • Completed Resource Management Supply-Demand Calculator

Output

  • Default organizational P-NP ratio and role-specific P-NP ratios

Materials

  • Resource Management Supply-Demand Calculator
  • Time Audit Workbook
  • Resource Management Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

How much time is available for projects once non-project demands are factored in?

The default project vs. non-project work ratio (P-NP Ratio) is a starting point for functional and project managers to budget the work-hours at their disposal as well as for resources to split their time – if not directed otherwise by their managers.

How to set this dimension. The Resource Management Supply-Demand Calculator from step 1.2 shows the current P-NP ratio for the department, and how the percentages translate into work-hours. The Time Audit Workbook from step 1.2 shows the ratio for specific roles.

For the work of setting this dimension, you can choose to keep the current ratio from step 1.2 as your default, or choose a new ratio based on the advice below.

  • Discuss and decide how the supply-demand gap should be reconciled from the project side vs. the functional side.
    • Use the current organizational priority as a guide, and keep in mind that the default P-NP ratio is to be adjusted over time to respond to changing needs and priorities of the organization.
    • Once the organizational default P-NP ratio is chosen, defining role-specific ratios may be helpful. A help desk employee may spend only 10% of their time on project work, while an analyst may spend 80% of their time on project work.

Decide the scope of allocation for your strategy

2.1.2
15-30 minutes

Input

  • Current practices for assigning work and allocating time
  • Distribution of RM accountability (Activity 1.1.2)

Output

  • Resource management scope of allocation

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

To whom is time allocated?

Scope of allocation is the “who” of the equation. At the lowest and most detailed level, allocations are made to individual resources. At the highest and most abstract level, though, allocations can be made to a department. Other “whos” in scope of allocation can include teams, roles, or skills.

How to set this dimension. Consider how much granularity is required for your overall project capacity visibility, and the process overhead you’re willing to commit to support this visibility. The more low-level and detailed the scope of allocation (e.g. skills or individuals) the more data maintenance required to keep it current.

  • Discuss and decide to whom time will be allocated for the purposes of resource management.
    • Recall your prior discussion from activity 1.1.2 on how accountabilities for resource management are distributed within your organization.
    • The benefit of allocating teams to projects is that it is much easier to avoid overallocation. When a team is overallocated, it is visible. Individual overallocations can go unnoticed.
    • Once you have mastered the art of keeping resource data current and accurate at a higher level (e.g. team), it can be easier move lower level and assign and track allocations in a per-role or per-person basis.

Set your allocation cadence

2.1.3
15-30 minutes

Input

  • Current practices for assigning work and allocating time
  • Scope of allocation (Activity 2.1.2)

Output

  • Determination of temporal frames over which time will be allotted

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

How long is each allocation period?

How long is each individual allocation period? In what “buckets of time” do you plan to spend time – week by week, month by month, or quarter by quarter? The typical allocation cadence is monthly; however, depending on the scope of allocation and the nature of work assigned, this cadence can differ.

How to set this dimension. Allocation cadence can depend on a number of factors. For instance, if you’re allocating time to agile teams, the cadence would most naturally be bi-weekly; if work is assigned via programs, you might allocate time by quarters.

  • Discuss and decide the appropriate allocation cadence for the purposes of resource management. You could even be an environment that currently has different cadences for different teams. If so, it will be helpful to standardize a cadence for the purposes of centralized project portfolio resource management.
    • If the cadence is too short (e.g. days or weeks), it will require a dedicated effort to maintain the data.
    • If the cadence is too long (e.g. quarters or bi-annual), your resource management strategy could fail to produce actionable insight and lack the appropriate agility in being responsive to changes in direction.
    • Ultimately, your allocation cadence may be contingent upon the limitations of your resource management solution (see step 2.2).

Limit the granularity of time allocation

2.1.3
15-30 minutes

Input

  • Requirements for granularity of data
  • Resource management scope of allocation (Activity 2.1.2)

Output

  • Determination of lowest level of granularity for time allocation

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

What’s the smallest unit of time that will be allocated?

Granularity of time allocation refers to the smallest unit of time that can be allocated. You may not need to set firm limits on this, given that it could differ from PM to PM, and resource manager to resource manager. Nevertheless, it can be helpful to articulate an “as-low-as-you’ll-go” limit to help avoid getting too granular too soon in your data aspirations.

How to set this dimension. At a high level, the granularity of allocation could be as high as a week. At its lowest level, it could be an hour. Other options include a full day (e.g. 8 hours), a half day (4 hours), or 2-hour increments.

  • Discuss and decide the appropriate granularity for all allocations in the new resource management practice.
    • As a guideline, granularity of allocation should be one order of magnitude smaller than the allocation cadence to provide enough precision for meaningfully dividing up each allocation cadence, without imposing an unreasonably rigorous expectation for resources to manage their time.
    • The purpose of codifying this dimension is to help provide a guideline for how granular allocations should be. Hourly granularity can be difficult to maintain, so (for instance) by setting a half-day granularity you can help avoid project managers and resource managers getting too granular.

Define the granularity of work assignments

2.1.4
15-30 minutes

Input

  • Requirements for granularity of work assignment
  • Resource management scope of allocation (Activity 2.1.2)

Output

  • Determination of work assignment

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

To what is time allocated?

Determine a realistic granularity for your allocation. This is the “what” of the equation: what your resources are working on or the size of work for which allocations are managed.

How to set this dimension. A high level granularity of work assignment would assign an entire program, a mid-level scope would involve allocating a project or a phase of a project, and a low level, rigorous scope would involve allocating an individual task.

  • Discuss and decide the appropriate granularity for all work assignments in the new resource management strategy.
    • The higher granularity that is assigned, the more difficult it becomes to maintain the data. However, assigning at program level might not lead to useful, practical data.
    • Begin by allocating to projects to help you mature your organization, and once you have mastered data maintenance at this level, you can move on to a more granular work assignment.
      • If you are at a maturity level of 1 or 2, Info-Tech recommends beginning by assigning by project. If you are at a maturity level 3-4, it may be time to start allocating by phase or task.

Apply a forecast horizon

2.1.5
15-30 minutes

Input

  • Current practices for work planning, capacity forecasting
  • Allocation scope, cadence, and granularity (Activities 2.1.2-4)

Output

  • Resource management forecast horizon

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

How far into the future can you realistically predict resource supply?

Determine a realistic forecasting horizon for your allocation. At this point you have decided “what” “who” is working on and how frequently this will be updated. Now it is time to decide how far resource needs will be forecasted, e.g. “what will this person be working on in 3 months?”

How to set this dimension. A high-level forecast horizon would only look forward week-to-week, with little consideration of the long-term future. A mid-level forecast would involve predicting one quarter in advance and a low-level, rigorous scope would involve forecasting one or more years in advance.

  • Discuss and decide the appropriate forecast horizon that will apply to all allocations in the new resource management practice. It’s important that your forecast horizon helps to foster accurate data. If you can’t ensure data accuracy for a set period, make your forecast horizon shorter.
    • If you are at a maturity level of 1 or 2, Info-Tech recommends forecasting one month in advance.
    • If you are already at level 3-4 on the resource management maturity model, Info-Tech recommends forecasting one quarter to one year in advance.

See the diagram below for further explanation

2.1.5 Forecast horizon diagram

Between today and the forecast horizon (“forecast window”), all stakeholders in resource management commit to reasonable accuracy of data. The aim is to create a reliable data set that can be used to determine true resource capacity, as well as the available resource capacity to meet unplanned, urgent demands.

The image shows a Forecast horizon diagram, with Time on the x-axis and Data completeness on the Y-axis. The time between today and the forecast horizon is labelled as the forecast window. there is a line which descends in small degrees until the Forecast Horizon point, where the line is labelled Reasonable level of completeness.

The image shows a chart that lines up with the sections before and after the Forecast Horizon. In the accuracy row, Data is accurate before the forecast horizon and a rough estimate after. In the planning row, before the horizon is reliable for planning, and can inform high-level planning after the horizon. In the free capacity row, before the horizon, it can be committed to urgent demands, and after the horizon, negotiate for capacity.

Info-Tech Insight

Ensure data accuracy. It is important to note that forecasting a year in advance does not necessarily make your organization more mature, unless you can actually rely on these estimates and use them. It is important to only forecast as far in advance as you can accurately predict.

Determine the update frequency

2.1.6
30 minutes

Input

  • Current practices for work planning, capacity reporting
  • Current practices for project intake, prioritization, and approval
  • RM core dimensions (Activities 2.1.1)

Output

  • Resource management update frequency

Materials

  • RM Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

How often is the allocation data verified, reconciled, and reported for use?

How often will you reconcile and rebalance your allocations? Your update frequency will determine this. It is very much the heartbeat of resource management, dictating how often reports on allocations will be updated and published for stakeholders’ consumption.

How to set this dimension. Determine a realistic frequency with which to update project reports. This will be how you determine who is working on what during each measurement period.

  • Discuss and decide how often the supply-demand gap should be reconciled from the project side vs. the functional side.
    • Keep in mind that the more frequent the reporting period, the more time must go into data maintenance. A monthly frequency requires maintenance at the end of the month, while weekly requires it at the end of each week.
    • Also think about how accurately you can maintain the data. Having a quarterly update frequency may require less maintenance time than monthly, but this information may not stay up to date in between these long stretches.
    • Reports generated at each update frequency should both inform resources on what to work on, what not to work on, and how to prioritize tasks if something unexpected comes up, as well as the steering committee, to help inform project approval decisions.

Finalize the dimensions for your provisional resource management process

2.1.7
10 minutes

Input

  • 7 core dimensions of resource management (Activities 2.1.1-6)

Output

  • Provisional resource management strategy

Materials

  • Resource Management Playbook

Participants

  • CIO
  • PMO Director
  • Project Managers
  • Resource Managers

Document the outputs from the preceding seven activities. These determinations will form the foundation of your resource management strategy, which we will go on to define in more detail in the subsequent steps of this phase.

  • Keep in mind, at this stage your dimensions are provisional and subject to change, pending the outcomes of steps 2.2 and 2.3.
RM Core Dimensions Decision
Default P-NP ratio 40%-60$ + exception by roles
Scope of allocation Individual resource
Allocation cadence Monthly
Granularity of time allocation 4 hours
Granularity of work assignment Projects
Forecast horizon 3 months
Reporting frequency Twice a month

Document these dimensions in Section 1.1 of Info-Tech’s Resource Management Playbook. We will be further customizing this template in steps 2.3 and 3.1.

Step 2.2: Determine the resource management tool that will best support your process

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:

  • Consider the pros and cons of commercial tools vs. spreadsheets as a resource management tool
  • Review the PPM Solution Vendor Demo Script to ensure your investment in a commercial tool meets your resource management needs
  • Jump-start spreadsheet-based resource management with Portfolio Manager Lite

This step involves the following participants:

  • PMO Director / Portfolio Manager
  • Functional / Resource Managers
  • Project Managers

Outcomes of this step

  • Choice of tool to support the resource management process
  • Examination of the commercial tool’s ability to support the resource management process chosen
  • Set-up and initial use of Portfolio Manager Lite for a spreadsheet-based resource management solution

Effective resource management practices require an effective resource management tool

The discipline of resource management has largely become inextricable from the tools that help support it. Ensure that you choose the right tool for your environment.

Resource management depends on the flow of information and data from the project level up to functional managers, project managers, and beyond.

Tools are required to help facilitate this flow, and the project portfolio management landscape is littered with endless time-tracking and capacity management options.

These options can each have their merits and their drawbacks. The success of implementing a resource management strategy very much hinges upon weighing these, and then choosing the right solution for your project eco-system.

  • This first part of this step will help you assess the tool landscape and make the right choice to help support your resource management practices.
  • In the second part of this step, we’ll take a deep-dive into Info-Tech’s Excel-based resource management solution. If you are implementing our solution, these sections will help you understand and set up the tool.

Info-Tech Insight

Establish a book of record. While it is possible to succeed using ad hoc tools and data sources, a centralized repository for capacity data works best. Your tool choice should help establish a capacity book of record to help ensure ongoing reconciliation of supply and demand at the portfolio level.

Get to know your resource management tool options

At a high level, those looking for a resource management solution have two broad options: a commercial project portfolio management (PPM) or time-tracking software on the one hand, and a spreadsheet-based tool, like Google Sheets or Excel, on the other.

Obviously, if your team or department already has access to a PPM or time-tracking software, it makes sense to continue using this, as long as it will accommodate the process that was wireframed in the previous step.

Otherwise, pursue the tool option that makes the most sense given both the strategy that you’ve wireframed and other organizational factors. See the table below and the next section for guidance.

If you’re planning on doing resource allocation by hand, you’re not going to get very far.”

Rachel Burger

Commercial Solutions Spreadsheet-Based Solutions
Description
  • These highly powerful solutions are purchased from a software/service provider.
  • These can be as simple as a list of current projects on a spreadsheet or a more advanced solution with resource capacity analysis.
Pros
  • Extraordinary function
  • Potential for automated roll-ups
  • Collaboration functionality
  • Easy to deploy: high process maturity or organization-wide adoption not required.
  • Lower cost-in-use – in many cases, they are free.
  • Highly customizable.
Cons
  • High process maturity required
  • High cost-in-use
  • Generally expensive to customize
  • Comprehensive, continual, and organization-wide adoption required
  • Easy to break.
  • Typically, they require a centralized deployment with a single administrator responsible for data entry.

Option A: When pursuing commercial options, don’t bite off more functionality than your people can sustain

While commercial options offer the most robust functionality for automation, collaboration, and reporting, they are also costly, difficult to implement, and onerous to sustain over the long run.

It’s not uncommon for organizations to sink vast amounts of money into commercial PPM tools, year after year, and never actually get any usable resource or forecasting data from these tools.

The reasons for this can vary, but in many cases it is because organizations mistake a tool for a PPM or a resource management strategy.

A tool is no substitute for having a clearly defined process that staff can support. Be aware of these two factors before investing in a commercial tool:

  • Visibility cannot be automated. It is not uncommon for CIOs to believe that because they’ve invested in a tool, they have an automated portfolio that enables them to sit back and wait for the data to roll in. With many tools, the challenge is that the calculations driving the rollups have become increasingly unsustainable and irrelevant in our high-autonomy staff cultures and interruption-driven work days.
  • Information does not equal knowledge. While commercial tools have robust reporting features, the data outputs can lead to information overload – and, subsequently, disinterest – unless they are curated and filtered to suit your executive’s needs and expectations.

47%
Of those companies using automated software to assist in resource management, almost half report that those systems failed to accurately calculate resource forecasts.

PM Solutions

Info-Tech Insight

Put process sustainability before enhanced tool functionality.

Ensure that you have sustainable processes in place before investing in an expensive commercial tool. Your tool selection should help facilitate capability-matched processes and serve user adoption.

Trying to establish processes around a tool with a functionality that exceeds your process maturity is a recipe for failure.

Before jumping into a commercial tool, consider some basic parameters for your selection

Use the table below as a starting point to help ensure you are pursuing a resource management tool that is right for your organization’s size and process maturity level.

Tool Category Characteristics # of Users PPM Maturity Sample Vendors
Enterprise tools
  • Higher professional services requirements for enterprise deployment
  • Larger reference customers
1,000> High
  • MS Project Server
  • Oracle Primavera
  • Planisware
Mid-market tools
  • Lower expectation of professional services engaged in initial deployment contract
  • Fewer globally recognizable reference clients
  • Faster deployments
100> Intermediate-to-High
  • Workfront
  • Project Insight
  • Innotas
Entry-level tools
  • Lower cost than mid-market and enterprise PPM tools
  • Limited configurability, reporting, and resource management functionalities
  • Compelling solutions to the organizations that want to get a fast start to a trial deployment
<100 Low-to-Intermediate
  • 5PM
  • AceProject
  • Liquid Planner

For a more in-depth treatment of choosing and implementing a commercial PPM tool to assist with your resource management practice, see Info-Tech’s blueprint, Select and Implement a PPM Solution.

Use Info-Tech’s PPM Solution Vendor Demo Script to help ensure you get the functionality you need

PPM Solution Vendor Demo Script (optional)

To ensure your investment in a commercial tool meets your resource management needs, use Info-Tech’s PPM Solution Vendor Demo Script to structure your tool demos and interactions with vendors.

For instance, some important scenarios to consider when looking at potential tools include:

  • How are overallocation and underallocation situations identified and reconciled in the solution?
  • How are users motivated to maintain their own timesheets (beyond simply being mandated as part of their job); how does the solution and timesheet functionality help team members do their job?
  • How will portfolio-level reports remain useful and accurate despite “zero-adoption” scenarios, in which some or all teams do not actively maintain task and timesheet data?

Any deficiencies in answering these types of questions should alert you to the fact that a potential solution may not adequately meet the needs of your resource management strategy.

Download Info-Tech’s PPM Solution Vendor Demo Script

"[H]ow (are PPM solutions) performing in a matrix organization? Well, there are gaps. There will be employees who do not submit timesheets, who share their time between project and operational activities, and whose reporting relationships do not fit neatly into the PPM database structure. This creates exceptions in the PPM application, and you may just have the perfect solution to a small subset of your problems." – Vilmos Rajda

Option B: When managing resourcing via spreadsheets, you don’t have to feel like you’re settling for the lesser option

Spreadsheets can provide a viable alternative for organizations not ready to invest in an expensive tool or for those not getting what they need from their commercial selections.

When it comes to resource management at a portfolio level, spreadsheets can be just as effective as commercial tools for facilitating the flow of accurate and maintainable resourcing data and for communicating resource usage and availability.

Some of the benefits of spreadsheets over commercials tools include:

  • They are easy to set up and deploy. High process maturity or organization-wide user adoption are not required.
  • They have a low cost-in-use. In the case of Excel, the tool itself comes at no additional cost.
  • They are highly customizable. No development time/costs are required to tweak the solution to suit your needs.

To be clear: spreadsheets have their drawbacks (for instance, they are easy to break, require a centralized data administrator, and are yours and yours alone to maintain). If your department has the budget and the process maturity to support a commercial tool, you should pursue the options covered in the previous sections.

However, if you are looking for a viable alternative to an expensive tool, spreadsheets have the ability to support a rigorous resource management practice.

"Because we already have enterprise licensing for an expensive commercial tool, everyone else thinks it’s logical to start there. I think we’re going to start with something quick and dirty like Excel." – EPMO Director, Law Enforcement Services

Info-Tech Insight

Make the choice to ensure adoption.

When making your selection, the most important consideration across all the solution categories is data maintenance. You must be assured that you and your team can maintain the data.

As soon as your portfolio data becomes inconsistent and unreliable, decision makers will lose trust in your resource data, and the authority of your resource management strategy will become very tenuous.

While spreadsheets offer a viable resource management option, not all spreadsheets are created equal

Lean on Info-Tech’s experience and expertise to get up and running quickly with a superior resource management Excel-based tool: Portfolio Manager Lite 2017.

Spreadsheets are the most common PPM tool – and it’s not hard to understand why: they can be created with minimal cost and effort.

But when something is easy to do, it’s important to keep in mind that it’s also easy to do badly. As James Kwak says in his article, “The Importance of Excel,” “The biggest problem is that anyone can create Excel Spreadsheets—badly.”

  • Info-Tech’s Portfolio Manager Lite 2017 offers an antidote to the deficiencies that can haunt home-grown resource management tools.
  • As an easy-to-deploy, highly evolved spreadsheet-based option, Portfolio Manager Lite enables you to mature your resource management processes, and provide effective resource visibility without the costly upfront investment.

Download Info-Tech’s Portfolio Manager Lite 2017

Info-Tech Insight

Balance functionality and adoption. Clients often find it difficult to gain adoption with commercial tools. Though homegrown solutions may have less functionality, the higher adoption level can make up for this and also potentially save your organization thousands a year in licensing fees.

Determine your resource management solution and revisit your seven dimensions of resource management

2.2.1
Times will vary

Participants

  • PMO Director

Based on input from the previous slides, determine the resource management solution option you will pursue and implement to help support your resource management strategy. Record this selection in section 1.2 of the Resource Management Playbook.

  • You may need to revisit the decisions made in step 2.1 to consider if the default values for your seven core dimensions of resource management are still sound. Keep these current and relevant as you become more familiar with your resource management solution.
RM Core Dimensions Default Value
Default P-NP ratio Role-specific
Scope of allocation Individual resource
Allocation cadence Monthly
Granularity of allocation (not defined)
Granularity of work assignment Project
Forecast horizon 6 months
Reporting frequency (not defined)

Portfolio Manager Lite has comprehensive sample data to help you understand its functions.

As you can see in this table, the tool itself assumes five of the seven resource management core dimensions. You will need to determine departmental values for granularity of allocation and reporting frequency. The other dimensions are determined by the tool.

If you’re piloting Info-Tech’s Portfolio Manager Lite, review the subsequent slides in this step before proceeding to step 2.3. If you are not piloting Portfolio Manager Lite, proceed directly to step 2.3.

Overview of Portfolio Manager Lite

Portfolio Manager Lite has two set-up tabs, three data entry tabs, and six output-only tabs. The next 15 slides show how to use them. To use this tool, you need Excel 2013 or 2016. If you’re using Excel 2013, you must download and install Microsoft Power Query version 2.64 or later, available for download from Microsoft.

The image shows an overview of the Portfolio Manager Lite tool. It shows the Input and Data Tabs on the left, and output tabs on the right. The middle of the graphic includes guidance to ensure that you refresh the outputs after each data entry, by using the Refresh All button

Observe “table manners” to maintain table integrity and prevent Portfolio Manager Lite malfunctions

Excel tables enable you to manage and analyze a group of related data. Since Portfolio Manager Lite uses tables extensively, maintaining the table’s integrity is critical. Here are some things to know for working with Excel tables.

Do not leave empty rows at the end.

Adjust the sizing handle to eliminate empty rows.

Always paste values.

Default pasting behavior can interrupt formula references and introduce unwanted external links. Always right-click and select Paste Values.

Correctly add/remove rows within a table.

Do not use row headings; instead, always right-click inside a table to manipulate table rows.

Set up Portfolio Manager Lite

2.2.1
Portfolio Manager Lite, Tab 2a: Org Setup

The Org Setup tab is divided into two sections, Resources and Projects. Each section contains several categories to group your resources and projects. Items listed under each category will be available via drop-down lists in the data tabs.

These categorizations will be used later to “slice” your resource allocation data. For example, you’ll be able to visualize the resource allocations for each team, for each division, or for each role.

The image shows a screenshot of Tab 2a, with sample information filled in.

1. Role and Default Non-Project Ratio columns: From the Supply-Demand Calculator, copy the list of roles, and how much of each role’s time is spent on non-projects by default (see below; add the values marked with yellow arrows).

2. Resource Type column: List the type of resource you have available.

3. Team and Skill columns: List the teams, and skills for your resources.

In the Resources tab, items in drop-down lists will appear in the same order as shown here. Sort them to make things easy to find.

Do not delete tables you won’t use. Instead, leave or hide tables.

Set up Portfolio Manager Lite (continued)

2.2.1
Portfolio Manager Lite, Tab 2a: Org Setup

The projects section of the Org Setup tab contains several categories for entering project data. Items listed under each category will be available via drop-down lists in the Projects tab. These categorizations will be used later to analyze how your resources are allocated.

The image shows the projects sections of Tab 2a.

1. Project Type: Enter the names of project types, in which projects will be grouped. All projects must belong to a type. Examples of types may include sub-portfolios or programs.

2. Project Category: Enter the names of project categories, in which projects will be grouped. Unlike types, category is an optional grouping.

3. Phase: Enter the project phases. Ensure that your phases list has “In Progress” and “Complete” options. They are needed for the portfolio-wide Gantt chart (the Gantt tab).

4. Priority and Status: Define the choices for project priorities and statuses if necessary (optional).

5. Unused: An extra column with predefined choices is left for customization (optional).

Set up Portfolio Manager Lite (continued)

2.2.1
Portfolio Manager Lite, Tab 2b: Calendar Setup

Portfolio Manager Lite is set up for a monthly allocation cadence out of the box. Use this tab to set up the start date, the default resource potential capacity, and the months to include in your reports.

The image shows fields in the calendar set-up section of Tab 2a, with a Start Date and Hours Assumed per day.

1. Enter a start date for the calendar, e.g. start of your fiscal or calendar year.

2. Enter how many hours are assumed in a working day. It is used to calculate the default maximum available hours in a month.

The image shows the Calendar section of tab 2a, with sample information filled in.

Maximum Available Hours, Weekdays, and Business Days are automatically generated.

The current month is highlighted in green.

3. Enter the number of holidays to correct the number of business days for each month.

Year to Date Reporting and Forecast Reporting ranges are controlled by this table. Use the period above Maximum Available Hours.

The image shows the Year-to-Date and Forecast Reporting sections.

Info-Tech Best Practice

Both Portfolio Manager Lite and Portfolio Manager 2017 can be customized for non-monthly resource allocation. Speak to an Info-Tech analyst to ask for more information.

Enter resource information and their total capacity

2.2.2
Portfolio Manager Lite, Tab 3: Resources

Portfolio Manager Lite is set up for allocating time to individual resources out of the box. Information on these resources is entered in the Resources tab. It has four sections, arranged horizontally.

1. Enter basic information on your resources. Resource type, team, role, and skill will be used to help you analyze your resource data.

The image shows a screenshot of the Resources tab with sample information filled in.

Ensure that the resource names are unique.

Sort or filter the table using the filter button in the header row.

2. Their total capacity in work-hours is automatically calculated for each month, using the default numbers from the Calendar Setup tab. If necessary, overwrite the formula and enter in custom values.

The image shows a screenshot of the total capacity in work-hours, with sample info filled in.

Cells with less than 120 hours are highlighted in blue.

Do not add or delete any columns, or modify this header row.

Enter out-of-office time and non-project time for your resources

2.2.2
Portfolio Manager Lite, Tab 3: Resources

3. Enter the resources’ out-of-office time for each month, as they are reported.

The image shows the Absence (hours) section, with sample information filled in.

Do not add or delete any columns, or modify the header row, below the dates.

4. Resources’ percentages of time spent on non-projects are automatically calculated, based on their roles’ default P-NP ratios. If necessary, overwrite the formula and enter in custom values.

The image shows the Non-Project Ratio section, with sample information filled in.

Do not add or delete any columns, or modify the header row, below the dates.

Populate your project records

2.2.3
Portfolio Manager Lite, Tab 4: Projects

Portfolio Manager Lite is set up for allocating time to projects out of the box. Information on these projects is entered in the Projects tab.

1. Enter project names and some basic information. These fields are mandatory.

The image shows the section for filling in project names and basic information in the Projects tab. The image shows the table with sample information.

Ensure that the project names are unique.

Do not modify or change the headers of the first seven columns. Do not add to or delete these columns.

2. Continue entering more information about projects. These fields are optional and can be customized.

The image shows a section of the Projects tab, where you fill in more information.

Headers of these columns can be changed. Extra columns can be added to the right of the Status column if desired. However, Info-Tech strongly recommends that you speak to an Info-Tech analyst before customizing.

The Project Category, Phase, and Priority fields are entered using drop-down lists from the Org Setup tab.

Allocate your resource project capacity to projects

2.2.4
Portfolio Manager Lite, Tab 5: Allocations

Project capacity for each resource is calculated as follows, using the data from the Resources tab:

Project capacity = (total project capacity – absence) x (100% – non-project%)

In the Allocations tab, project capacity is allocated in percentages with 100% representing the allocation of all available project time of a resource to a project.

This allocation-by-percentage model has some advantages and drawbacks:

Advantages

  • Allocating all available project capacity to project is straightforward
  • Easy for project managers to coordinate with each other (e.g. “Jon’s project time will be split 50%-50% between two projects” = enter 50% allocation to each project)

Drawbacks

  • How many hours is represented by a percentage of someone’s capacity is unclear
  • Must check whether enough work-hours are allocated for what’s needed (e.g. “Deliverable A needs 20 hours of work from Jon in November. Is 50% of his project capacity enough?”)

The Allocations tab has a few features to help you mitigate these disadvantages.

Info-Tech Best Practice

For organizations with lower resource management practice maturity, start with percentages. In Portfolio Manager 2017, allocations are entered in work-hours to avoid the above drawbacks altogether, but this may require a higher practice maturity.

Enter your resource project capacity allocations

2.2.4
Portfolio Manager Lite, Tab 5: Allocations

A line item in the Allocations tab requires three pieces of information: a project, a resource, and the percentage of project capacity for each month.

The image shows a screenshot from the Allocations tab, with sample information filled in.

1. Choose a project. Type, Start date, and End date are automatically displayed.

2. Choose a resource. Team is automatically displayed.

This image is another screenshot of the Allocations tab, showing the section with dates, with sample information filled in.

3. Enter the resource’s allocated hours for the project in percentages.

Built-in functions in the Allocations tab display helpful information for balancing project supply and demand

2.2.4
Portfolio Manager Lite, Tab 5: Allocations

The Allocations tab helps you preview the available project capacity of a resource, as well as the work-hours represented by each allocation line item, to mitigate the drawbacks of percentage allocations.

In addition, overallocations (allocations for a given month add up to over 100%) are highlighted in red. These functions help resource managers balance the project supply and demand.

The image shows a screenshot of the Allocations tab, with sample information filled in.

To preview a resource’s project capacity in work-hours, choose a resource using a drop down. The resource’s available project capacity for each month is displayed to the right.

Sort or filter the table using the filter button in the header row. Here, the Time table is sorted by Resource.

The total work-hours for each line item is shown in the Hours column. Here, 25% of Bethel’s project capacity for 4 months adds up to only 16 work-hours for this project.

A resource is overallocated when project capacity allocations add up to more than 100% for a given month. Overallocations are highlighted in red.

Get the timeline of your project portfolio with the Gantt chart tab

2.2.5
Portfolio Manager Lite, Tab 6: Gantt

The Gantt tab is a pivot-table-driven chart that graphically represents the start and end dates of projects and their project statuses.

The image shows a screenshot of the Gantt tab, with sample information filled in.

Filter entries by project type above the chart.

The current month (9-17) is highlighted.

You can filter and sort entries by project name, sponsor, or project manager.

In progress (under Phase column) projects show the color of their overall status.

Projects that are neither completed nor in progress are shown in grey.

Completed (under Phase column) projects are displayed as black.

Get a bird’s-eye view of your available project capacity with the Resource Load tab

2.2.6
Portfolio Manager Lite, Tab 7: Resource Load

The Resource Load tab is a PivotTable showing the available project capacity for each resource.

The image is a screenshot of the Resource Load tab, with sample information filled in.

Change the thresholds for indicating project overallocation at the top right.

You can filter and sort entries by resource or role.

Values in yellow and red highlight overallocation.

Values in green indicate resource availability.

This table provides a bird’s-eye view of all available project capacity. Highlights for overallocated resources yield a simple heat map that indicates resourcing conflicts that need attention.

The next two tabs contain graphical dashboards of available capacity.

Tip: Add more resource information by dragging a column name into the Rows box in the PivotTable field view pane.

Example: add the Team column by dragging it into the Rows box

The image shows a screenshot demonstrating that you can add a Team column.

Analyze your resource allocation landscape with the Capacity Slicer tab

2.2.7
Portfolio Manager Lite, Tab 8: Capacity Slicer

The Capacity Slicer tab is a set of pivot charts showing the distribution of resource allocation and how they compare against the potential capacity.

The image shows a collection of 5 graphs and charts, showing the distribution of resource allocation, and compared against potential capacity.

At the top left of each chart, you can turn Forecast Reporting on (true) or off (false). For Year to Date reporting, replace Forecast with YTD in the Field View pane’s Filter field.

In the Allocated Capacity, in % chart, capacity is shown as a % of total available capacity. Exceeding 100% indicates overallocation.

In the Realized Project Capacity, in hours chart, the vertical axis is in work-hours. This gap between allocation and capacity represents available project capacity.

The bottom plots show how allocated project capacity is distributed. If the boxes are empty, no allocation data is available.

Use the Team slicer to drill down on resource capacity and allocation by groups of resources

2.2.7
Portfolio Manager Lite, Tab 8: Capacity Slicer

A slicer filters the data shown in a PivotTable, a PivotChart, or other slicers. In this tab, the team slicer enables you to view resource capacity and allocation by each team or for multiple teams.

The image shows a sample graph.

The button next to the Team header enables multiple selection.

The next button to the right clears the filter set by this slicer.

All teams with capacity or allocation data are listed in the slicers.

For example, if you select "App Dev":

The image shows the same graph as previously shown, but this time with only App Dev selected in the left-hand column.

The vertical axis scales automatically for filtered data.

The capacity and allocation data for all application division teams is shown.

Resources not in the App Dev team are filtered out.

Drill down on individual-level resource allocation and demand with the Capacity Locator tab

2.2.8
Portfolio Manager Lite, Tab 9: Capacity Locator

The Capacity Locator tab is a group of PivotCharts with multiple slicers to view available project capacity.

For example: click on “Developer” under Role:

The image shows the list of slicers available using the Capacity Locator tab.

The image shows a series of graphs produced in the Capacity Locator tab.

Primary skills of all developers are displayed on the left in the Primary Skill column. You can choose a skill to narrow down the list of resources from all developers to all developers with that skill.

The selected resources are shown in the Resources column. Data on the right pertains to these resources.

  • The top left graph shows the average available project capacity for all selected resources.
  • The top right graph shows the sum of all available capacity from all selected resources.
  • In the lower left graph, pay attention to available total capacity, as selected resources may have significant non-project demands.
  • The lower right graph shows the number of assigned projects. Control the number of concurrent projects to reduce the need for multitasking and optimize your resource use.

Where you see the filter button with an x, you can clear the filter imposed by this slicer.

Check how your projects are resourced with the Project Viewer tab

2.2.9
Portfolio Manager Lite
, Tab 10: Project Viewer

The Project Viewer tab is a set of PivotCharts with multiple slicers to view how resources are allocated to different projects.

The image shows a screenshot of the Project Viewer tab, with a bar graph at the top, filter selections at the bottom left, and four pie charts at the bottom right.

Filtering by sponsor or project manager is useful for examining a group of projects by accountability (sponsor) or responsibility (project manager).

The graphs show how project budgets are distributed across different categories and priorities of projects, and how resource allocations are distributed across different categories and priorities of projects.

Report on your project portfolio status with the Project Updates tab

2.2.10
Portfolio Manager Lite
, Tab 11: Project Updates

The Project Updates tab is a PivotTable showing various fields from the Projects table to rapidly generate a portfolio-wide status report. You can add or remove fields from the Projects table using the PivotTable’s Field View pane.

The image shows a screenshot of a large table, which is the Project Updates tab. A selection is open, showing how you can filter entries.

Filter entries by phase. The screenshot shows an expansion of this drop down at the top left.

Rearrange the columns by first clicking just below the header to select all cells in the column, and then dragging it to the desired position. Alternatively, arrange them in the Field View pane.

Tools and other requirements needed to complete the resource management strategy

2.2.11
10 minutes

  • Recommended: If you are below a level 4 on Info-Tech’s resource management maturity scale, use Info-Tech’s Portfolio Manager Lite to start.
  • Use a commercial PPM tool if you already have one in use and feel that you can accurately maintain the data in this tool.
  • Use this chart to estimate the amount of time it will take to accurately maintain the data for each reporting period.
    • Determine who will be responsible for this maintenance.
    • If there is no one currently available to maintain the data, allocate time for someone or you may even need a portfolio analyst.
    • We will confirm roles and responsibilities in phase 3.
Maturity Level Dimensions Time needed per month
Small (1-25 employees) Medium (25-75) Large (75-100) Enterprise (100+)
1-2 %, team, project, monthly update, 1 month forecast 2 hours 6 hours 20 hours 50 hours
3-4 %, person, phase, weekly update, 1 quarter forecast 4 hours 12 hours 50 hours 150 hours
5 %, person, task, continuous update, 1 year forecast 8+ hours 20+ hours 100+ hours 400+ hours

See also: Grow Your Own PPM Solution with Info-Tech’s Portfolio Manager 2017

Join hundreds of Info-Tech clients who are successfully growing their own PPM solution.

If you are looking for a more robust resource management solution, or prefer to allocate staff time in hours rather than percentages, see Info-Tech’s Portfolio Manager 2017.

Similar to Portfolio Manager Lite, Portfolio Manager 2017 is a Microsoft Excel-based PPM solution that provides project visibility, forecasting, historical insight, and portfolio analytics capabilities for your PMO without a large upfront investment for a commercial solution.

Watch Info-Tech’s Portfolio Manager 2017 Video – Introduction and Demonstration.

System Requirements

To use all functions of Portfolio Manager 2017, you need Excel 2013 or Excel 2016 running on Windows, with the following add-ins:

  • Power Query (Excel 2013 only)
  • Power Pivot
  • Power View

Power View is only available on select editions of Excel 2013 and 2016, but you can still use Portfolio Manager 2017 without Power View.

If you are unsure, speak to your IT help desk or an Info-Tech analyst for help.

For a new PMO, start with the new reality

CASE STUDY

Industry Law Enforcement

Source Info-Tech Client

Because we already have enterprise licensing for an expensive commercial tool, everyone else thinks it’s logical to start there. I think we’re going to start with something quick and dirty like Excel.” – EPMO Director, Law Enforcement Services

Situation

  • This was an enterprise PMO, but with relatively low organizational maturity.
  • The IT department had relatively high project management maturity, but the enterprise was under-evolved at the portfolio level.
  • Other areas of the organization already had licensing and deployment of a top-tier commercial PPM tool.
  • There were no examples of a resource management practice.

Complication

  • There was executive visibility on larger and more strategic projects.
  • There were no constraints on the use of resources for smaller projects.
  • The PMO was generally expected to provide project governance with their limited resources.
  • The organization lacked an understanding of the difference between project and portfolio management. Consequently, it was difficult to create resource management practices at the portfolio level due to a lack of resourcing.

Resolution

  • The organization deferred the implementation of the commercial PPM tool.
  • They added high-level resource management using spreadsheets.
  • Executive focus was reoriented around overall resource capacity as the principle constraint for project approvals.
  • They introduced deeper levels of planning granularity over time.
  • When the planning granularity gets down to the task level, they move toward the commercial solution.

Step 2.3: Build process steps to ensure data accuracy and sustainability

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:
  • Draft a high-level resource management workflow
  • Build on the workflow to determine how data will be collected at each step, and who will support the process
  • Document your provisional resource management process
This step involves the following participants:
  • PMO Director / Portfolio Manager
  • Functional / Resource Managers
  • Project Managers
Outcomes of this step
  • A high-level resource management workflow, customized from Info-Tech’s sample workflow
  • Process for collecting resource supply data for each reporting period
  • Process for capturing the project demand within each reporting period
  • Process for identifying and documenting resource constraints and issues for each reporting period
  • Standard protocol for resolving resource issues within each reporting period
  • Process for finalizing and communicating resource allocations for the forecast window
  • A customized Resource Management Playbook, documenting the standard operating procedure for the processes

Make sustainability the goal of your resource management practices

A resource management process is doing more harm than good if it doesn’t facilitate the flow of accurate and usable data week after week, month after month, year after year.

When resource management strategies fail, it can typically be tied back to the same culprit: unrealistic expectations from the outset.

If a resource management process strives for a level of data precision that staff cannot juggle day to day, over the long run, then things will eventually fall apart as staff and decision makers alike lose faith in the data and the relevancy of the process.

Two things can be done to help avoid this fate:

  1. Strive for accuracy over precision. If your department’s process maturity is low, and staff are ping-ponged from task to task, fire to fire, throughout any given day, then striving for precise data is ill advised. Keep your granularity of allocation more high level, and strive for data that is “maintainably” accurate rather than “unmaintainably” precise.
  2. Keep the process simple. Use the advice in this step to develop a sustainable process, one that is easy to follow with clearly defined responsibilities and accountabilities at each step.

Info-Tech Insight

It's not about what you put together as a one-time snapshot. It's about what you can and will maintain every week, even during a crisis. When you stop maintaining resource management data, it’s nearly impossible to catch up and you’re usually forced to start fresh.

Maintain reliable resourcing data with an easy-to-follow, repeatable process

Info-Tech recommends following a simple five-step process for resource management.

1. Collect resource supply data

  • Resources
  • Resource Managers

2. Collect project demand data

  • Resource Managers
  • Project Managers
  • PMO

3. Identify sources of supply/demand imbalance

  • PMO

4. Resolve conflicts and balance project and non-project allocations

  • Resource Managers
  • Project Managers
  • PMO
  • Steering Committee, CIO, other executives

5. Approve allocations for forecast window

  • PMO
  • Steering Committee, CIO, other executives

This is a sample workflow with sample roles and responsibilities. This step will help you customize the appropriate steps for your department.

Info-Tech Insight

This process aims to control the resource supply to meet the demand – project and non-project alike. Coordinate this process with other portfolio management processes, ensuring that up-to-date resource data is available for project approval, portfolio reporting, closure, etc.

Draft your own high-level resource management workflow

2.3.1
60 to 90 minutes

Participants

  • Portfolio Manager
  • Project Managers
  • Resource Managers
  • Business Analysts

Input

  • Process data requirements

Output

  • High-level description of your target-state process

Materials

  • Whiteboard or recipe cards

Conduct a table-top planning exercise to map out, at a high-level, your required and desired process steps.

While Info-Tech recommends a simple five-step process (see previous slide), you may need to flesh out your process into additional steps, depending upon the granularity of your seven dimensions and the complexity of your resource management tool. A table-top planning exercise can be helpful to ensure the right process steps are covered.

  1. On a whiteboard or using white 4x6 recipe cards, write the unique steps of a resource management process. Use the process example at the bottom of this slide as a guide.
  2. Use a green marker or green cards to write artifacts or deliverables that result from each step.
  3. Use a red marker or red cards to address potential issues, problems, or risks that you can foresee at each step.

For the purposes of this activity, avoid getting into too much detail by keeping to your focus on the high-level data points that will be required to keep supply and demand balanced on an ongoing basis.

"[I]t’s important not to get too granular with your time tracking. While it might be great to get lots of insight into how your team is performing, being too detailed can eat into your team’s productive work time. A good rule of thumb to work by is if your employees’ timesheets include time spent time tracking, then you’ve gone too granular."

Nicolas Jacobeus

Use Info-Tech’s Resource Management Playbook to help evolve your high-level steps into a repeatable practice

Once you’ve determined a high-level workflow, you’ll need to flesh out the organizational details for how data will be collected at each step and who will support the process.

Use Info-Tech’s Resource Management Playbook to help determine and communicate the “who, what, when, where, why, and how” of each of your high-level process steps.

The playbook template is intended to function as your resource management standard operating procedure. Customize Section 3 of the template to record the specific organizational details of how data will be collected at each process step, and the actions and decisions the data collection process will necessitate.

  • Activities 2.3.2-2.3.6 in this step will help you customize the process steps in Info-Tech’s five-step resource management model and record these in the template. If you developed a customized process in activity 2.3.1, you will need to add to/take away from the activity slides and customize the template accordingly.
  • Lean on the seven dimensions of resource management that you developed in step 2.1 to determine the cadence and frequency of data collection. For instance, if your update frequency is monthly, you will need to ensure you collect your supply-demand data prior to that, giving yourself enough time to analyze it and reconcile imbalances with stakeholders before refreshing your monthly reporting data.

Download Info-Tech’s Resource Management Playbook

How the next five activities will help you develop your playbook

2.3 Resource Management Playbook

Each of the slides for activities 2.3.2-2.3.6 are comprised of a task-at-a glance box as well as “important decisions to document” for each step.

Work as a group to complete the task-at-a-glance boxes for each step. Use the “important decisions to document” notes to help brainstorm the “how” for each step. These details should be recorded below the task-at-a-glance boxes in the playbook – see point 6 in the legend below.

Screenshot of Section 3 of the RM Playbook.

The image shows a screenshot of Section 3 of the RM Playbook. A legend is included below.

Screenshot Legend:

  1. Review your existing steps, tools, and templates used for this task. Alternatively, review the example provided in the RM Playbook.
  2. Designate the responsible party/parties for this process. Who carries out the task?
  3. Document the inputs and outputs for the task: artifacts, consulted and informed parties.
  4. If applicable, document the tools and templates used for the task.
  5. Designate the accountable party for this task. Only a single party can be accountable.
  6. Describe the “how” of the task below the Task-at-a-Glance table.

Step one: determine the logistics for collecting resource supply data for each reporting period

2.3.2
20 minutes

Step one in your resource management process should be ensuring a perpetually current view into your resource supply.

Resource supply in this context should be understood as the time, per your scope of allocation (i.e. individual, team, skill, etc.) that is leftover or available once non-project demands have been taken out of the equation. In short, the goal of this process step is to determine the non-project demands for the forecast period.

The important decisions to document for this step include:

  1. What data will be collected and from whom? For example, functional managers to update resource potential capacity and non-project resource allocations.
  2. How often will data be collected and when? For example, data will be collected third Monday of the month, three days before our monthly update frequency.
  3. How will the data be collected? For example, tool admin to send out data to update on third Monday; resource managers update the data and email back to tool admin.

Document your process for determining resource supply in Section 3.1 of Info-Tech’s Resource Management Playbook.

Task-at-a-glance:

Inputs Artifacts i.e. historical usage data
Consulted i.e. project resources
Tools & Templates i.e. time tracking template
Outputs Artifacts i.e. updated template
Informed i.e. portfolio analyst
Timing i.e. every second Monday
Responsible i.e. functional managers
Accountable i.e. IT directors

Step two: map out how project demand will be captured within each reporting period

2.3.3
20 minutes

Step two in your resource management process will be to determine the full extent of project demand for your forecast period.

Project demand in this context can entail both in-flight projects as well as new project plans or new project requests that are proposing to consume capacity during the forecast period. In short, the goal of this process step is to determine all of the project demands for the forecast period.

The important decisions to document for this step include:

  1. What data will be collected and from whom? For example, project managers to update project allocations for in-flight projects, and PMO will provide proposed allocations for new project requests.
  2. How often will data be collected and when? For example, data will be collected third Tuesday of the month, two days before our monthly update frequency.
  3. How will the data be collected? For example, tool admin to send out data to update on third Tuesday; project managers update the data and email back to tool admin.

Document your process for determining project demand in Section 3.2 of Info-Tech’s Resource Management Playbook.

Task-at-a-glance

Inputs Artifacts i.e. historical usage data
Consulted i.e. project resources
Tools & Templates i.e. project demand template
Outputs Artifacts i.e. updated demand table
Informed i.e. portfolio analyst
Timing i.e. every second Monday
Responsible i.e. project managers
Accountable i.e. PMO director

Step three: record how resource constraints and issues for each reporting period will be identified and documented

2.3.4
20 minutes

Step three in your resource management process will be to analyze your resource supply and project demand data to identify points of conflict.

Once the supply-demand data has been compiled, it will need to be analyzed for points of imbalance and conflict. The goal of this process step is to analyze the raw data and to make it consumable by other stakeholders in preparation for a reconciliation or rebalancing process.

The important decisions to document for this step include:

  1. How will the data be checked for inaccuracies? For example, tool admin to enter and QA data; reach out by the following Wednesday at noon with inconsistencies; managers to respond no later than next day by noon.
  2. What reports will employed? For example, a refreshed demand spreadsheet will be made available.
  3. What is an acceptable range for over- and under-allocations? For example, the acceptable tolerance for allocation is 15%; that is, report only those resources that are less than 85% allocated, or more than 115% allocated.

Document your process for identifying resource constraints and issues in Section 3.3 of Info-Tech’s Resource Management Playbook.

Task-at-a-glance

Inputs Artifacts i.e. supply/demand data
Consulted i.e. no one
Tools & Templates i.e. Portfolio Manager Lite
Outputs Artifacts i.e. list of issues
Informed i.e. no one
Timing i.e. every second Tuesday
Responsible i.e. portfolio analyst
Accountable i.e. PMO director

Step four: establish a standard protocol for resolving resource issues within each reporting period

2.3.5
20 minutes

Step four in your resource management process should be to finalize your capacity management book of record for the reporting period and prepare recommendations for resolving conflicts and issues.

The reconciliation process will likely take place at a meeting amongst the management of the PMO and representatives from the various functional groups within the department. The goal of this step is to get the right roles and individuals to agree upon proposed reconciliations and to sign-off on resource allocations.

The important decisions to document for this step include:

  1. What reports will be distributed and in what form? For example, refreshed spreadsheet will be available on the PMO SharePoint site.
  2. When will the reports be generated and for whom? For example, fourth Tuesday of the month, end of day – accessible for all managers.
  3. Who has input into how conflicts should be resolved? For example, conflicts will be resolved at monthly resource management meeting. All meeting participants have input, but the PMO director will have ultimate decision-making authority.

Document your process for resolving resource constraints and issues in Section 3.4 of Info-Tech’s Resource Management Playbook.

Inputs Artifacts i.e. meeting agenda
Consulted i.e. meeting participants
Tools & Templates i.e. capacity reports
Outputs Artifacts i.e. minutes and resolutions
Informed i.e. steering committee
Timing i.e. every second Thursday
Responsible i.e. PMO director
Accountable i.e. CIO

Step five: record how resource allocations will be finalized and communicated for the forecast window

2.3.6
20 minutes

The final step in your resource management process is to clarify how resource allocations will be documented in your resource management solution and reported to the department.

Once a plan to rebalance supply and demand for the reporting period has been agreed on, you will need to ensure that the appropriate data is updated in your resource management book of record, and that allocation decisions are communicated to the appropriate stakeholders.

The important decisions to document for this step include:

  1. Who has ultimate authority for allocation decisions? For example, the CIO has final authority when conflicts need to be escalated and must approve all allocations for the forecast period.
  2. Who will update the book of record and when? For example, the tool admin will update the data before the end of the day following the resource management meeting.
  3. Who needs to be informed and of what? For example, resource plans will be updated in SharePoint for resources and managers to review.

Document your process for approving and finalizing allocation in Section 3.5 of Info-Tech’s Resource Management Playbook.

Task-at-a-glance

Inputs Artifacts i.e. minutes and resolutions
Consulted i.e. CIO, IT directors
Tools & Templates i.e. Portfolio Manager Lite
Outputs Artifacts i.e. updated availability table
Informed i.e. steering committee
Timing i.e. every second Friday
Responsible i.e. portfolio analyst
Accountable i.e. PMO director

Finalize your provisional resource management process in the Playbook Template

2.3 Resource Management Playbook

Use Info-Tech’s Resource Management Playbook to solidify your processes in a formalized operating plan.

Throughout this phase, we have been customizing sections 1, 2, and 3 of the Resource Management Playbook.

Before we move to pilot and implement your resource management strategy in the next phase of this blueprint, ensure that sections 1-3 of your playbook have been drafted and are ready to be communicated and shared with stakeholders.

  • Avoid getting too granular in your process requirements. Keep it to high-level data requirements. Imposing too much detail in your playbook is a recipe for failure.
  • The playbook should remain provisional throughout your pilot phase. Aspects of your process will likely need to be changed or tweaked as they are met with some day-to-day realities. As with any “living document,” it can be helpful to explicitly assign responsibilities for updating the playbook over the long term to ensure it stays relevant.

"People are spending far more time creating these elaborate [time-tracking] systems than it would have taken just to do the task. You’re constantly on your app refiguring, recalculating, re-categorizing... A better strategy would be [returning] to the core principles of good time management…Block out your calendar for the non-negotiable things. [Or] have an organized prioritized task list." – Laura Stack (quoted in Zawacki)

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.1 Wireframe a resource management strategy using Info-Tech’s seven dimensions of resource management

Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

2.3 Draft a high-level resource management workflow and elaborate it into a repeatable practice

Customize Info-Tech’s five-step resource management process model. Then, document how the process will operate by customizing the Resource Management Playbook.

Phase 3

Implement Sustainable Resource Management Practices

Phase 3 outline

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 3: Implement Sustainable Resource Management Practices

Proposed Time to Completion (in weeks): 4-12 weeks

Step 3.1: Pilot your resource management process

Start with an analyst kick-off call:

  • Review your resource management dimensions and tools
  • Review your provisional resource management processes
  • Discuss your ideas for a pilot

Then complete these activities…

  • Select receptive project/functional managers to work with
  • Define the scope of your pilot and determine logistics
  • Finalize resource management roles and responsibilities

With these tools & templates:

  • Process Pilot Plan Template
  • Resource Management Playbook
  • Project Portfolio Analyst Job Description
Step 3.2: Plan to engage your stakeholders

Review findings with analyst:

  • Results of your pilot, team feedback, and lessons learned
  • Your stakeholder landscape

Then complete these activities…

  • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
  • Plan for next steps

With these tools & templates:

  • Resource Management Playbook

Phase 3 Results & Insights:

Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

Step 3.1: Pilot your resource management process to assess viability

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:

  • Select receptive project and functional managers to work with during your pilot
  • Define the scope of your pilot and determine logistics
  • Plan to obtain feedback, document lessons learned, and create an action plan for any changes
  • Finalize resource management roles and responsibilities

This step involves the following participants:

  • CIO
  • PMO Director / Portfolio Manager
  • Project Managers
  • Resource Managers

Outcomes of this step

  • A pilot team
  • A process pilot plan that defines the scope, logistics, and process for retrospection
  • Roles, responsibilities, and accountabilities for resource management
  • Project Portfolio Analyst job description template

Pilot your new processes to test feasibility and address issues before a full deployment

Adopting the right set of practices requires a significant degree of change that necessitates buy-in from varied stakeholders throughout IT and the business.

Rome wasn’t built in a day. Similarly, your visibility into resource usage and availability won’t happen overnight.

Resist the urge to deploy a big-bang rollout of your research management practices. This approach is ill advised for two main reasons:

  • It will put more of a strain on the implementation team in the near term, with a larger pool of end users to train and collect data from.
  • Putting untested practices in a department-wide spotlight could lead to mass confusion in the near-term and color the new processes in a negative light, leading to a loss of stakeholder trust and engagement right out of the gate.

Start with a pilot phase. Identify receptive project managers and functional managers to work with, and leverage their insights to help iron out the kinks in your process before unveiling your practices to IT and business users at large.

This step will help you:

  • Plan and execute a pilot of the processes we developed in Phase 2.
  • Incorporate the lessons learned from that pilot to strengthen your playbook and ease the communication process.

Info-Tech Insight

Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

Plan your pilot like you would any project to ensure it’s well defined and its goals are clearly articulated

Use Info-Tech’s Process Pilot Plan Template to help define the scope of your pilot and set appropriate goals for the test run of your new processes.

A process pilot is a limited scope of an implementation (constrained by time and resources involved) to test the viability and effectiveness of the process as it has been designed.

  • Investing time and energy into a pilot phase can help to lower implementation risk, enhance the details and steps within a process, and improve stakeholder relations prior to a full scale rollout.
  • More than a dry run, however, a pilot should be approached strategically and planned out to limit the scope of it and achieve specific outcomes.
  • Leverage a planning document to ensure your process pilot is grounded in a common set of definitions, that the pilot is delivering value and insight, and that ultimately the pilot can serve as a starting point for a full-scale process implementation.

"The advantages to a pilot are several. First, risk is constrained. Pilots are closely monitored so if a problem does occur, it can be fixed immediately. Second, the people working in the pilot can become trainers as you roll the process out to the rest of the organization. Third, the pilot is another opportunity for skeptics to visit the pilot process and learn from those working in it. There’s nothing like seeing a new process working for people to change their minds." – Daniel Madison

Download Info-Tech’s Process Pilot Plan Template

Select receptive project and functional managers to work with during your pilot

3.1.1
20 to 60 minutes

Input

  • Project management staff and functional managers

Output

  • Pilot project teams

Materials

  • Stakeholder Engagement Workbook
  • Process Pilot Plan Template

Participants

  • Process owner (PMO director or portfolio owner)
  • CIO

Info-Tech recommends selecting project managers and functional managers who are aware of your role and some of the supply-demand challenges to assist in the implementation process.

  1. If receptive project and functional managers are known, schedule a 15-minute meeting with them to inquire if they would be willing to be part of the pilot process.
  2. If receptive project managers are not known, use Info-Tech’s Stakeholder Engagement Workbook to conduct a formal selection process.
    1. Enter a list of potential pilot project managers in tab 3.
    2. Rate project managers in terms of influence, pilot interest, and potential deployment contribution within tab 4.
    3. Review tab 5 in the workbook. Receptive project managers will appear in the top quadrants. Ideal project managers for the pilot are located in the top right quadrant of the graph.

Document the project and functional managers involved in your pilot in Section 3 of Info-Tech’s Process Pilot Plan Template.

Define the scope of your pilot and determine logistics

Input

  • Sections 1 through 4 of the Process Pilot Plan Template

Output

  • A process pilot plan

Materials

  • Process Pilot Plan Template

Participants

  • Process Owner (PMO Director or Portfolio Owner)
  • CIO
  • Project and Resource Managers

Use Info-Tech’s Process Pilot Plan Template to design the details of your pilot.

Investing time into planning your pilot phase strategically will ensure a clear scope, better communications for those piloting the processes, and overall, better, more actionable results during the pilot phase. The Process Pilot Plan Template is broken into five sections to assist in these goals:

    • Pilot Overview and Scope
    • Success and Risk Factors
    • Stakeholders Involved and Communications Plan
    • Pilot Retrospective and Feedback Protocol
    • Lessons Learned
  • The duration of your pilot should go at least one allocation period, depending on your frequency of updates, e.g. one week or month.
  • Estimates of time commitments should be captured for each stakeholder. During the retrospective at the end of the pilot, you should capture actuals to help determine the time-cost of the process itself and measure its sustainability.
  • Once the template is completed, schedule time to share and communicate it with the pilot team and executive sponsors of the process.

While you should invest time in this planning document, continue to lean on the Resource Management Playbook as well as a process guide throughout the pilot phase.

Execute your pilot and prepare to make process revisions before the full rollout

Hit play! Begin the process pilot and get familiar with the work routine and resource management solution.

Some things to keep in mind during the pilot include:

  • Depending on the solution you’re using, you will likely need to spend one day or less to populate the tool. During the pilot, measure the time and effort required to manage the data within the tool. Compare with the original estimate from activity 2.2.2. Determine whether time and effort required are viable on an ongoing basis (i.e. can you do it every week or month) and have value.
  • Meet with the pilot team and other stakeholders regularly during the pilot – at least weekly. Allow the team (and yourself) to speak honestly and openly about what isn’t working. The pilot is your chance to make things better.
  • Keep notes about what will need to change in the RM Playbook. For major changes, you may have to tweak the process during the pilot itself. Update the process documents as needed and communicate the changes and why they’re being made. If required, update the scope of the pilot in the Process Pilot Plan Template.

Obtain feedback from the pilot group to improve your processes before a wider rollout

3.1.3
30 minutes

Input

  • What’s working and what isn’t in the process

Output

  • Ideas to improve process

Materials

  • Whiteboard
  • Sticky notes
  • Process Pilot Plan Template

Participants

  • Process Owner (PMO Director or Portfolio Owner)
  • Pilot Team

Pilot projects allow you to validate your assumptions and leverage lessons learned. During the planning of the pilot, you should have scheduled a retrospective meeting with the pilot team to formally assess strengths and weaknesses in the process you have drafted.

  • Schedule the retrospective shortly after the pilot is completed. Info-Tech recommends a stop/start/continue activity with pilot participants to obtain and capture feedback.
  • Have members of the meeting record any processes/activities on sticky notes that should:
    • Stop: because they are ineffective or not useful
    • Start: because they would be useful for the tool and have not been incorporated into current processes
    • Continue: because they are useful and positively contribute to intended process outcomes

An example of how to structure a stop/start/continue activity on a whiteboard using sticky notes.

The image shows three black squares, each with three brightly coloured sticky notes in it. The three squares are labelled: Stop; Start; Continue.

See below for additional instructions

Document lessons learned and create an action plan for any changes to the resource management processes

3.1.4
30 minutes

As a group, discuss everyone’s responses and organize according to top priority (mark with a 1) and lower priority/next steps (mark with a 2). At this point, you can also remove any sticky notes that are repetitive or no longer relevant.

Once you have organized based on priority, be sure to come to a consensus with the group regarding which actions to take. For example, if the group agrees that they should “stop holding meetings weekly,” come to a consensus regarding how often meetings will be held, i.e. monthly.

Create an action plan for the top priority items that require changes (the stops and starts). Record in this slide or your preferred medium. Be sure to include who is responsible for the action and the date that it will be implemented.

Priority Action Required Who is Responsible Implementation Date
Stop: Holding meetings weekly Hold meetings monthly Jane Doe, PMO Next Meeting: November 1, 2017
Start: Discussing backlog during meetings Ensure that backlog data is up to date for discussion on date of next meeting John Doe, Portfolio Manager November 1, 2017

Document the outcomes of the start/stop/continue exercise and your action plan in Section 6 of Info-Tech’s Process Pilot Plan Template.

Review actions that can be taken based on the results of your pilot

Situation Action Next Steps
The dimensions that we chose for our strategy have proven to be too difficult to accurately maintain. The dimensions that we chose for our strategy have proven to be too difficult to accurately maintain. Reassess the dimensions that you chose for your strategy. Make sure that you are not overcommitting yourself based on your maturity level. You can always go back and adjust for a higher level of resource management maturity once you have mastered your current level. For example, if you chose “weekly” as your update frequency and this has proven to be too much to maintain, try updating monthly for a few months. Once you have mastered this update frequency, it will be easier to adjust to a weekly update process.
We were able to maintain the data for our pilot based on the dimensions that we chose. However, allocating projects based on realized capacity did not alleviate any of our resourcing issues and resources still seem to be working on more projects than they can handle. Determine other factors at the organization that would help to maintain the data and work toward reclaiming capacity. Continue working with the dimensions that you chose and maintain the accuracy of this data. The next step is to identify other factors that are contributing to your resource allocation problems and begin reclaiming capacity. Continue forward to the resource management roadmap section and work on changing organizational structures and worker behavior to maximize capacity for project work.
We were able to easily and accurately maintain the data, which led to positive results and improvement in resource allocation issues. If your strategy is easily maintained, identify factors that will help your organization reclaim capacity. Continue to maintain this data, and eventually work toward maintaining it at a more precise level. For example, if you are currently using an update frequency of “monthly” and succeeding, think about moving toward a “weekly” frequency within a few months. Once you feel confident that you can maintain project and resource data, continue on to the roadmap section to discover ways to reclaim resource capacity through organizational and behavioral change.

Finalize resource management roles and responsibilities

3.1.5
15 to 30 minutes

Input

  • Tasks for resource management
  • Stakeholder involved

Output

  • Roles, responsibilities, and accountabilities for resource management

Materials

  • Resource Management Playbook

Participants

  • PMO Director/ Portfolio Manager
  • Functional Managers
  • Project Managers

Perform a RACI exercise to help standardize terminology around roles and responsibilities and to ensure that expectations are consistent across stakeholders and teams.

  • A RACI will help create a clear understanding of the tasks and expectations for each stakeholder at each process step, assigning responsibilities and accountability for resource management outcomes.

Responsible

Accountable

Consulted

Informed

Roles CIO PMO Portfolio Analyst Project Manager Functional Manager
Collect supply data I A R I C
Collect demand data I A R C I
Identify conflicts I C/A R C C
Resolve conflicts C A/R I R R
Approve allocations A R I R I

Document your roles and responsibilities in Section 2 of Info-Tech’s Resource Management Playbook.

Use Info-Tech’s Portfolio Analyst job description to help fill any staffing needs around data maintenance

3.1 Project Portfolio Analyst/PMO Analyst Job Description

You will need to determine responsibilities and accountabilities for portfolio management functions within your team.

If you do not have a clearly identifiable portfolio manager at this time, you will need to clarify who will wear which hats in terms of facilitating intake and prioritization, high-level capacity awareness, and portfolio reporting.

  • Use Info-Tech’s Project Portfolio Analyst job description template to help clarify some of the required responsibilities to support your PPM strategy.
    • If you need to bring in an additional staff member to help support the strategy, you can customize the job description template to help advertise the position. Simply edit the text in grey within the template.
  • If you have other PPM tasks that you need to define responsibilities for, you can use the RASCI chart on the final tab of the PPM Strategy Development Tool.

Download Info-Tech’s Project Portfolio Analyst Job Description Template

Finalize the Resource Management Playbook and prepare to communicate your processes

Once you’ve completed the pilot process and made the necessary tweaks, you should finalize your Resource Management Playbook and prepare to communicate it.

Revisit your RM Playbook from step 2.3 and ensure it has been updated to reflect the process changes that were identified in activity 3.1.4.

  • If during the pilot process the data was too difficult or time consuming to maintain, revisit the dimensions you have chosen and select dimensions that are easier to accurately maintain. Tweak your process steps in the playbook accordingly.
  • In the long term, if you are not observing any capacity being reclaimed, revisit the roadmap that we’ll prepare in step 3.2 and address some of these inhibitors to organizational change.
  • In the next step, we will also be repurposing some of the content from the playbook, as well as from previous activities, to include them in your presentation to stakeholders, using Info-Tech’s Resource Management Communications Template.

Download Info-Tech’s Resource Management Playbook

Info-Tech Best Practice

Make your process standardization comprehensive. The RM Playbook should serve as your resource management standard operating procedure. In addition to providing a walk-through of the process, an SOP also clarifies project governance by clearly defining roles and responsibilities.

Step 3.2: Plan to engage your stakeholders with your playbook

PHASE 1

1.1 Set a course of action

1.2 Estimate supply and demand

PHASE 2

2.1 Select resource management dimensions

2.2 Select resource management tools

2.3 Build process steps

PHASE 3

3.1 Pilot your process for viability

3.2 Plan stakeholder engagement

This step will walk you through the following activities:

  • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
  • Plan for next steps in reclaiming project capacity
  • Plan for next steps in overcoming supply-demand reconciliation challenges

This step involves the following participants:

  • CIO
  • PMO Director / Portfolio Manager
  • Pilot Team from Step 3.1

Outcomes of this step

  • Plan for communicating responses and objections from stakeholders and staff
  • Plan to manage structural/enabling factors that influence success of the resource management strategy
  • Description of next steps in reclaiming project capacity and overcoming supply-demand reconciliation challenges
  • Final draft of the customized Resource Management Playbook

Develop a resource management roadmap to communicate and reinforce the strategy

A roadmap will help anticipate, plan, and address barriers and opportunities that influence the success of the resource management strategy.

This step of the project will ensure the new strategy is adopted and applied with maximum success by helping you manage challenges and opportunities across three dimensions:

1. Executive Stakeholder Factors

For example, resistance to adopting new assumptions about ratio of project versus non-project work.

2. Workforce/Team Factors

For example, resistance to moving from individual- to team-based allocations.

3. Structural Factors

For example, ensuring priorities are stable within the chosen resource planning horizon.

See Info-Tech’s Drive Organizational Change from the PMOfor comprehensive tools and guidance on achieving organizational buy-in for your new resource management practices.

Info-Tech Insight

Communicate, communicate, communicate. Staff are 34% more likely to adapt to change quickly during the implementation and adoption phases when they are provided with a timeline of impending changes specific to their department. (McLean & Company)

Anticipate a wide range of responses toward your new processes

While your mandate may be backed by an executive sponsor, you will need to influence stakeholders from throughout the organization in order to succeed. Indeed, as EPMO leader, success will depend upon your ability to confirm and reaffirm commitments on soft or informal grounds. Prepare an engagement strategy that anticipates a wide range of responses.

Enthusiasts Fence-sitters Skeptics Saboteurs
What they look like: Put all their energy into learning new skills and behaviors. Start to use new skills and behaviors at a sluggish pace. Look for alternate ways of implementing the change. Refuse to learn anything new or try new behaviors.
How they contribute: Lead the rest of the group. Provide an undercurrent of movement from old behaviors to new. Challenge decisions and raise risk points with managers. May raise valid points about the process that should be fixed.
How to manage them: Give them space to learn and lead others. Keep them moving forward by testing their progress. Listen to them, but don’t give in to their demands. Keep communicating with them until you convert them.
How to leverage them: Have them lead discussions and training sessions. Use them as an example to forecast the state once the change is adopted. Test new processes by having them try to poke holes in them. If you can convert them, they will lead the Skeptics and Fence-sitters.

Info-Tech Insight

Hone your stakeholder engagement strategy. Most people affected by an IT-enabled change tend to be fence-sitters. Small minorities will be enthusiasts, saboteurs, and skeptics. Your communication strategy should focus on engaging the skeptics, saboteurs, and enthusiasts. Fence-sitters will follow.

Define plans to deal with resistance to change, objections, and fatigue

Be prepared to confront skeptics and saboteurs when communicating the change.

  1. Use the templates on the following slide to:
    1. Brainstorm possible objections from stakeholders and staff. Prioritize objections that are likely to occur.
    2. Develop responses to objections.
  2. Develop a document and plan for proactively communicating responses and objections to show people that you understand their point of view.
    1. Revise the communications messaging and plan to include proactive objection handling.
  3. Discuss the likelihood and impact of “saboteurs” who aren’t convinced or affected by change management efforts.
    1. Explore contingency plans for dealing with difficult saboteurs. These individuals can negate the progress of the rest of the team by continuing to resist the process and spreading toxic energy. If necessary, be ruthless with these individuals. Let them know that the rest of the group is moving on without them, and if they can’t or won’t adopt the new standards, then they can leave.

Info-Tech Insight

Communicate well and engage often. Agility and continuous improvement are good, but can degenerate into volatility if change isn’t managed properly. People will perceive change to be volatile if their expectations aren’t managed through communications and engagement planning.

Info-Tech Best Practice

The individuals best positioned to provide insight and influence change positively are also best positioned to create resistance.

These people should be engaged early and often in the implementation process – not just to make them feel included or part of the change, but also because their insight could very likely identify risks, barriers, and opportunities that need to be addressed.

Develop a plan to manage stakeholder resistance to the new resource management strategy

3.2.1
30 minutes

Brainstorm potential implications and objections that executive stakeholders might raise about your new processes.

Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
i.e. Default Project Ratio 50% “This can’t be right...” “We conducted a thorough time audit to establish this ratio.”
“We need to spend more time on project work.” “Realistic estimates will help us control new project intake, which will help us optimize time allocated to projects.”
i.e. Frequency Monthly “This data isn’t detailed enough, we need to know what people are working on right now.” “Maintaining an update frequency of weekly would require approximately [X] extra hours of PMO effort. We can work toward weekly as we mature.”
i.e. Scope Person “That is a lot of people to keep track of.” “Managing individuals is still the job of the project manager; we are responsible for allocating individuals to projects.”
i.e. Granularity of Work Assignment Project “We need to know exactly what tasks are being worked on and what the progress is.” “Assigning at task level is very difficult to accurately maintain. Once we have mastered a project-level granularity we can move toward task level.”
i.e. Forecast Horizon One month “We need to know what each resource is working on next year.” “With a monthly forecast, our estimates are dependable. If we forecast a year in advance, this estimate will not be accurate.”

Document the outcomes of this activity on slide 26 of Info-Tech’s Resource Management Communications Template.

Develop a plan to manage staff/team resistance to the new resource management strategy

3.2.2
30 minutes

Brainstorm potential implications and objections that individual staff and members of project teams might raise about your new processes.

Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
i.e. Default Project Ratio 50% “There’s too much support work.” “We conducted a thorough time audit to establish this ratio. Realistic estimates will help us control new project intake, which will help us optimize your project time.”
i.e. Frequency Monthly “I don’t have time to give you updates on project progress.” “This update frequency requires only [X] amount of time from you per week/month.”
i.e. Granularity Project “I need more clarity on what I’m working on.” “Team members and project managers are in the best position to define and assign (or self-select) individual tasks.”
i.e. Forecast Horizon One month “I need to know what my workload will be further in advance.” “You will still have a high-level understanding of what you will be working on in the future, but projects will only be officially forecasted one month in advance.”
i.e. Allocation Cadence Monthly “We need a more frequent cadence.” “We can work toward weekly cadence as we mature.”

Document the outcomes of this activity on slide 27 of Info-Tech’s Resource Management Communications Template.

Develop a plan to manage structural/enabling factors that influence success of the resource management strategy

3.2.3
30 minutes

Brainstorm a plan to manage other risks and challenges to implementing your processes.

Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
i.e. Default Project Ratio 50% “We have approved too many projects to allocate so little time to project work.” Nothing has changed – this was always the amount of time that would actually go toward projects. If you are worried about a backlog, stop approving projects until you have completed the current workload.
i.e. Frequency Monthly “Status reports aren’t reliably accurate and up to date more than quarterly.” Enforce strict requirements to provide monthly status updates for 1-3 key KPIs.
i.e. Scope Person “How can we keep track of what each individual is working on?” Establish a simple, easy reporting mechanism so that resources are reporting their own progress.
i.e. Granularity Project “How will we know the status of a project without knowing what tasks are completed?” It is in the domain of the project manager to know what tasks have been completed and to report overall project progress.
i.e. Forecast Horizon One Month “It will be difficult to plan for resource needs in advance.” Planning a month in advance allows you to address conflicts or issues before they are urgent.

Document the outcomes of this activity on slide 28 of Info-Tech’s Resource Management Communications Template.

Finalize your communications plan and prepare to present the new processes to the organization

Use Info-Tech’s Resource Management Communications Template to record the challenges your resource management strategy is addressing and how it is addressing them.

Highlight organizational factors that necessitated the change.

  • Stakeholders and staff understandably tend to dislike change for the sake of change. Use Info-Tech’s Resource Management Communications Template to document the pain points that your process change is addressing and explain the intended benefits for all who will be subject to the new procedures.

Determine goals and benefits for implementation success.

  • Provide metrics by which the implementation will be deemed a success. Providing this horizon will provide some structure for stakeholders and hopefully help to encourage process discipline.

Clearly indicate what is required of people to adopt new processes.

  • Document your Resource Management Playbook. Be sure to include specific roles and responsibilities so there is no doubt regarding who is accountable for what.

Download Info-Tech’s Resource Management Communications Template

"You need to be able to communicate effectively with major stakeholders – you really need their buy-in. You need to demonstrate credibility with your audience in the way you communicate and show how portfolio [management] is a structured decision-making process." – Dr. Shan Rajegopal (quoted in Akass, “What Makes a Successful Portfolio Manager”)

Review tactics for keeping your processes on track

Once the strategy is adopted, the next step is to be prepared to address challenges as they come up. Review the tactics in the table below for assistance.

Challenge Resolution Next Step
Workers are distracted because they are working on too many projects at once; their attention is split and they are unproductive. Workers are distracted because they are working on too many projects at once; their attention is split and they are unproductive. Review portfolio practices for ways to limit work in progress (WIP).
Employees are telling project managers what they want to hear and not giving honest estimates about the way their time is spent. Ensure that employees understand the value of honest time tracking. If you’re allocating your hours to the wrong projects, it is your projects that suffer. If you are overallocated, be honest and share this with management. Display employee time-tracking reports on a public board so that everyone will see where their time is spent. If they are struggling to complete projects by their deadlines they must be able to demonstrate the other work that is taking up their time.
Resources are struggling with projects because they do not have the necessary expertise. Perform a skills audit to determine what skills employees have and assign them to projects accordingly. If an employee with a certain skill is in high demand, consider hiring more resources who are able to complete this work.

See below for additional challenges and tactics

Review tactics for keeping supply and demand aligned

Once the strategy is adopted, the next step is to use the outputs of the strategy to reclaim capacity and ensure supply and demand remain aligned. Review the tactics in the table below for assistance.

Challenge Resolution Next Step
There is insufficient project capacity to take on new work, but demand continues to grow. Extend project due date and manage the expectations of project sponsors with data. If possible, reclaim capacity from non-project work. Customize the playbook to address insufficient project capacity.
There is significant fluctuation in demand, making it extremely challenging to stick to allocations. Project managers can build in additional contingencies to project plans based on resourcing data, with plans for over-delivering with surplus capacity. In addition, the CIO can leverage business relationships to curb chaotic demand. The portfolio manager should analyze the project portfolio for clues on expanding demand. Customize the playbook to address large fluctuations in demand.
On a constant basis, there are conflicting project demands over specific skills. Re-evaluate the definition of a project to guard the value of the portfolio. Continually prioritize projects based on their business values as of today. Customize the playbook to address conflicting project demands. Feed into any near- and long-term staffing plans.

Prepare to communicate your new resource management practices and reap their benefits

As you roll out your resource management strategy, familiarize yourself with the capability improvements that will drive your resource management success metrics.

  1. Increased capacity awareness through the ability to more efficiently and more effectively collect and track complex, diverse, and dynamic project data across the project portfolio.
  2. Improved supply management. Increased awareness of resource capacity (current and forecasted) combined with the ability to see the results of resource allocations across the portfolio will help ensure that project resources are used as effectively as possible.
  3. Improved demand management. Increased capacity awareness, combined with reliable supply management, will help PMOs set realistic limits on the amount and kind of IT projects the organization can take on at any given time. The ability to present user-friendly reports to key decision makers will help the PMO to ensure that the projects that are approved are realistically attainable and strategically aligned.
  4. Increased portfolio success. Improvements in the three areas indicated above should result in more realistic demands on project workers/managers, better products, and better service to all stakeholders. While successfully implemented PPM solutions should produce more efficient PPM processes, ideally they should also drive improved project stakeholder satisfaction across the organization.

The image shows a series on concentric circles, labelled (from the inside out): Capacity Awareness; Supply Management; Demand Management; Project Success.

Info-Tech client achieves resource management success by right-sizing its data requirements and focusing on reporting

CASE STUDY

Industry Manufacturing

Source Info-Tech Client

We were concerned that the staff would not want to do timesheets. With one level of task definition, it’s not really timesheets. It’s more about reconciling our allocations.” – PMO Director, Manufacturing

Challenge

  • In a very fast-paced environment, the PMO had developed a meaningful level of process maturity.
  • There had never been time to slow down enough to introduce a mature PPM tool set.
  • The executive leadership had started to ask for more throughput of highly visible IT projects.

Solution

  • There had never been oversight on how much IT time went toward escalated support issues and smaller enhancement requests.
  • Staff had grown accustomed to a lack of documentation rigor surrounding the portfolio.
  • Despite a historic baseline of the ratio between strategic projects, small projects, and support, the lack of recordkeeping made it hard to validate or reconcile these ratios.

Results

  • The organization introduced a robust commercial PPM tool.
  • They were able to restrict the granularity of data to a high level in order to limit the time required to enter and manage, and track the actuals.
  • They prepared executive leadership for their renewed focus on the allocation of resources to strategically important projects.
  • Approval of projects was right-sized based on the actual capacity and realized through improved timesheet recordkeeping.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.1 Define the scope of your pilot and set appropriate goals for the test-run of your new processes

An effective pilot lowers implementation risk, enhances the details and steps within a process, and improves stakeholder relations prior to a full scale rollout.

3.2 Develop a plan to manage stakeholder and staff resistance to the new resource management practice

Proactively plan for communicating responses and objections to show people that you understand their point of view and win their buy-in.

Insight breakdown

Insight 1

A matrix organization creates many small, untraceable demands that are often overlooked in resource management efforts, which lead to underestimating total demand and overcommitting resources. To capture them and enhance the success of your resource management effort, focus on completeness rather than precision. Precision of data will improve over time as your process maturity grows.

Insight 2

Draft the resource management practice with sustainability in mind. It is about what you can and will maintain every week, even during a crisis: it is not about what you put together as a one-time snapshot. Once you stop maintaining resource data, it’s nearly impossible to catch up.

Insight 3

Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

Summary of accomplishment

Knowledge Gained

  • Disconnect between traditional resource management paradigms and today’s reality of work environment
  • Differentiation of accuracy and precision in capacity data
  • Snapshot of resource capacity supply and demand
  • Seven dimensions of resource management strategy
  • How to create sustainability of a resource management practice

Processes Optimized

  • Collecting resource supply data
  • Capturing the project demand
  • Identifying and documenting resource constraints and issues
  • Resolving resource issues
  • Finalizing and communicating resource allocations for the forecast window

Deliverable Completed

  • Resource Management Supply-Demand Calculator, to create an initial estimate of resource capacity supply and demand
  • Time-tracking survey emails, to validate assumptions made for creating the initial snapshot of resource capacity supply and demand
  • Resource Management Playbook, which documents your resource management strategy dimensions, process steps, and responses to challenges
  • PPM Solution Vendor Demo Script, to structure your resource management tool demos and interactions with vendors to ensure that their solutions can fully support your resource management practices
  • Portfolio Manager Lite, a spreadsheet-based resource management solution to facilitate the flow of data
  • Process Pilot Plan, to ensure that the pilot delivers value and insight necessary for a wider rollout
  • Project Portfolio Analyst job description, to help your efforts in bringing in additional staff to provide support for the new resource management practice
  • Resource Management Communications presentation, with which to engage your stakeholders during the new process rollout

Research contributors and experts

Trevor Bramwell, ICT Project Manager Viridor Waste Management

John Hansknecht, Director of Technology University of Detroit Jesuit High School & Academy

Brian Lasby, Project Manager Toronto Catholic District School Board

Jean Charles Parise, CIO & DSO Office of the Auditor General of Canada

Darren Schell, Associate Executive Director of IT Services University of Lethbridge

Related Info-Tech research

Develop a Project Portfolio Management Strategy

Grow Your Own PPM Solution

Optimize Project Intake, Approval, and Prioritization

Maintain and Organized Portfolio

Manage a Minimum-Viable PMO

Establish the Benefits Realization Process

Manage an Agile Portfolio

Tailor Project Management Processes to Fit Your Projects

Project Portfolio Management Diagnostic Program

The Project Portfolio Management Diagnostic Program is a low-effort, high-impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment to understand where you stand and how you can improve.

Bibliography

actiTIME. “How Poor Tracking of Work Time Affects Your Business.” N.p., Oct. 2016. Web.

Akass, Amanda. “What Makes a Successful Portfolio Manager.” Pcubed, n.d. Web.

Alexander, Moira. “5 Steps to avoid overcommitting resources on your IT projects.” TechRepublic. 18 July 2016. Web.

Anderson, Ryan. “Some Shocking Statistics About Interruptions in Your Work Environment.” Filevine, 9 July 2015. Web.

Bondale, Kiron. “Focus less on management and more on the resources with resource management.” Easy in Theory, Difficult in Practice. 16 July 2014. Web.

Burger, Rachel. “10 Software Options that Will Make Your Project Resource Allocation Troubles Disappear.” Capterra Project Management Blog, 6 January 2016. Web.

Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute. March/April 2009. Web.

Dimensional Research. “Lies, Damned Lies and Timesheet Data.” Replicon, July 2013. Web.

Edelman Trust Barometer. “Leadership in a Divided World.” 2016. Web.

Frank, T.A. “10 Execs with Time-Management Secrets You Should Steal.” Monday*. Issue 2: Nov-Dec 2014. Drucker Institute. Web.

Huth, Susanna. “Employees waste 759 hours each year due to workplace distractions.” The Telegraph, 22 Jun 2015. Web.

Jacobeus, Nicolas. “How Detailed Does Your Agency Time Tracking Need to Be?” Scale Blog, 18 Jul 2016. Web.

Lessing, Lawrence. Free Culture. Lulu Press Inc.: 30 July 2016.

Kwak, James. “The Importance of Excel. The Baseline Scenario, 9 Feb 2013. Web.

Madison, Daniel. “The Five Implementation Options to Manage the Risk in a New Process.” BPMInstitute.org. n.d. Web.

Mark, Gloria. Multitasking in the Digital Age. Morgan & Claypool Publishers. 1 April 2015

Maron, Shim. “Accountability Vs. Responsibility In Project Management.” Workfront, 10 June 2016. Web.

PM Solutions. “Resource Management and the PMO: Three Strategies for Addressing Your Biggest Challenge.” N.p., 2009. Web.

Project Management Institute. “Pulse of the Profession 2014.” PMI, 2014. Web.

Planview. “Capacity Planning Fuels Innovation Speed.” 2016. Web.

Rajda, Vilmos. “The Case Against Project Portfolio Management.” PMtimes, 1 Dec 2010. Web.

Reynolds, Justin. “The Sad Truth about Nap Pods at Work.” TINYpulse, 22 Aug 2016. Web.

Schulte, Brigid. “Work interrupts can cost you 6 hours a day. An efficiency expert explains how to avoid them.” Washington Post, 1 June 2015. Web.

Stone, Linda. "Continuous Partial Attention." Lindastone.net. N.p., n.d. Web.

Zawacki, Kevin. “The Perils of Time Tracking.” Fast Company, 26 Jan 2015. Web.

Assess Your Cybersecurity Insurance Policy

  • Buy Link or Shortcode: {j2store}255|cart{/j2store}
  • member rating overall impact (scale of 10): 9.1/10 Overall Impact
  • member rating average dollars saved: $33,656 Average $ Saved
  • member rating average days saved: 7 Average Days Saved
  • Parent Category Name: Governance, Risk & Compliance
  • Parent Category Link: /governance-risk-compliance
  • Organizations must adapt their information security programs to accommodate insurance requirements.
  • Organizations need to reduce insurance costs.
  • Some organizations must find alternatives to cyber insurance.

Our Advice

Critical Insight

  • Shopping for insurance policies is not step one.
  • First and foremost, we must determine what the organization is at risk for and how much it would cost to recover.
  • The cyber insurance market is still evolving. As insurance requirements change, effectively managing cyber insurance requires that your organization proactively manages risk.

Impact and Result

Perform an insurance policy comparison with scores based on policy coverage and exclusions.

Assess Your Cybersecurity Insurance Policy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess Your Cybersecurity Insurance Policy Storyboard - A step-by-step document that walks you through how to acquire cyber insurance, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Use this blueprint to score your potential cyber insurance policies and develop skills to overcome common insurance pitfalls.

  • Assess Your Cybersecurity Insurance Policy Storyboard

2. Acquire cyber insurance with confidence – Learn the essentials of the requirements gathering, policy procurement, and review processes.

Use these tools to gather cyber insurance requirements, prepare for the underwriting process, and compare policies.

  • Threat and Risk Assessment Tool
  • DRP Business Impact Analysis Tool
  • Legacy DRP Business Impact Analysis Tool
  • DRP BIA Scoring Context Example
  • Cyber Insurance Policy Comparison Tool
  • Cyber Insurance Controls Checklist

Infographic

Unify a Mixed Methodology Portfolio

  • Buy Link or Shortcode: {j2store}441|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Portfolio Management
  • Parent Category Link: /portfolio-management
  • As portfolio manager, you oversee a portfolio made up of projects using different types of planning and execution methodologies – from traditional Waterfall, to Agile, to hybrid approaches and beyond. The discontinuity between reporting metrics and funding models makes a holistic and perpetually actionable view of the portfolio elusive.
  • Agile’s influence is growing within the organization’s project ecosystem. Even projects that don’t formally use Agile methods often adopt agile tendencies, such as mitigating risk with shorter, more iterative development cycles and increasing collaboration with stakeholders. While this has introduced efficiencies at the project level, it has not translated into business agility, with decision makers still largely playing a passive role in terms of steering the portfolio.
  • Senior management still expects traditional commitments and deadlines, not “sprints” and “velocity.” The reluctance of many Agile purists to adhere to traditional timeline, budget, and scope commitments is not making Agile a particularly popular conversation topic among the organization’s decision-making layer.
  • As portfolio manager, it’s your job to unify these two increasingly fragmented worlds into a unified portfolio.

Our Advice

Critical Insight

  • As Agile’s influence grows and project methodologies morph and proliferate, a more engaged executive layer is required than what we see in a traditional portfolio approach. Portfolio owners have to decide what gets worked on at a regular cadence.
  • What’s the difference? In the old paradigm, nobody stopped the portfolio owners from approving too much. Decisions were based on what should be done, rather than what could get done in a given period, with the resources available.
  • The engaged portfolio succeeds by making sure that the right people work on the right things as much as possible. The portfolio owner plays a key, ongoing role in identifying the work that needs to be done, and the portfolio managers optimize the usage of resources.

Impact and Result

  • Establish universal control points. While the manager of a mixed methodology portfolio doesn’t need to enforce a standardized project methodology, she or he does need to establish universal control points for both intake and reporting at the portfolio level. Use this research to help you define a sustainable process that will work for all types of projects.
  • Scale the approvals process. For a mixed methodology portfolio to work, the organization needs to reconcile different models for approving and starting projects. This blueprint will help you define a right-sized intake process and decision-making paradigm for sprints and project phases alike.
  • Foster ongoing executive engagement. Mixed methodology success is contingent on regular and ongoing executive engagement. Use the tools and templates associated with this blueprint to help get buy-in and commitment upfront, and then to build out portfolio reports and dashboard that will help keep the executive layer informed and engaged long term.

Unify a Mixed Methodology Portfolio Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should consider an Engaged Agile Portfolio approach, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Get portfolio commitments

Assess the current state of the portfolio and ensure that portfolio owners and other stakeholders are onboard before you move forward to develop and implement new portfolio processes.

  • Unify a Mixed Methodology Portfolio – Phase 1
  • Mixed Methodology Portfolio Analyzer
  • Mixed Methodology Portfolio Strategy Template
  • Mixed Methodology Portfolio Stakeholder Survey Tool

2. Define your portfolio processes

Wireframe standardized portfolio processes for all project methodologies to follow.

  • Unify a Mixed Methodology Portfolio – Phase 2
  • Agile Portfolio Sprint Prioritization Tool
  • Project Methodology Assessment Tool

3. Implement your processes

Pilot your new portfolio processes and decision-making paradigm. Then, execute a change impact analysis to inform your communications strategy and implementation plan.

  • Unify a Mixed Methodology Portfolio – Phase 3
  • Process Pilot Plan Template
  • Intake and Prioritization Impact Analysis Tool
  • Resource Management Impact Analysis Tool
[infographic]

Workshop: Unify a Mixed Methodology Portfolio

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Assess Current State of the Portfolio

The Purpose

Determine the current state of your project execution and portfolio oversight practices.

Align different types of projects within a unified portfolio.

Define the best roles and engagement strategies for individual stakeholders as you transition to an Engaged Agile Portfolio.

Key Benefits Achieved

A current state understanding of project and portfolio management challenges.

Bolster the business case for developing an Engaged Agile Portfolio.

Increase stakeholder and team buy-in.

Activities

1.1 Calculate the size of your portfolio in human resource hours.

1.2 Estimate your project sizes and current project methodology mix.

1.3 Document the current known status of your in-flight projects.

1.4 Perform a project execution portfolio oversight survey.

Outputs

Your portfolio’s project capacity in resource hours.

Better understanding of project demand and portfolio mix.

Current state visibility.

An objective assessment of current areas of strengths and weaknesses.

2 Define Your Portfolio Processes

The Purpose

Objectively and transparently approve, reject, and prioritize projects.

Prioritize work to start and stop on a sprint-by-sprint basis.

Maintain a high frequency of accurate reporting.

Assess and report the realization of project benefits.

Key Benefits Achieved

Improve timeliness and accuracy of project portfolio reporting.

Make better, faster decisions about when to start and stop work on different projects.

Increase stakeholder satisfaction.

Activities

2.1 Develop a portfolio intake workflow.

2.2 Develop a prioritization scorecard and process.

2.3 Establish a process to estimate sprint demand and resource supply.

2.4 Develop a process to estimate sprint value and necessity.

Outputs

An intake workflow.

A prioritization scorecard and process.

A process to estimate sprint demand and resource supply.

A process to estimate sprint value and necessity.

3 Implement Your Processes

The Purpose

Analyze the potential change impacts of your new portfolio processes and how they will be felt across the organization.

Develop an implementation plan to ensure strategy buy-in.

Key Benefits Achieved

A strategic and well-planned approach to process implementation.

Activities

3.1 Analyze change impacts of new portfolio processes.

3.2 Prepare a communications plan based upon change impacts.

3.3 Develop an implementation plan.

3.4 Present new portfolio processes to portfolio owners.

Outputs

A change impact analysis.

A communications plan.

An implementation plan.

Portfolio strategy buy-in.

Develop a Security Awareness and Training Program That Empowers End Users

  • Buy Link or Shortcode: {j2store}370|cart{/j2store}
  • member rating overall impact (scale of 10): 9.4/10 Overall Impact
  • member rating average dollars saved: $12,075 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting
  • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
  • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
  • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

Our Advice

Critical Insight

  • One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
  • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

Impact and Result

  • Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
  • Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

Develop a Security Awareness and Training Program That Empowers End Users Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a security awareness and training program that empowers end users, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop your training program

Create or mature a security awareness and training program that is tailored to your organization.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 1: Develop Your Training Program
  • Security Awareness and Training Program Development Tool
  • End-User Security Job Description Template
  • Training Materials – Physical Computer Security
  • Training Materials – Cyber Attacks
  • Training Materials – Incident Response
  • Training Materials – Mobile Security
  • Training Materials – Passwords
  • Training Materials – Phishing
  • Training Materials – Social Engineering
  • Training Materials – Web Usage
  • Security Awareness and Training Vendor Evaluation Tool
  • Security Awareness and Training Metrics Tool
  • End-User Security Knowledge Test Template
  • Security Training Campaign Development Tool

2. Design an effective training delivery plan

Explore methods of training delivery and select the most effective solutions.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 2: Design an Effective Training Delivery Plan
  • Information Security Awareness and Training Policy
  • Security Awareness and Training Gamification Guide
  • Mock Spear Phishing Email Examples
  • Security Training Email Templates
  • Security Awareness and Training Module Builder and Training Schedule
  • Security Training Campaign Development Tool
  • Security Training Program Manual
  • Security Awareness and Training Feedback Template
  • Security Awareness Month Week 1: Staying in Touch
  • Security Awareness Month Week 2: Sharing Special Moments
  • Security Awareness Month Week 3: Working and Networking
  • Security Awareness Month Week 4: Families and Businesses
[infographic]

Workshop: Develop a Security Awareness and Training Program That Empowers End Users

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Outline the Plan for Long-term Program Improvement

The Purpose

Identify the maturity level of the existing security awareness and training program and set development goals.

Establish program milestones and outline key initiatives for program development.

Identify metrics to measure program effectiveness.

Key Benefits Achieved

Identified the gaps between the current maturity level of the security awareness and training program and future target states.

Activities

1.1 Create a program development plan.

1.2 Investigate and select metrics to measure program effectiveness.

1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.

Outputs

Customized development plan for program.

Tool for tracking metrics.

Customized knowledge quiz ready for distribution.

Customized feedback survey for training.

Gamification program outline.

2 Identify and Assess Audience Groups and Security Training Topics

The Purpose

Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.

Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.

Determined priority ratings for both audience groups and the security topics to be delivered.

Activities

2.1 Identify the unique audience groups within your organization and the threats they face.

2.2 Determine the priority levels of the current security topics.

2.3 Review audience groups and determine which topics need to be delivered to each group.

Outputs

Risk profile for each identified audience group.

Priority scores for all training topics.

List of relevant security topics for each identified audience group.

3 Plan the Training Delivery

The Purpose

Identify all feasible delivery channels for security training within your organization.

Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

Key Benefits Achieved

List of all potential delivery mechanisms for security awareness and training.

Built a vendor evaluation tool and discussed a vendor shortlist.

Harvested a collection of free online materials for in-house training development.

Activities

3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.

3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.

3.3 If creating content in-house, review and select available resources on the web.

Outputs

List of available delivery mechanisms for training.

Vendor assessment tool and shortlist.

Customized security training presentations.

4 Create a Training Schedule for Content Deployment

The Purpose

Create a plan for deploying a pilot program to gather valuable feedback.

Create an ongoing training schedule.

Define the end users’ responsibilities towards security within the organization.

Key Benefits Achieved

Created a plan to deploy a pilot program.

Created a schedule for training deployment.

Defined role of end users in helping protect the organization against security threats.

Activities

4.1 Build training modules.

4.2 Create an ongoing training schedule.

4.3 Define and document your end users’ responsibilities towards their security.

Outputs

Documented modular structure to training content.

Training schedule.

Security job description template.

End-user training policy.

Manage an IT Budget

  • Buy Link or Shortcode: {j2store}70|cart{/j2store}
  • member rating overall impact (scale of 10): 8.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Cost & Budget Management
  • Parent Category Link: /cost-and-budget-management
  • IT is viewed as a cost center without a clear understanding of the value it provides.
  • After completing the budget, the CIO is faced with changing expectations, disruptions, new risks, and new threats.
  • IT departments often lack a reliable budget management process to keep itself on track towards its budget goals.
  • Over budgeting risks credibility if projects are not all delivered, while under budgeting risks not being able to execute important projects.

Our Advice

Critical Insight

  • Managing your budget is not just about numbers; it’s also about people and processes. Better relationships and a proper process leads to better management of your budget. Understand how your relationships and current processes might be leveraged to manage your budget.
  • No one likes to be over budget, but being under budget isn’t necessarily good either. Coming in under budget may mean that you are not accomplishing the initiatives that you promised you would, reflecting poor job performance.

Impact and Result

  • Implement a formal budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track towards budget goals.
  • Manage the expectations of business stakeholders by communicating the links between IT spend and business value in a way that is easily understood by the business.
  • Control for under- or overspending by using Info Tech’s budget management tool and tactics.

Manage an IT Budget Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to understand the increasing expectations for IT departments to better manage their budgets, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Document

Create a streamlined documentation process that also considers the elements of people and technology.

  • Manage an IT Budget – Phase 1: Document
  • Manage Your IT Budget Tool

2. Track

Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner.

  • Manage an IT Budget – Phase 2: Track

3. Control

Leverage control mechanisms to manage variances in your budget.

  • Manage an IT Budget – Phase 3: Control
[infographic]

Workshop: Manage an IT Budget

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Document Budget

The Purpose

The first step of managing your IT budget is to make sure there is a properly documented budget that everyone agrees upon.

Key Benefits Achieved

A properly documented budget facilitates management and communication of the budget.

Activities

1.1 Review budget for the year.

1.2 Document each budget in the tool.

1.3 Review CAPEX vs. OPEX.

1.4 Customize accounts to match your organization.

Outputs

Budget broken out into monthly increments and by each account.

Budget documented in tool.

Tool customized to reflect organization's specific accounts and terminology.

2 Optimize Documentation Process

The Purpose

A proper documentation process forms the backbone for effective budget management.

Key Benefits Achieved

A streamlined documentation process with accurate inputs that also considers the elements of people and technology.

Activities

2.1 Draw out process flow of current documentation.

2.2 Identify bottlenecks.

2.3 Discuss and develop roadmap to solving bottlenecks.

Outputs

Process flow of current documentation process with identified bottlenecks.

Plan to mitigate bottlenecks.

3 Track and Control for Over- and Underspending

The Purpose

Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner. Then, leverage control mechanisms to manage variances in your budget.

Key Benefits Achieved

Tracking and controlling for variances will help the IT department stay on track towards its budget goals. It will also help with communicating IT’s value to the business.

Activities

3.1 Walk through the “Overview Bar.”

3.2 Document actual expenses incurred in fiscal to date.

3.3 Review the risk of over- and underspending.

3.4 Use the reforecast column to control for over- and underspend.

Outputs

Assess the “Overview Bar.”

Document actual expenditures and committed expenses up to the current date.

Develop a strategy and roadmap for how you will mitigate any current under- or overspends.

Reforecast expenditures for each account for each month for the remainder of the fiscal year.

Enter Into Mobile Development Without Confusion and Frustration

  • Buy Link or Shortcode: {j2store}282|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Mobile Development
  • Parent Category Link: /mobile-development
  • IT managers don’t know where to start when initiating a mobile program.
  • IT has tried mobile development in the past but didn't achieve success.
  • IT must initiate a mobile program quickly based on business priorities and needs a roadmap based on best practices.

Our Advice

Critical Insight

  • Form factors and mobile devices won't drive success – business alignment and user experience will. Don't get caught up with the latest features in mobile devices.
  • Software emulation testing is not true testing. Get on the device and run your tests.
  • Cross form-factor testing cannot be optimized to run in parallel. Therefore, anticipate longer testing cycles for cross form-factor testing.

Impact and Result

  • Prepare your development, testing, and deployment teams for mobile development.
  • Get a realistic assessment of ROI for the launch of a mobile program.

Enter Into Mobile Development Without Confusion and Frustration Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Make the Case for a Mobile Program

Understand the current mobile ecosystem. Use this toolkit to help you initiate a mobile development program.

  • Storyboard: Enter Into Mobile Development Without Confusion and Frustration

2. Assess Your Dev Process for Readiness

Review and evaluate your current application development process.

3. Prepare to Execute Your Mobile Program

Prioritize your mobile program based on your organization’s prioritization profile.

  • Mobile Program Tool

4. Communicate with Stakeholders

Summarize the execution of the mobile program.

  • Project Status Communication Worksheet
[infographic]

Workshop: Enter Into Mobile Development Without Confusion and Frustration

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Build your Future Mobile Development State

The Purpose

Understand the alignment of stakeholder objectives and priorities to mobile dev IT drivers.

Assess readiness of your organization for mobile dev.

Understand how to build your ideal mobile dev process.

Key Benefits Achieved

Identify and address the gaps in your existing app dev process.

Build your future mobile dev state.

Activities

1.1 Getting started

1.2 Assess your current state

1.3 Establish your future state

Outputs

List of key stakeholders

Stakeholder and IT driver mapping and assessment of current app dev process

List of practices to accommodate mobile dev

2 Prepare and Execute your Mobile Program

The Purpose

Assess the impact of mobile dev on your existing app dev process.

Prioritize your mobile program.

Understand the dev practice metrics to gauge success.

Key Benefits Achieved

Properly prepare for the execution of your mobile program.

Calculate the ROI of your mobile program.

Prioritize your mobile program with dependencies in mind.

Build a communication plan with stakeholders.

Activities

2.1 Conduct an impact analysis

2.2 Prepare to execute

2.3 Communicate with stakeholders

Outputs

Impact analysis of your mobile program and expected ROI

Mobile program order of execution and project dependencies mapping

List of dev practice metrics

Take Advantage of Big Tech Layoffs

  • Buy Link or Shortcode: {j2store}573|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Attract & Select
  • Parent Category Link: /attract-and-select

Tech layoffs have been making the news over the past year, with thousands of Big Tech employees having been laid off. After years of record low unemployment in IT, many leaders are looking to take advantage of these layoffs to fill their talent gaps.

However, IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations, or dive in and secure great talent to execute today on strategic needs. This research is designed to help those IT leaders who are looking to take advantage employee effective talents to secure talent.

  • With the impact of the economic slowdown still unknown, the first question IT leaders need to ask is whether now is the time to act.
  • Even with these layoffs, IT unemployment rates are at record lows, with many organizations continuing to struggle to attract talent. While these layoffs have opened a window, IT leaders need to act quickly to secure great talent.

Our Advice

Critical Insight

The “where has the talent gone?” puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn’t sustainable. This correction won’t impact unemployment numbers in the short term – the job force is just in flux right now.

Impact and Result

This research is designed to help IT leaders understand the talent market and to provide winning tactics to those looking to take advantage of the layoffs to fill their hiring needs.

Take Advantage of Big Tech Layoffs Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Take Advantage of Big Tech Layoffs Storyboard – A snapshot of the current talent market in IT and quick tactics IT leaders can employ to improve their hiring process to find and attract tech talent.

Straightforward tactics you can execute to successfully recruit IT staff impacted by layoffs.

  • Take Advantage of Big Tech Layoffs Storyboard

2. IT Talent Acquisition Optimization Tool – Use this tool to document the current and future talent acquisition process.

To hire efficiently, create a clear, consistent talent acquisition process. The IT Talent Acquisition Process Optimization Tool will help to:

  • Map out the current talent acquisition workflow
  • Identify areas of opportunity and potential gaps in the current process
    • IT Talent Acquisition Optimization Tool
    [infographic]

    Further reading

    Take Advantage of Big Tech Layoffs

    Simple tactics to secure the right talent in times of economic uncertainty.

    Why are the layoffs making the news?

    After three years of record low unemployment rates in IT and organizations struggling to hire IT talent into their organization, the window appears to be opening with tens of thousands layoffs from Big Tech employers.

    Big brand organizations such as Microsoft, Alphabet, Amazon, Twitter, Netflix, and Meta have been hitting major newswires, but these layoffs aren't exclusive to the big names. We've also seen smaller high-growth tech organizations following suit. In fact, in 2022, it's estimated that there were more than 160,997 layoffs across over 1,045 tech organizations. This trend has continued into 2023. By mid-February 2023, there were already 108,754 employees laid off at 385 tech companies (Layoffs.fyi).(1)

    While some of these layoffs have been openly connected to economic slowdown, others are pointing to the layoffs being a correction for over-hiring during the pandemic. It is also important to note that many of these workers were not IT employees, as these organizations also saw cuts across other areas of the business such as sales, marketing, recruitment, and operations.

    (1)This global database is constantly being updated, and these numbers are changing on an ongoing basis. For up-to-date statistics, see https://layoffs.fyi

    While tech layoffs have been making the news, so far many of these layoffs have been a correction to over-hiring, with most employees laid off finding work, if they want it, within three months.

    IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations or dive in and secure great talent to execute today on strategic needs.

    This research is designed to help IT leaders understand the talent market and provide winning strategies to those looking to take advantage of the layoffs to fill their hiring needs.

    Three key drivers for Big Tech layoffs

    Economic uncertainty

    Globally, economists are predicting an economic slowdown, though there is not a consistent prediction on the impact. We have seen an increase in interest rates and inflation, as well as reduced investment budgets.

    Over-hiring during the pandemic

    High growth and demand for digital technologies and services during the early pandemic led to over-hiring in the tech industry. Many organizations overestimated the future demand and had to rebalance staffing as a result.

    New automation investments

    Many tech organizations that have conducted layoffs are still in a growth mindset. This is demonstrated though new tech investments by these companies in products like chatbots and RPA to semi-automate processes to reduce the need for certain roles.

    Despite layoffs, the labor market remains competitive

    There were at least 160,997 layoffs from more than 1,045 tech companies last year (2022). (Layoffs.fyi reported as of Feb 21/2023)

    But just because Big Tech is laying people off doesn't mean the IT job market has cooled.

    Between January and October 2022 technology- focused job postings rose 25% compared to the same period in 2021, and there were more than 375,000 tech jobs posted in October of 2022.
    (Dice: Tech Jobs Report.)

    Info-Tech Insight

    The "where has the talent gone?" puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn't sustainable. This correction won't impact unemployment numbers in the short term – the job force is just in flux right now.

    So far, many of the layoffs have been a market correction

    Tech Layoffs Since COVID-19

    This is an image of a combo line graph plotting the number of tech layoffs from Q1 2020 to Q4 2022.

    Source: Layoffs.fyi - Tech Layoff Tracker and Startup Layoff Lists

    Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    This is an image of a bar graph plotting Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    Source: Yahoo Finance. Q4 '19 to Q3 '22

    Tech Layoffs between 2020 Q3- 2022 Q1 remained very low across the sector. In fact, outside of the initial increase at the start of the pandemic, layoffs have remained at historic low levels of around 1% (HBR, 2023). While the layoffs look significant in isolation, when you compare these numbers to pandemic hiring and growth for these organizations, the figures are relatively small.

    The first question IT leaders need to ask is whether now is the time to act

    The big gamble many CIOs face is whether to strike now to secure talent or to wait to better understand the impact of the recession. While two-thirds of IT professionals are still expecting their budgets to increase in 2023, CIOs must account for the impact of inflation and the recession on their IT budgets and staffing decisions (see Info-Tech's CEO-CIO Alignment Program).

    Ultimately, while unemployment is low today, it's common to see unemployment numbers drop right before a recession. If that is the case, then we will see more talent entering the market, possibly at more competitive salaries. But organizations that wait to hire risk not having the staff they need to execute on their strategy and finding themselves in a hiring freeze. CIOs need to decide on how to approach the economic uncertainty and where to place their bets.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    This is an image of anticipated changes to IT spending compared to 2022 for the following categories: Decrease of more than 30%; Decrease between 16-30%; Decrease between 6-15%; Decrease between 1-5%; No Change; Increase between 1-5%; Increase between 6-15%; Increase between 16-30%; Increase of more than 30%

    Info-Tech's CEO-CIO Alignment Program

    Organizations ready to take advantage will need to act fast when layoffs happen

    Organizations looking to fill hiring needs or grow their IT/digital organization will need to be strategic and efficient when it comes to recruitment. Regardless of the number of layoffs, it continues to be an employee market when it comes to IT roles.

    While it is likely that the recession will impact unemployment rates, so far, the market remains hot, and the number of open roles continues to grow. This means that organizations that want to take advantage need to act quickly when news hits.

    Leaders not only need to compete with other organizations for talent, but the other challenge hiring organizations will need to compete with is that many in tech received generous severance packages and will be considering taking time off. To take advantage, leaders need to establish a plan and a clear employee value proposition to entice these highly skilled workers to get off the bench.

    Why you need to act fast:

    • Unemployment rates remain low:
      • Tech unemployment's rates in the US dropped to 1.5% in January 2023 (CompTIA), compared to overall unemployment which is at 3.4% in the US as of January 2023 (Yahoo Finance). While the layoffs look significant, we can see that many workers have been rehired into the labor market.
    • Long time-to-hire results in lost candidates:
      • According to Info-Tech's IT Talent Trend Report, 58% of IT leaders report time-to-hire is longer than two months. This timing increases for tech roles which require unique skills or higher seniority. IT leaders who can increase the timeline for their requirement process are much more likely to be able to take advantage of tech layoffs.

    IT must take a leading role in IT recruitment to take advantage of layoffs

    A personal connection is the differentiator when it comes to talent acquisition

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and the effectiveness of this process in the IT department. The more involved they are, the higher the effectiveness.(1)

    More IT leadership involvement

    An image of two upward facing arrows. The left arrow is faded purple, and the right arrow is dark purple.

    Higher recruitment effectiveness

    Involved leaders see shorter times to hire

    There is a statistically significant relationship between IT leadership involvement in the talent acquisition process and time to fill vacant positions. The more involved they are, the shorter the time to hire.(2)

    Involved leaders are an integral part of effective IT departments

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and overall IT department effectiveness. Those that are more involved have higher levels of effectiveness.(3)

    Increased IT Leadership in Recruitment Is Directly Correlated to Recruitment Effectiveness.

    This is an image of a combo bar graph plotting Overall Effectiveness for IT leadership involvement in recruitment.

    Focus your layoff recruitment strategy on critical and strategic roles

    If you are ready to take advantage of tech layoffs, focus hiring on critical and strategic roles, rather than your operational backfills. Roles related to security, cloud migration, data and analytics, and digital transformation are more likely to be shielded from budget cuts and are logical areas to focus on when looking to recruit from Big Tech organizations.

    Additionally, within the IT talent market, scarcity is focused in areas with specialized skill sets, such as security and architecture, which are dynamic and evolving faster than other skill sets. When looking to recruit in these areas, it's critical that you have a targeted recruitment approach; this is why tech layoffs represent a strong opportunity to secure talent in these specialized areas.

    ROLES DIFFICULT TO FILL

    An image of a bar graph plotting roles by difficulty to fill.

    Info-Tech Talent Trends 2022 Survey

    Four quick tactics to take advantage of Big Tech layoffs

    TALENT ACQUISITION PROCESS TO TAKE ADVANTAGE OF LAYOFFS

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following four steps: 1 Prepare organization and job ads for recruitment.  2 Actively track and scan for layoff activity.  3 Prioritize and screen candidates using salary benchmarks and keywords.  4 Eliminate all unnecessary hiring process steps.

    Guided Implementation

    What does a typical GI on this topic look like?

    Step 1 Step 2 Step 3 Step 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: IT job ad review.

    Call #4: Identify screening and sourcing opportunities.

    Call #5: Review your IT talent acquisition process.

    Call #3: Employee value proposition review.

    Call #7: Refine your talent acquisition process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Tactics to take advantage of tech layoffs

    Activities

    1.1 Spot check your employee value proposition
    1.2 Update job advertisements
    1.3 Document your talent acquisition process
    1.4 Refine your talent acquisition process

    This step involves the following participants:

    • IT executive leadership
    • IT hiring manager
    • Human resources
    • Marketing/public relations

    Outcomes of this step

    Streamlined talent acquisition process tailored to take advantage of tech layoffs.

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following fo steps: 1 Prepare organization and job ads for recrtment.  2 Actively track and scan for layoff aivity.  3 Prioritize and screen candidates using salary benchmarks and kwords.  4 Eliminate all unnecessary hiring process steps.

    Requisition: update job ads and secure approval to hire

    Critical steps:

    1. Ensure you have secured budget and hiring approval.
    2. Identify an IT recruitment partner within the IT organization who will be accountable for working with HR throughout the process and who will actively track and scan for recruitment opportunities.
    3. Update your IT job descriptions.
    4. Spot check your employee value proposition (EVP) to appeal to targeted candidates (Exercise 1.1).
    5. Write employee job ads for relevant skills and minimum viable experience (Exercise 1.2).
    6. Work with HR to develop your candidate outreach messages – ensure that your outreach is empathetic, aligns with your EVP, and focuses on welcoming them to apply to a role.

    The approval process to activate a requisition can be one of the longest stages in the talent acquisition process. Ensure all your roles are up to date and approved so you can trigger outreach as soon as news hits; otherwise, you'll be late before you've even begun.

    Your employee value proposition (EVP) is a key tool for attracting and retaining talent

    Any updates to your EVP need to be a genuine reflection of the employee experience at your organization – and should resonate internally and externally.

    Internal (retention) perspective: These characteristics help to retain new and existing talent by ensuring that new hires' expectations are met and that the EVP is experienced throughout the organization.

    External (attraction) perspective: These characteristics help to attract talent and are targeted so the right candidates are motivated to join, while those who aren't a good fit will self-select out.

    McLean & Company's Employee Value Proposition Framework

    This is an image of McLean & Company's Employee Value Proposition Framework.  It is divided into Retain and Attract.  under Retain, are the following three headings: Aligned; Accurate; Aspirational.  Under Attract are: Compelling; Clear; Comprehensive.

    Source: McLean & Company

    1.1 Spot check your EVP

    1-3 hours

    1. Review your existing IT employee value proposition. If you do not have an EVP, see Info-Tech's comprehensive research Improve the IT Recruitment Process to draft a new EVP.
    2. Invite a representative group of employees to participate in a working group to improve your employee value proposition. Ask each participant to brainstorm the top five things they value most about working at the organization.
    3. Consider the following categories: work environment, career advancement, benefits, and ESG and diversity impact. Brainstorm as a group if there is anything unique your organization offers with regard to these categories.
    4. Compare your notes to your existing EVP, identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the categories above. Remove any statements that no longer speak to who you are as an organization or what you offer.

    Input

    • Existing employee value proposition
    • Employee Engagement Surveys (If Available)

    Output

    • Updated employee value proposition

    Materials

    • Whiteboard/flip charts
    • Job ad template

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    Four critical factors considered by today's job seeker

    1. Be specific about remote work policies: Include verbiage about whether there is an option to work hybrid or remote. 81% of job seekers stated that whether a job is remote, hybrid, or in-person was a top factor in whether they'd accept an offer (Benefits Canada, 2022).
    2. Career advancement and stability: "37% of Gen Z employees and 25% of millennial employees are currently looking for a job that offers career progression transparency — or, in other words, a job with clear opportunities for growth. This is significantly higher than our findings for older generations Gen X (18%) and baby boomers (7%)," (Lattice, 2021).
    3. Unique benefits: Consider your unique benefits – it's not the Big Tech "fun perks" like slides and ping pong that drive interest. Employees are increasingly looking for roles with long-term benefits programs. 90% of job seekers consider higher pension contributions to be a key factor, and 85% are considering bonuses/profit sharing" (Benefits Canada, 2022). Candidates may accept lower total compensation in exchange for flexibility, culture, work/life balance that was lacking in the start-up scene or the mega-vendors' fast-paced world.
    4. ESG and diversity impact: Include details of how the candidate will make a societal impact through their role, and how the company is acting on climate and sustainability. "Nearly two in five [Gen Z's and millennials] say they have rejected a job or assignment because it did not align with their values," (Deloitte Global, 2022).

    Update or establish job ads for candidate outreach

    Take the time up front to update your IT job descriptions and to write effective job advertisements. A job advertisement is an external-facing document that advertises a position with the intent of attracting job applicants. It contains key elements from the job description as well as information on the organization and its EVP. A job description informs a job ad, it doesn't replace it.
    When updating job descriptions and job ads, it's critical that your requirements are an accurate representation of what you need in the position. For the job ads especially, focus on the minimum requirements for the role, highlight your employee value proposition, and ensure that they are using inclusive language.
    Don't be lulled into using a job description as a posting when there's a time crunch to fill a position – use your preparation time to complete this key step.

    Three tips to consider when building a job ad

    Include the minimum desired requirements

    Include the required skills, responsibilities, and certifications required. Instead of looking for a unicorn, look for what you need and a demonstrated ability to learn. 70% of business executives say they are getting creative about sourcing for skills rather than just considering job experience (Deloitte Insights, 2022).

    Strategically include certifications

    When including certifications, ensure you have validated the process to be certified – i.e. if you are hiring for a role with 3-5 years' experience, ensure that the certification does not take 5-10 years of experience be eligible.

    Use inclusive language

    Consider having a review group within your IT organization to ensure the language is inclusive, that the responsibilities don't read as overly complex, and that it is an accurate representation of the organization's culture.

    1.2 Update or build job ads

    1-3 hours

    1. Begin with a copy of the job ad you are looking to fill, if you haven't begun to draft the role, start with Info-Tech's Job Description Library and Info-Tech's Job Ad Template.
    2. Review the job accountabilities, rank each responsibility based on its importance and volume of work. Determine if there are any responsibilities that are uncommon to be executed by the role and remove unnecessary responsibilities.
    3. For each of the job accountabilities, identify if there is a level of experience, knowledge or competency that would be the minimum bar for a candidate. Remove technical skills, specific technologies, and competencies that aren't directly relevant to the role, responsibilities or values.
    4. Review the education and requirements, and ensure that any certification or educational background is truly needed or suggested.
    5. Use the checklist on the following tab to review and update your job ad.

    Input

    • Job description
    • Employee value proposition
    • Job ad template

    Output

    • Completed job ad

    Materials

    • Whiteboard/flip charts
    • Web share

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    1.2 Job ad checklist:

    A job ad needs to be two things: effective and inclusive.

    Effective

    The job ad does include:

    The organization's logo.
    Description of the organization.
    Information about benefits.
    A link to the organization's website and social media platforms.
    Steps in the application process and what candidates can expect.

    The job ad:

    Paints an accurate picture of key aspects of the role.
    Tells a story to show potential candidates how the role and organization will fit into their career path (outlines potential career paths, growth opportunities, training, etc.).
    Does not contain too many details and tasks that would overwhelm applicants.
    Highlights the employer brand in a manner that conveys the EVP and markets the organization to attract potential applicants.
    Includes creative design or formatting to make the ad stand out.
    The job ad speaks to the audience by using targeted language (e.g. using creative language when recruiting for a creative role).
    The job ad has been reviewed by HR, Marketing, PR.

    Inclusive

    The job ad does NOT include:

    Industry jargon or abbreviations that are not spelled out.
    Personality characteristics and unnecessary adjectives that would deter qualified candidates (e.g. extroverted, aggressive, competitive).
    A list of specific academic disciplines or schools, GPA requirements, or inflated degree requirements.

    The job ad:

    Uses gender-neutral language and does not contain terms that indicate traits that are typically associated with a specific gender.
    Can be viewed and applications can be completed on mobile devices.
    Focuses on results, day-to-day requirements, competencies, and transferrable skills.
    Includes design that is accessible (e.g. alternative text is provided for images, clear posting structure with headings, color is not used to convey information).

    Sourcing: Set up news trackers and review layoff source lists

    • Set up news and social media trackers to track layoff updates, and ensure you have an IT staff member on standby to complete a more detailed opportunity analysis when layoffs happen.
    • Use layoff source lists such as Layoffs.fyi to actively track organizations that have laid people off, noting the industry, location, and numbers in order to identify potential candidates. Limit your future analysis to locations that would be geographically possible to hire from.
    • Review open-source lists of laid-off employees to quickly identify potential candidates for your organization.
    • Many organizations that have completed layoffs have established outplacement programs to help laid-off staff find new roles. Set a plan in motion with HR to reach out to organizations once a layoff has occurred to understand their layoff support program.

    The key to successful sourcing is for IT to take an active role in identifying which organizations impacted by layoffs would be a good fit, and to quickly respond by searching open-source lists and LinkedIn to reach out potential candidates.

    Consider leveraging open-source lists

    Layoffs.fyi has been tracking and reporting on layoffs since the start of COVID-19. While they are not an official source of information, the site has more than a million views per month and is a strong starting point for IT leaders looking to source candidates from tech layoffs beyond the big organizations that are making the news.

    The site offers a view of companies with layoffs by location, industry, and the source of the info. Additionally, it often lists the names and contact information of laid-off employees, which you can leverage to start your deeper LinkedIn outreach or candidate screening.

    This is an image of two screenshots of open source lists from Layoffs.fyi

    Screenshots from Layoffs.fyi.

    Screening: Prioritize by considering salary benchmarks and keywords

    • Determine a set of consistent pre-screening questions to leverage while screening candidates, which every candidate must answer, including knockout questions.
    • Prioritize by going for salary ranges you can afford: It is important to be aware of what companies are paying within the tech arena, so you know if your salary bands are within a competitive range.
    • Pre-screen resumes using appropriate keywords that are critical for the role, and widen the terms if you do not have enough candidates. Given the pool you are looking to recruit from, consider removing criteria specifically related to education or certifications; instead, prioritize skills and on-the-job experience.

    Screening is one of the most time-consuming stages of the TA process. For each open position, it can take 23 hours to screen resumes (Toolbox, 2021). In fact, 52% of TA leaders believe that screening candidates from a large pool of applicants is the hardest part of recruitment (Ideal, 2021).

    Compensation comparison reports

    Keep in mind that the market may be shifting rapidly as layoffs proliferate, so what the data shows, particularly on free-to-use sites with little data-checking, may not be current and may be overstated. Info-Tech does not provide salary analysis; however, there are publicly available reports and online websites with self-reported data.

    This list contains several market data sources for the tech industry, which may be a good starting point for comparison. Info-Tech is not affiliated with or endorsing any of these market data sources.

    Aon Global Cyber Security Compensation and Talent Survey
    Aon – Radford Surveys Radford Global Technology Survey
    Culpepper Comprehensive Compensation Survey Solution for Technology-Focused Companies
    Modis 2022 IT Compensation Guide
    Motion Recruitment 2023 Tech Salary Guide
    Mondo 2022 Salary Guide for roles & jobs across the technology, creative & digital marketing industries.
    Willis Towers Watson Willis Towers Watson Data Services - Artificial Intelligence and Digital Talent
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - Canada
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - U.S.
    Michael Page Salary Guide 2022 for the Greater Toronto Area Technology Industry
    Willis Towers Watson Willis Towers Watson Data Services - Tech, Media, and Gaming
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - U.S.
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - U.S.

    Work with your HR partner to streamline your talent acquisition process

    A slow talent acquisition process presents multiple risks to your ability to recruit. Candidates are likely having multiple hiring conversations, and you could lose a good candidate just by being slower than another organization. Additionally, long hiring processes are also an indicator of a high level of bureaucracy in an organization, which may turn off tech candidates who are used to faster-paced decision making.

    Reducing your time-to-hire needs to be a strategic priority, and companies that manage to do this are reaping the benefits: There is a statistically significant relationship between time to fill vacant positions and overall IT department effectiveness. The shorter the time to fill a position, the higher the effectiveness (Bika, 2019).

    Key Considerations for Optimizing your Talent Acquisition Process

    Key Considerations for Optimizing your Talent Acquisition Process

    Review the end-to-end experience

    50%

    of job seekers surveyed had "declined a job offer due to poor [candidate] experience," (Echevarria, 2020).

    Reduce the time to hire

    55%

    "of candidates believe that it should take one to two weeks from the first interview to being offered the job," (Duszyński, 2021).

    Be clear on Timelines

    83%

    "of candidates say it would greatly improve the overall experience if employers provided a clear timeline of the hiring process," (Miller, n.d.).

    Time to hire: Identify solutions to drive efficient hiring

    1. Document all steps between screening and hiring and remove any unnecessary steps.
    2. Create clearly defined interview guides to ensure consistent questioning by interviewers.
    3. Enable hiring managers to schedule their own interviews.
    4. Determine who needs to approve an offer. Streamline the number of approvals, if possible.
    5. Eliminate unnecessary background checks. Many companies have eliminated reference checks, for example, after determining that it was it was not adding value to their decision.
    6. Identify and track key metrics across your talent acquisition process.

    It is critical to partner with your HR department on optimizing this process, as they are typically the process owners and will have deep knowledge of the rationale for decisions. Together, you can identify some opportunities to streamline the process and improve the time to hire.

    4.1 Document your TA process

    1-3 hours

    1. If you have a documented talent acquisition process, begin with that; if not, open the IT Talent Acquisition Process Optimization Tool and map the stages of the talent acquisition process with your HR leader. Stages are the top level in the process (e.g. requisition, sourcing, screening).
    2. Identify all the stakeholders involved in IT talent acquisition and document these in the tool.
    3. Next, identify the steps required for each stage. These are more detailed actions that together will complete the stage (e.g. enter requisition into ATS, intake meeting). Ask subject matter experts to add steps to their portion of the process and document these in the cells.
    4. For each step in the stage, record the time required and the number of people who are involved.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Download the IT Talent Acquisition Process Optimization Tool

    Example of steps in each stage of the TA process

    Activities

    Requisition

    Source

    Screen

    Interview & Assess

    Offer

    Background Check

    Vacancy identified Posted on website Resumes screened in system Interviews scheduled Offer letter drafted Reference checks conducted
    Requisition submitted Posted on job boards Resume screened by recruited First round interviews Offer letter sent Medical checks conducted
    Requisition approved Identification of layoff sources Resumed reviewed by hiring manager Assessment Negotiations Other background checks conducted
    Job description updated Review layoff source lists Screening calls Second round interview First date confirmed
    Job ad updated Screening questions developed Candidates selected
    Intake meeting

    4.2 Refine your TA process

    1-3 hours

    1. Collectively identify any:
      1. Inconsistent applications: Activities that are done differently by different participants.
      2. Bottlenecks: A place in the process where activity is constrained and holds up next steps.
      3. Errors: When a mistake occurs requiring extra time, resources, or rework.
      4. Lack of value: An activity that adds little to no value (often a legacy activity).
    2. Work with HR to identify any proposed solutions to improve consistency, reduce bottlenecks, errors, or eliminate steps that lack value. Document your proposed solutions in tab 3 of the IT Talent Acquisition Optimization Tool.
    3. Identify any new steps needed that would drive greater efficiency, including the tactics suggested in this research. Document any proposed solutions in tab 3.
    4. For each proposed solution, evaluate the general level of effort and impact required to move forward with that solution and select the appropriate classification from the drop-down.
    5. Determine if you will move forward with the proposed solution at this time. Update the TA workflow with your decisions.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Use Info-Tech's IT Talent Acquisition Optimization Tool to document current challenges & target solutions.

    Map your process and identify opportunities to streamline

    This is an image of the talent aquisitions workflow page from Info-Tech's Map your process and identify opportunities to streamline

    Brainstorm and select solutions to improve your process

    This is an image of the Effort Analysis page from Info-Tech's Brainstorm and select solutions to improve your process

    Key considerations when optimizing your process

    • Put yourself in each stakeholder's shoes (candidate, HR, hiring manager). Think through what they need from the process.
    • Challenge assumptions and norms. It can be tempting to get caught up in "how we do it today." Think beyond how it is today.
    • Question timing of activities and events. Identify if they are occurring when they need to.
    • Rebalance work to align with priorities. Identify if work can be redistributed or condensed to use time more efficiently.
    • Distinguish when consistency will add value and when there should be process flexibility.
    • Question the value. For each activity, ask "What value does this activity add?"

    Select metrics to measure Talent Acquisition process improvement

    METRICS INFORMATION
    Metric Definition Calculation
    Average applicants per posting The average number of applicants received per post. Number of applications / Number of postings
    Average number of interviews for open job positions Average number of interviews for open job positions. Total number of interviews / Total number of open job positions
    Average external time to fill Average number of calendar days from when the requisition is issued to when a candidate accepts the position from outside the organization. External days to fill / External candidates
    Pipeline throughput Percentage of candidates advancing through to the next stage. (Number of candidates in chosen stage / Number of candidates in preceding stage) * 100
    External offer acceptance rate Percentage of job offers extended to external candidates that were accepted. (Number of job offers that are accepted / Number of job offers extended) * 100
    Percentage of target group hired The percentage of a target group that was hired. Number of FTE hired / Target number of FTE to be hired
    Average time to hire Average number of calendar days between first contact with the candidate and when they accept the offer. Sum of number of days between first contact and offer acceptance / External candidates
    Quality of hire Percentage of new hires achieving a satisfactory appraisal at their first assessment. New hires who achieve a satisfactory rating at their first appraisal / Total number of new hires
    Vacancy rate Percentage of positions being actively recruited for at the end of the reporting period. Count of vacant positions / (Headcount + Vacant positions)

    Bibliography

    "81% of Employees Factoring Hybrid Work Into Job Search: Survey." BenefitsCanada.com, 16 June 2022.
    Andre, Louie. "40 Notable Candidate Experience Statistics: 2023 Job Application Trends & Challenges." Financesonline.Com, 15 Mar. 2023.
    Bika, Nikoletta. "Key Hiring Metrics: Useful Benchmarks for Tech Roles." Recruiting Resources: How to Recruit and Hire Better, 10 Jan. 2019.
    "Bureau of Labor Statistics Labor Market Revisions Contribute to Conflicting Signals in Latest Tech Employment Data, CompTIA Analysis Finds." CompTIA, 3 Feb. 2023. Press release.
    Byrnes, Amy. "ICIMS Insights Workforce Report: Time to Press the Reset Button?" ICIMS | The Leading Cloud Recruiting Software, 1 Dec. 2022.
    Cantrell, Sue, et al. "The Skills-Based Organization: A New Operating Model for Work and the Workforce." Deloitte Insights, 8 Sept. 2022.
    deBara, Deanna. "Top Findings from Lattice's Career Progression Survey." Lattice, 13 Sept. 2021. Accessed 16 Feb. 2023.
    Duszyński, Maciej. "Candidate Experience Statistics (Survey of 1,000+ Americans)." Zety, 14 Oct. 2019.
    Duszyński, Maciej. "Candidate Experience Statistics." Zety, 2021.
    Echevarria, Desiree. "2020 Candidate Experience Report." Career Plug, 17 Mar. 2021.
    Ghosh, Prarthana. "Candidate Screening and Selection Process: The Complete Guide for 2021." Spiceworks, 26 Feb. 2021. Accessed 22 Jun. 2021
    "Introduction - Dice Tech Job Report: Tech Hiring Trends by Location, Industry, Role and Skill." Accessed 16 Feb. 2023.
    Lee, Roger. "Tech Layoff Tracker and Startup Layoff Lists." Layoffs.fyi. Accessed 16 Feb. 2023.
    Miller, Kandace. "Candidate Experience And Engagement Metrics You Should Be Tracking." ConveyIQ, n.d. Accessed 16 Feb. 2023.
    Min, Ji-A. "Resume Screening: A How-To Guide for Recruiters." Ideal, 15 Mar. 2021. Web.
    Palmeri, Shelby. "2023 Candidate Experience Research: Strategies for Recruiting." CareerPlug, 6 Feb. 2023.
    Semenova, Alexandra. "Jobs Report: U.S. Economy Adds 517,000 Jobs in January, Unemployment Rate Falls to 3.4% as Labor Market Stuns." Yahoo!Finance, 3 Feb. 2023.
    Sozzi, Brian. "Big Tech Layoffs: What Companies Such as Amazon and Meta Have in Common." Yahoo!News, 6 Feb. 2023.
    Tarki, Atta. "Despite Layoffs, It's Still a Workers' Labor Market." Harvard Business Review, 30 Jan. 2023.
    The Deloitte Global 2022 Gen Z and Millennial Survey. Deloitte Global, 2022. Accessed 16 Feb. 2023.
    "Uncover the Employee Value Proposition." McLean & Company, 21 Jun. 2022. Accessed 22 Feb. 2023.

    Cost Optimization

    • Buy Link or Shortcode: {j2store}14|cart{/j2store}
    • Related Products: {j2store}14|crosssells{/j2store}
    • Up-Sell: {j2store}14|upsells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management
    Minimize the damage of IT cost cuts

    Build an Application Integration Strategy

    • Buy Link or Shortcode: {j2store}198|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Even though organizations are now planning for Application Integration (AI) in their projects, very few have developed a holistic approach to their integration problems resulting in each project deploying different tactical solutions.
    • Point-to-point and ad hoc integration solutions won’t cut it anymore: the cloud, big data, mobile, social, and new regulations require more sophisticated integration tooling.
    • Loosely defined AI strategies result in point solutions, overlaps in technology capabilities, and increased maintenance costs; the correlation between business drivers and technical solutions is lost.

    Our Advice

    Critical Insight

    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • An architectural approach to AI strategy is critical to making appropriate technology decisions and promoting consistency across AI solutions through the use of common patterns.
    • Get control of your AI environment with an appropriate architecture, including policies and procedures, before end users start adding bring-your-own-integration (BYOI) capabilities to the office.

    Impact and Result

    • Engage in a formal AI strategy and involve the business when aligning business goals with AI value; each double the AI success rate.
    • Benefits from a formal AI strategy largely depend on how gaps will be filled.
    • Create an Integration Center of Competency for maintaining architectural standards and guidelines.
    • AI strategies are continuously updated as new business drivers emerge from changing business environments and/or essential technologies.

    Build an Application Integration Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for AI Strategy

    Obtain organizational buy-in and build a standardized and formal AI blueprint.

    • Storyboard: Build an Application Integration Strategy

    2. Assess the organization's readiness for AI

    Assess your people, process, and technology for AI readiness and realize areas for improvement.

    • Application Integration Readiness Assessment Tool

    3. Develop a Vision

    Fill the required AI-related roles to meet business requirements

    • Application Integration Architect
    • Application Integration Specialist

    4. Perform a Gap Analysis

    Assess the appropriateness of AI in your organization and identify gaps in people, processes, and technology as it relates to AI.

    • Application Integration Appropriateness Assessment Tool

    5. Build an AI Roadmap

    Compile the important information and artifacts to include in the AI blueprint.

    • Application Integration Strategy Template

    6. Build the Integration Blueprint

    Keep a record of services and interfaces to reduce waste.

    • Integration Service Catalog Template

    Infographic

    Workshop: Build an Application Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for AI Strategy

    The Purpose

    Uncover current and future AI business drivers, and assess current capabilities.

    Key Benefits Achieved

    Perform a current state assessment and create a future vision.

    Activities

    1.1 Identify Current and Future Business Drivers

    1.2 AI Readiness Assessment

    1.3 Integration Service Catalog Template

    Outputs

    High-level groupings of AI strategy business drivers.

    Determine the organization’s readiness for AI, and identify areas for improvement.

    Create a record of services and interfaces to reduce waste.

    2 Know Current Environment

    The Purpose

    Identify building blocks, common patterns, and decompose them.

    Key Benefits Achieved

    Develop an AI Architecture.

    Activities

    2.1 Integration Principles

    2.2 High-level Patterns

    2.3 Pattern decomposition and recomposition

    Outputs

    Set general AI architecture principles.

    Categorize future and existing interactions by pattern to establish your integration framework.

    Identification of common functional components across patterns.

    3 Perform a Gap Analysis

    The Purpose

    Analyze the gaps between the current and future environment in people, process, and technology.

    Key Benefits Achieved

    Uncover gaps between current and future capabilities and determine if your ideal environment is feasible.

    Activities

    3.1 Gap Analysis

    Outputs

    Identify gaps between the current environment and future AI vision.

    4 Build a Roadmap for Application Integration

    The Purpose

    Define strategic initiatives, know your resource constraints, and use a timeline for planning AI.

    Key Benefits Achieved

    Create a plan of strategic initiatives required to close gaps.

    Activities

    4.1 Identify and prioritize strategic initiatives

    4.2 Distribute initiatives on a timeline

    Outputs

    Use strategic initiatives to build the AI strategy roadmap.

    Establish when initiatives are going to take place.

    Improve your core processes

    Improve your core processes


    We have over 45 fully detailed
    and interconnected process guides
    for you to improve your operations

    Managing and improving your processes is key to attaining commercial success

    Our practical guides help you to improve your operations

    We have hundreds of practical guides, grouped in many processes in our model. You may not need all of them. I suggest you browse within the belo top-level categories below and choose where to focus your attention. And with Tymans Group's help, you can go one process area at a time.

    If you want help deciding, please use the contact options below or click here.

    Check out our guides

    Our research and guides are priced from €299,00

    • Gert Taeymans Guidance

      Tymans Group Guidance & Consulting

      Tymans Group guidance and (online) consulting using both established and forward-looking research and field experience in our management domains.

      Contact

    • Tymans Group
      & Info-Tech
      Combo

      Get both inputs, all of the Info-tech research (with cashback rebate), and Tymans Group's guidance.

      Contact

    • Info-Tech Research

      Info-Tech offers a vast knowledge body, workshops, and guided implementations. You can buy Info-Tech memberships here at Tymans Group with cashback, reducing your actual outlay.

      Contact

    Register to read more …

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction

    • Buy Link or Shortcode: {j2store}612|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation

    Organizations risk being locked in a circular trap of inertia from auto-renewing their software. With inertia comes complacency, leading to a decrease in overall satisfaction. Indeed, organizations are uniformly choosing to renew their software – even if they don’t like the vendor!

    Our Advice

    Critical Insight

    Renewal is an opportunity cost. Switching poorly performing software substantially drives increased satisfaction, and it potentially lowers vendor costs in the process. To realize maximum gains, it’s essential to have a repeatable process in place.

    Impact and Result

    Realize the benefits of switching by using Info-Tech’s five action steps to optimize your vendor switching processes:

    1. Identify switch opportunities.
    2. Evaluate your software.
    3. Build the business case.
    4. Optimize selection method.
    5. Plan implementation.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Why you should consider switching software vendors

    Use this outline of key statistics to help make the business case for switching poorly performing software.

    • Switching Existing Software Vendors Overwhelmingly Drives Increased Satisfaction Storyboard

    2. How to optimize your software vendor switching process

    Optimize your software vendor switching processes with five action steps.

    [infographic]

    Implement Lean Management Practices That Work

    • Buy Link or Shortcode: {j2store}116|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • Service delivery teams do not measure, or have difficulty demonstrating, the value they provide.
    • There is a lack of continuous improvement.
    • There is low morale within the IT teams leading to low productivity.

    Our Advice

    Critical Insight

    • Create a problem-solving culture. Frequent problem solving is the differentiator between sustaining Lean or falling back to old management methods.
    • Commit to employee growth. Empower teams to problem solve and multiply your organizational effectiveness.

    Impact and Result

    • Apply Lean management principles to IT to create alignment and transparency and drive continuous improvement and customer value.
    • Implement huddles and visual management.
    • Build team capabilities.
    • Focus on customer value.
    • Use metrics and data to make better decisions.
    • Systematically solve problems and improve performance.
    • Develop an operating rhythm to promote adherence to Lean.

    Implement Lean Management Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how a Lean management system can help you increase transparency, demonstrate value, engage your teams and customers, continuously improve, and create alignment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand Lean concepts

    Understand what a Lean management system is, review Lean philosophies, and examine simple Lean tools and activities.

    • Implement Lean Management Practices That Work – Phase 1: Understand Lean Concepts
    • Lean Management Education Deck

    2. Determine the scope of your implementation

    Understand the implications of the scope of your Lean management program.

    • Implement Lean Management Practices That Work – Phase 2: Determine the Scope of Your Implementation
    • Lean Management Scoping Tool

    3. Design huddle board

    Examine the sections and content to include in your huddle board design.

    • Implement Lean Management Practices That Work – Phase 3: Design Huddle Board
    • Lean Management Huddle Board Template

    4. Design Leader Standard Work and operating rhythm

    Determine the actions required by leaders and the operating rhythm.

    • Implement Lean Management Practices That Work – Phase 4: Design Leader Standard Work and Operating Rhythm
    • Leader Standard Work Tracking Template
    [infographic]

    Workshop: Implement Lean Management Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Lean Concepts

    The Purpose

    Understand Lean management.

    Key Benefits Achieved

    Gain a common understanding of Lean management, the Lean management thought model, Lean philosophies, huddles, visual management, team growth, and voice of customer.

    Activities

    1.1 Define Lean management in your organization.

    1.2 Create training materials.

    Outputs

    Lean management definition

    Customized training materials

    2 Understand Lean Concepts (Continued) and Determine Scope

    The Purpose

    Understand Lean management.

    Determine the scope of your program.

    Key Benefits Achieved

    Understand metrics and performance review.

    Understand problem identification and continuous improvement.

    Understand Kanban.

    Understand Leader Standard Work.

    Define the scope of the Lean management program.

    Activities

    2.1 Develop example operational metrics

    2.2 Simulate problem section.

    2.3 Simulate Kanban.

    2.4 Build scoping tool.

    Outputs

    Understand how to use operational metrics

    Understand problem identification

    Understand Kanban/daily tasks section

    Defined scope for your program

    3 Huddle Board Design and Huddle Facilitation Coaching

    The Purpose

    Design the sections and content for your huddle board.

    Key Benefits Achieved

    Initial huddle board design.

    Activities

    3.1 Design and build each section in your huddle board.

    3.2 Simulate coaching conversations.

    Outputs

    Initial huddle board design

    Understanding of how to conduct a huddle

    4 Design and Build Leader Standard Work

    The Purpose

    Design your Leader Standard Work activities.

    Develop a schedule for executing Leader Standard Work.

    Key Benefits Achieved

    Standard activities identified and documented.

    Sample schedule developed.

    Activities

    4.1 Identify standard activities for leaders.

    4.2 Develop a schedule for executing Leader Standard Work.

    Outputs

    Leader Standard Work activities documented

    Initial schedule for Leader Standard Work activities

    Accelerate Your Automation Processes

    • Buy Link or Shortcode: {j2store}485|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    Your organization needs to:

    • Define an automation suite for the business.
    • Specify the business goals for your automation suite.
    • Roadmap your automation modules to continually grow your automation platform.
    • Identify how an automation suite can help the organization improve.

    Our Advice

    Critical Insight

    Start small and do it right:

    • Assess if a particular solution works for your organization and continually invest in it if it does before moving onto the next solution.
    • Overwhelming your organization with a plethora of automation solutions can lead to a lack of management for each solution and decrease your overall return on investment.

    Impact and Result

    • Define your automation suite in terms of your business goals.
    • Take stock of what you have now: RPA, AIOps, chatbots.
    • Think about how to integrate and optimize what you have now, as well as roadmap your continual improvement.

    Accelerate Your Automation Processes Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to find out why your organization should accelerate your automation processes, review Info-Tech’s methodology, and understand the ways Info-Tech can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover automation suite possibilities

    Take hold of your current state and assess where you would like to improve. See if adding a new automation module or investing in your current modules is the right decision.

    • Automation Suite Maturity Assessment Tool

    2. Chart your automation suite roadmap

    Build a high-level roadmap of where you want to bring your organization's automation suite in the future.

    • Automation Suite Roadmap Tool
    [infographic]

    Drive Innovation With an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}107|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    To drive a rapid shift towards the adoption of emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Our Advice

    Critical Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather limit itself to IT service targets and remain a cost center in the organization.

    Impact and Result

    Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    Drive Innovation With an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Innovation With an Exponential IT Mindset – Learn about the new era of exponential innovation and the capabilities needed to succeed.

    This research walks you through how to assess your capabilities to lead enterprise innovation and drive Exponential IT.

    • Drive Innovation With an Exponential IT Mindset Storyboard

    2. Innovation Readiness Assessment – Assess your readiness to drive innovation and the adoption of emerging technology.

    This tool will facilitate your readiness assessment.

    • Innovation Readiness Assessment
    [infographic]

    Further reading

    Drive Innovation With an Exponential IT Mindset

    Are you ready to drive the adoption of autonomous business capabilities?

    A diagram that shows exponential IT

    Analyst Perspective

    IT must develop new capabilities to drive emerging tech adoption

    Traditionally, CIOs have struggled to gain the trust of the executive leadership team and be recognized as business leaders rather than just technical leaders. In fact, based on a 2023 study by Info-Tech Research Group, only 36% of CIOs report directly to the CEO with most of the remainder reporting through either the CFO or COO.

    Exponential IT requires that CIOs gain a seat at the table and build the capabilities necessary to not only lead the transformation of their business but also drive the innovation that will lead to enterprise adoption of emerging technologies. CIOs will be required to gain a detailed understanding of their business and in-depth knowledge of emerging technologies so that they can match business opportunities with technology capabilities, while managing risk and change.

    This research will help CIOs identify the capabilities they need to transform the business, and better understand where they must mature their capabilities to drive Exponential IT.

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    To drive a rapid shift toward adopting emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Common Obstacles

    Exponential IT is dramatically shifting how IT engages the business. Many CIOs are unprepared.

    • Innovation is increasingly important for competitive advantage and business growth, narrowing the gap between large and small players.
    • Over 80% of CXOs believe their CIOs are currently unable to drive change within the business.[1]
    • 40% of CXOs anticipate that IT must be able to transform the business to maintain relevance.[1]

    Info-Tech's Approach

    Is your IT team ready to drive the adoption of emerging technology? Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    [1] Info-Tech CXO-CIO diagnostic benchmark data, 2022, n=76

    Info-Tech Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather than limit itself to IT service targets and remain a cost center in the organization.

    Drive innovation with an Exponential IT mindset

    Your ability to capture enterprise value from autonomization relies on your innovation capabilities and potential. Is your IT team ready to drive the adoption of AI-driven business processes? Assess your innovation readiness in five key areas supporting Exponential IT.

    A diagram that shows 5 key areas of exponential IT

    IT must rapidly mature

    If IT leaders cannot lead the transformation, then the business will move forward without them.

    Only 3% of CXOs report that their IT department can transform the business. Most IT organizations (81%) still struggle to adequately support the business.

    A diagram that shows IT maturity and exponential IT

    A diagram that shows IT capabilities Based on a Survey of CXOs (n=76)

    Common obstacles

    Leverage Exponential IT to drive value from the adoption of emerging tech

    The most common obstacles to innovation are cultural, including politics, lack of alignment on goals, misaligned culture, and an inability to act on indicators of change.[1]

    CIOs struggle to get a seat at the table and influence change. Info-Tech research shows that only 36% of CIOs report directly to the CEO, with over a third reporting to another C-suite leader such as a COO or CFO.[2]

    [1] Harvard Business Review, 2018
    [2] Info-Tech Research Group CIO Time Study, 2023

    Info-Tech Insight

    To drive change, CIOs need to gain the trust of their senior leadership team. Getting a seat at the table should be the first step for any CIO looking to transform their business.

    Many CIOs struggle to be seen as business leaders

    36%

    Only 36% of CIOs report directly to the CEO.

    Source: Info-Tech Research Group, 2023.

    48%

    48% of Boards report that they lack frequent or direct lines of communication with their CIOs.

    Source: CIO Dive, 2022

    Executive Brief: Case Study

    Logo of RBC Royal Bank

    • INDUSTRY: Financial Services
    • SOURCE: Borealis AI

    Borealis AI drives AI-powered transformation at Royal Bank of Canada

    Borealis AI is a research center backed by RBC Royal Bank, tasked with researching, designing, and building AI products and tools which transform the financial services industry. It gathers researchers with backgrounds in artificial intelligence (AI), computer vision, natural language processing (NLP), computer science, computational finance, mathematics, and machine learning (ML) to create solutions in areas including asynchronous temporal models, non-cooperative learning in competing markets, and causal machine learning from observational data.

    Results

    Borealis AI has created many innovative products for RBC, including:

    • NOMI Forecast: an award-winning personal financial management tool
    • Turing by Borealis AI: a text-to-SQL database interface using NLP
    • Aiden: an AI-powered electronic trading tool using reinforcement learning

    In 2023, Borealis AI won the Best Use of AI for Customer Experience award from The Digital Banker, for the NOMI Forecast app, which has been downloaded by nearly a million RBC clients since launching in 2021.


    "NOMI Forecast is a cutting-edge AI solution that uses deep learning to offer timely and accurate predictions of our clients' cashflow. Powered by our unique datasets, these AI models have been trained to deliver personalized experiences for RBC clients,"
    — Foteini Agrafioti, Chief Science Officer at RBC and Head of Borealis AI

    IT needs to connect emerging technology with business opportunities

    A diagram that shows exponential innovation, emerging technology, business opportunities.

    Emerging tech is driving business change

    A diagram that shows exponential innovation and its 5 elements.

    Innovation is critical for business success, but succeeding is more difficult than ever

    Emerging tech brings new challenges for organizations looking to create a competitive advantage. Access to sophisticated tools with minimal upfront costs have lowered the barriers to entry and democratized innovation, particularly among smaller players. The explosion of data processing & collaboration tools has allowed more focused and data-driven innovation efforts through analysis and insights, increasing the competitive advantage for those who get it right.

    This has led to an accelerated pace of change as autonomous business processes start driving their own market shifts. The rise of autonomous business processes creates exponential reward, but also exponential risk for early adopters.

    Innovation is increasingly critical for competitive growth

    IT innovation leadership explains 75% of the variation in satisfaction with IT (Source: Info-Tech Research Group survey, n=305) and is the fourth-highest priority for IT end users.

    A 7-year review by McKinsey (2020) showed that the most innovative companies[1] outperformed the market by upwards of 30%.

    A 25-year study by Business Development Canada & Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    [1]Top innovators are defined as companies which were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Adapt your approach to innovation

    Both traditional and exponential (AI-driven) innovation is important for business success

    IT as a fast execution engine

    Ideal for developing new methods, products, or services which provide value to the organization

    Can be led by IT or the business, depending on the scope of innovation (IT generally leads IT/internal innovation while the business leads customer-focused innovation)

    Often follows the pace of the business

    IT is a fast executor on requests generated by the business

    Leverages Agile to develop new ideas and products, and uses DevOps to put into production


    Use Info-Tech's research to Build your Enterprise Innovation Program

    IT as an exponential innovation leader

    Ideal for driving the enterprise adoption of emerging tech and autonomous business capabilities

    Led by IT, which brings the understanding of emerging technology and can link opportunities to business problems

    Driven by a faster pace of change, which requires more frequent assessment of emerging technology

    IT is a fast executor on ideas and uses partnerships to drive execution

    Leverages Agile, machine learning operations (MLOps), DataOps and product design to test and implement ideas

    Use this research to successfully drive innovation with an Exponential IT mindset

    Measure the value of this blueprint

    Transformation efforts fail over 75% of the time[1] resulting in millions of dollars of lost revenue[2]

    Our research indicates that most organizations would take months to prepare this type of assessment without our resources. That's nearly 70 work hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Improve your success rate by understanding what's needed to successfully drive innovation.

    [1] Lombard, 2022
    [2] FutureCIO, 2022

    A photo of Establish a baseline

    A diagram that shows Estimated time commitment without Info-Tech's research (person-hours)

    Establish a baseline

    Gauge the effectiveness of this research by completing the following table before and after using this blueprint:

    A diagram that shows Establish a baseline

    How to use this research

    Five tips to get the most out of your readiness assessment

    1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
    2. Effectiveness levels range from basic (Level 1) to advanced (Level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with Level 1 competencies, focus on those before pursuing higher maturity areas.
    3. This assessment is qualitative. Complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
    4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
    5. Other industry- and region-specific competencies may be required to succeed at exponential innovation. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

    Assess your innovation readiness:

    1. Organizational Excellence

    • Innovation mandate
    • Transformational leadership
    • Culture of innovation
    • Vision & strategy

    Organizational excellence sets the stage for innovation.

    "Innovation distinguishes between a leader and a follower." – Steve Jobs, Apple Founder

    Without strong leadership, innovation efforts are almost certain to fail. Innovation requires buy-in and support, a leader who walks the talk, culture which supports risk taking and allows failure, and a clear and compelling vision. Without these elements in place, transformation efforts are a fifteen times more likely to fail [1] – and waste time and money along the way.

    [1] Lombard, 2022.

    Focus on innovation to deliver business value

    Satisfaction drives IT value, and innovation leadership drives satisfaction with IT

    Strong leadership is critical to the success of innovation. A global survey of 600 business leaders pointed to leadership as the best predictor of innovation success[1] and showed a strong correlation between leadership ability and innovation capabilities.

    Innovation leadership starts with a mandate from the senior leadership team and requires a clearly articulated vision and strategy to deliver the intended benefits to the organization. A survey of 270 business leaders showed that over a third of them struggled with articulating the right strategy or vision, hindering their efforts to innovate.[2]

    45% of business leaders report that cultural issues stifle their innovation efforts, and 55% report unhealthy politics which cause infighting that negatively affects their organization.[2]

    [1] McKinsey, 2008
    [2] Harvard Business Review, 2018

    The importance of leadership

    75% of high IT satisfaction scores are associated with a strong ability to lead innovation.
    Source: Info-Tech Research Group survey, n=305

    Struggling to get a seat at the table?

    It can be challenging to drive innovation efforts without trust and buy-in from senior leadership. Start with small initiatives and build your reputation by consistently delivering on your commitments.

    Leadership starts with a mandate

    Build your innovation leadership with the following capabilities:

    Innovation mandate: There is strong support and trust from the senior leadership team, which gives IT leaders the opportunity to lead innovation despite any temporary failure. IT leaders are well-informed about and have input into business decisions.

    Transformational leadership: IT leaders are influential change agents, not only within their organization but across their industry or community. They inspire others and actively collaborate with external partners, driving change beyond their organization.

    Culture of innovation: Innovative cultures generally demonstrate ten behaviors that are most closely correlated with innovation success: growth mindset, learning-focused, psychological safety, curiosity, trust, willingness to fail, collaboration, diverse perspectives, autonomy, and appropriate risk-taking. These behaviors are embedded in the organization and strongly demonstrated in daily work.

    Vision & strategy: The innovation vision and strategy are continuously refined and adapted to changing market and emerging technology trends. Emerging technology innovation is second nature in the organization, and it becomes a leader in driving change across the industry.

    Additional resources for Organizational Excellence

    Photo of Build your Enterprise Innovation Program

    Build your Enterprise Innovation Program

    Define your innovation mandate
    Articulate your vision and guiding principles
    Build a culture of innovation

    Photo of Manage Your CXO Relations

    Manage Your CXO Relations

    Successfully manage CXO relationships to get a seat at the table and build your mandate to drive innovation

    Photo of CIO

    Become a Transformational CIO

    Build the capabilities to drive transformation as an IT leader in your organization

    Assess your innovation readiness:

    2. Insights & Intelligence

    • Business context
    • Strategic foresight
    • Emerging tech expertise
    • Strategic alignment

    The foundation of innovation is data.

    "Without data you're just another person with an opinion." – Edwards Deming, Statistician

    Having comprehensive and accurate data about the problems you hope to solve is critical to realizing the benefits of innovation. Build your understanding of the business and ability to predict how trends will impact your industry, then stay on top of emerging tech and align solutions with strategic business capabilities.

    Act on strategic indicators

    Build the ability to go from data to intelligence to insights

    Info-Tech data shows that businesses are 93% more likely to be satisfied with IT when their IT teams have a better understanding of the business. Teams need to understand who your organization serves, how it delivers value, and what its goals are.

    When seeking to capitalize on emerging technology opportunities, businesses face an execution challenge. 82% of business leaders report being able to identify leading indicators of change, but less than two thirds of them are confident in their ability to act on those indicators.[1]

    A report by Leadership IQ noted that only 29% of the 21,008 employees surveyed considered their leader's vision consistently well aligned with the organizational vision.[2] Strategic alignment is not just important from a results perspective. It impacts employee motivation: employees with strong leadership alignment are 24% more likely to give their best at work.[2]

    [1] Harvard Business Review, 2018
    [2] Leadership IQ, 2020

    Strategic Foresight Challenges

    82% of business leaders say they can correctly identify leading indicators of change…

    …however, only 58% feel confident in their abilities to act on these indicators.

    Source: Harvard Business Review, 2018

    You must understand the business

    Develop key insights and intelligence with the following capabilities:

    Business context: IT actively participates in the business as a value creator and innovator, proactively disrupting the business and driving the adoption of emerging tech that drives exponential value.

    Strategic foresight: IT not only embraces emerging technologies, but actively drives innovation and disruption through their adoption. IT is adept at using trends to drive exploration and can quickly execute on initiatives.

    Emerging tech expertise: There is an expert-level understanding of emerging technologies including their capabilities, limitations, risks, trends, and potential use cases. IT proactively drives the adoption of emerging technology.

    Strategic alignment: IT proactively uses the business strategy to drive adoption of emerging technology and identify new opportunities. Each initiative has clear metrics and targets which directly impact business targets.

    Additional resources for Intelligence & Insights

    Photo of Tech Trends 2023

    Tech Trends 2023

    Like a chess grandmaster, CIOs must play both sides of the board. Emerging technologies present opportunities to attack, but it's necessary to protect from a volatile board.

    Photo of innovation

    Establish a Foresight Capability

    To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends alongside internal processes.

    Photo of Build a Business-Aligned IT Strategy

    Build a Business-Aligned IT Strategy

    Elicit the business context and identify strategic initiatives that are most important to the organization while building a plan to execute on it.

    Assess your innovation readiness:

    3. Agile Ideation

    • Data-driven decision making
    • Ability to identify opportunities
    • Business engagement
    • Risk management

    IT must use data to drive the ideation process, engaging the business to identify opportunities – all while managing risk.

    "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive."- Robert Kiyosaki, Entrepreneur & Author

    Many Agile concepts are used in the process of innovation, regardless of whether the formal Agile methodology is used. Fast iterations ("fail fast"), lessons learned, and risk management are equally important for ideation as they are for execution. This category evaluates IT's ability to drive the ideation process at the enterprise level.

    Use data to drive agility

    Effectively using data has a threefold impact in the quality of decisions

    A diagram that shows data-driven journey

    Agility is critical for innovation, particularly when adopting emerging technology. AI and other emerging technologies are accelerating the pace of change and driving a necessary increase in how quickly organizations must adapt.

    Data is also critical when building a case for change. A survey of over 1,000 senior business leaders showed that organizations that effectively use data to drive decision making are three times more likely to report significant improvements in the quality of their decisions.[1]

    [1] Harvard Business School Online, 2019

    Start with the business

    The business must be involved in ideation. Develop the skills needed to engage the business and identify challenges and opportunities.

    Engage the business to deliver value

    Build your proficiency in the following ideation capabilities:

    Data-driven decision making: Data is proactively collected from multiple internal and external sources to inform innovation strategies. Continuous monitoring of innovation provides a strong rationale for outcomes and benefits. Data governance, quality, and privacy measures are in place to ensure data quality.

    Ability to identify opportunities: IT actively shapes the future of the organization and the industry by proactively identifying business opportunities for emerging technology and leading the way in their adoption. Experiments and pilots are often industry firsts.

    Business engagement: IT enables the business by engaging at all levels to identify and refine emerging technology opportunities. They effectively communicate benefits and risks in business terms, while understanding business needs and challenges. IT collaborates with the business to establish innovation centers or communities of practice.

    Risk management: There is a proactive and holistic approach to risk management, considering both opportunities and threats associated with emerging technology adoption. IT and the business continually anticipate and monitor emerging risks, evaluate the effectiveness of risk management practices, and adapt them to evolving technology landscapes.

    Additional resources for Agile Ideation

    Photo of Develop Your Agile Approach for a Successful Transformation

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Photo of Build an IT Risk Management Program

    Build an IT Risk Management Program

    Risk is inevitable. Without a formal management program, you may be unaware of your greatest IT risks.

    Reacting to risks after they occur can be costly and devastating, yet this is one of the most common tactics used by IT departments.

    Photo of business innovation

    Kick-Start IT-Led Business Innovation

    Business demand for new technology is intensifying pressure to innovate and executive stakeholders expect more from IT. If IT is not considered a source of innovation, its perceived value decreases, and the threat of shadow IT grows. Don't wait to start finding and capitalizing on opportunities for IT-led innovation.

    Assess your innovation readiness:

    4. Team Capabilities

    • Resourcing & investment
    • Talent & skills
    • Change management
    • Partnerships & ecosystem

    Ensure you have the right resources and skills needed to drive innovation.

    "The best way to predict the future is to invent it." – Alan Kay, Computer Scientist

    Resourcing and skills are critical building blocks for driving innovation, and without a strong understanding of emerging technology and the processes needed to adopt it, organizations will falter at driving change.

    Develop the right resourcing, skills, change management, and partnerships to drive Exponential IT.

    Develop key skills

    Scaled Agile (SAFe): Scaled Agile is a framework for implementing Agile and lean methodologies at the enterprise level or outside of a single team.

    Development operations (DevOps): A methodology for software development which includes practices and tools that support the development lifecycle.

    Data operations (DataOps): A set of tools and processes that support data management within an organization. Typically used when training AI on a specialized data set.

    Analytics: The systematic analysis of information used to discover, interpret, and communicate insights gleaned from patterns in data. Analytics typically generate insights that support data-driven decision making.

    Machine learning operations (MLOps): Tools and processes that support the development of machine learning (ML) models, including AI and large language models (LLM). Can include expertise in computer science, natural language processing (NLP), computer vision, computational algorithms, mathematics, and ML expertise.

    Artificial intelligence operations (AIOps): Leveraging AI to develop autonomous business processes at the enterprise level.

    Mature your emerging technology capabilities

    Agile: Build the methodologies to drive execution
    DevOps: Drive the software development lifecycle
    DataOps: Effectively manage data
    Analytics: Develop insights from data
    MLOps: Develop machine learning tools
    AIOps: Build autonomous business processes

    Manage the building blocks of innovation

    Resourcing & investment: IT manages a well-defined and substantial budget dedicated to innovation, which is integrated into the overall strategic planning and decision-making processes. Investments are made in a holistic and forward-looking manner, considering the long-term implications and potential disruption caused by emerging technologies.

    Talent & skills: Teams exhibit thought leadership and innovate within emerging technologies, including advanced machine learning engineering, MLOps, DataOps, and analytics. Employees actively contribute to the advancement of these technologies, engage in research and development, and explore new applications and use cases.

    Change management: This is a core competency led by change champions and change management professionals. There is a strategic approach to driving and sustaining change, focusing on long-term adoption and continuous improvement. Change management is embedded in the organizational culture, and there is a proactive effort to foster change agility and build change capability at all levels.

    Partnerships & ecosystems: IT builds an orchestrated innovation ecosystem for the adoption of emerging technology. They take a proactive role in orchestrating collaboration among ecosystem partners. The organization acts as a catalyst for innovation, bringing together diverse partners to address complex challenges and drive transformative solutions.

    Additional resources for Team Capabilities

    Photo of Drive Technology Adoption

    Drive Technology Adoption

    The project isn't over if the new product or system isn't being used. How do you ensure that what you've put in place will not be ignored or only partially adopted? People are more complicated than any new system and managing them through change requires careful planning.

    Photo of team discussion

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Not all lessons from scaling Agile to IT are transferable. IT Agile scaling processes are tailored to IT's scope, team, and tools, which may not account for diverse attributes within your organization.

    Photo of Managing Exponential Value Relationships

    Managing Exponential Value Relationships

    Successfully managing outcome-based relationships requires a higher degree of trust than traditional vendor relationships. Building trust comes from sharing risks and rewards between organizations and vendors.

    Assess your innovation readiness:

    5. Innovation Execution

    • Governance
    • Embedded security
    • Infrastructure
    • Ability to execute

    Can you deliver results? Develop the capability to execute on innovative ideas.

    "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." – Simon Sinek, Author, Motivational Speaker

    The foundational elements of innovation significantly overlap with the activities you must do to excel at core IT operations. Build your ability to execute quickly on innovative ideas and build the trust of the enterprise.

    Rapidly execute on innovative ideas

    IT must be able to successfully manage the foundational capabilities of innovation

    The foundational capabilities of innovation are central to many core IT processes: governance, security, supporting infrastructure, and the ability to execute on ideas are all critical to running an effective IT shop.

    IT governance is a critical and embedded practice ensuring information and technology investments, risks, and resources are aligned in the organization's best interests while producing business value. Effective governance ensures that the right technology investments are made at the right time to support and enable your organization's mission, vision, and goals.

    A diagram that shows Info-Tech's IT Governance Framework and Security Framework

    Build foundational capabilities

    The ability to rapidly execute on ideas is fundamental not only to innovation but also running an effective IT organization.

    Develop foundational IT capabilities

    The ability to execute is based on key foundational capabilities, including:

    Governance: Adaptable and automated governance guides effective innovation and supports the adoption of emerging technology. Decision making is flexible and can move quickly to enable the implementation of new technologies. Responsibility and authority are aligned across all levels of the organization.

    Embedded security: Security and privacy controls are embedded in the applications and technologies deployed across the enterprise. Security is built into the organizational culture, with a strong focus on promoting security awareness and fostering a security-first mindset.

    Infrastructure: IT infrastructure is modern, adaptive, and future-proof. Infrastructure should support a range of emerging technology applications, including the flexibility to adapt to future use cases. There is a focus on agility, scalability, flexibility, and interoperability.

    Ability to execute: The IT team drives rapid innovation across the organization and can reliably execute and collaborate with internal and external partners. They are pivotal in driving innovation initiatives that align with the organization's strategic objectives. Agile methodologies and practices are embedded in the culture of the team.

    Additional resources for Innovation Execution

    Photo of Make Your IT Governance Adaptable

    Make Your IT Governance Adaptable

    Produce more value from IT by developing a governance framework optimized for your current needs and context, with the ability to adapt as your needs shift.

    Create the foundation and ability to delegate and empower governance to enable agile delivery.

    Photo of Build an Information Security Strategy

    Build an Information Security Strategy

    Many security leaders struggle to decide how best to prioritize their scarce information security resources.

    The need to move from a reactive security approach toward a strategic planning approach is clear. The path to getting there is less so.

    Photo of Exploit Disruptive Infrastructure Technology

    Exploit Disruptive Infrastructure Technology

    Accurate predicting isn't easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, it's difficult to predict which specific technologies will become disruptive.

    Activity 1: Assess your readiness for exponential innovation

    Input: Core competencies; Knowledge of internal processes and capabilities
    Output: Readiness assessment
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1-3 hours

    1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
    2. As a group, review the core competencies from the following five sections and determine where your organization's effectiveness lies for each competency. Record your responses in the Exponential Innovation Assessment Tool.

    Download the Exponential Innovation Assessment Tool

    Interpret your results

    Understand your readiness and determine the next steps to operationalize exponential innovation.

    Once you have completed the readiness assessment, use Info-Tech's maturity ladder to identify next steps and recommendations.

    It is usually very challenging to lead innovation with a total score less than 50. Lower maturity organizations should focus on maturing the foundational aspects of innovation, such as those in the Innovation Execution and Team Capabilities categories, and core IT processes.

    For higher maturity organizations (those with total scores 50 or higher), first focus on getting all capabilities to a minimum of Level 3, then work on progressing maturity starting with foundational categories and working upwards:

    A diagram that shows innovation readiness

    Determine your readiness

    A diagram that shows Innovation Maturity ladder

    Activity 2: Create an action plan

    Input: Readiness assessment
    Output: Action plan to improve maturity of capabilities
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1 hour

    1. Gather the stakeholders who participated in the readiness assessment exercise.
    2. As a group, review the results of the readiness assessment. Were there any surprises? Do the results reflect your understanding of the organization's maturity?
    3. Determine which areas are likely to limit the organization's innovation capability, based on lowest scoring areas and relative importance to the organization.
    4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
    5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.
    6. Identify additional Info-Tech research that can assist with improving your maturity (see additional resources in this blueprint).

    Author

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.

    Kim holds a Bachelor's degree in Honours Mechatronics Engineering and an option in Management Sciences from University of Waterloo.

    Research Contributors and Experts

    Photo of Jack Hakimian
    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of Technology and Management Consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served many large public sector institutions.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering and an MBA from the ESCP-EAP European School of Management.


    Photo of Mark Tauschek
    Mark Tauschek
    Vice President, Infrastructure & Operations Research
    Info-Tech Research Group

    Mark has hands-on network design and deployment experience across verticals including healthcare, education, manufacturing, retail, and entertainment. He has extensive knowledge in the areas of technology research, process development, vendor selection, and project management. He holds specific expertise in wireless networking and mobile technologies.

    Mark holds an MBA from the Richard Ivey School of Business at the University of Western Ontario and many professional wireless technology certifications.


    Photo of Michael Tweedie
    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor's degree in Architecture from Ryerson University.


    Photo of Donna Bales
    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Donna has a Bachelor's degree in Economics from the University of Western Ontario.


    Photo of Isabelle Hertanto
    Isabelle Hertanto
    Principal Research Director, Security & Privacy
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.


    Photo of Aaron Shum
    Aaron Shum
    Vice President, Security, Privacy, Risk & Compliance
    Info-Tech Research Group

    Aaron Shum is a Vice President in the Security & Privacy Research and Advisory Practice at Info-Tech Research Group. With 25+ years of experience across IT, InfoSec, and Data Privacy, he currently specializes in helping organizations implement comprehensive information security and cybersecurity programs and comply with data privacy regulations such as the European Union's General Data Protection Regulation and the California Privacy Rights Act.


    Photo of Reiaz Somji
    Reiaz Somji
    Managing Director, Consulting
    Info-Tech Research Group

    As a client-focused strategist with strong organizational acumen, Reiaz leverages his 20+ years of management consulting experience to help C-suite executives and managers navigate the integration of changing technology with business goals. He is currently a managing director in Info-Tech's consulting division and leads its Infrastructure practice.


    Photo of Hans Eckman
    Hans Eckman
    Principal Research Director, Applications
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.


    Photo of Irina Sedenko
    Irina Sedenko
    Research Director, Data & Analytics
    Info-Tech Research Group

    Irina brings more than 20 years of information management experience and demonstrated expertise in big data, advanced analytics, machine learning, and AI. Her experience includes designing and implementing enterprise content management systems, defining data and analytics strategy to support business goals and objectives, creating data governance to enable data initiatives, and providing guidance to the client teams. She led teams through data lake implementation to enable advanced analytics capabilities and has hands-on data science and machine learning experience.

    Research Contributors

    Photo of Bill Macgowan
    Bill Macgowan
    Director, Smart Building Digitization
    Cisco


    Photo of Barry Wiech
    Barry Wiech
    Chief Digital and Information Officer
    Sime Darby Industrial


    Photo of Tim Dunn
    Tim Dunn
    Chief Information Officer
    Department of Energy & Public Works (Queensland)


    Photo of Sudip Ghosh
    Sudip Ghosh
    Group Manager, Office of the CIO
    Star Entertainment Group



    Samantha Rose
    Contract Manager
    Department of Energy & Public Works (Queensland)

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies." Harvard Business Review. 19 Nov. 2013. Accessed 15 June 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies

    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever." McKinsey & Company, 17 June 2020. Accessed 15 June 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever

    Barsh, Joanna et al. "Leadership and Innovation." McKinsey Quarterly, 1 Jan 2008. Accessed 7 July 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/leadership-and-innovation

    Borealis AI. "RBC Wins Best Use of AI for Customer Experience for NOMI Forecast." Borealis AI Blog, 28 Apr 2023. Accessed 13 June 2023. https://www.borealisai.com/news/rbc-wins-best-use-of-ai-for-customer-experience-for-nomi-forecast/

    Boston Consulting Group, "Most Innovative Companies 2022." BGC, 15 Sept. 2022. Accessed 15 June 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth

    BrainyQuote. "Innovation Quotes." Accessed 19 June 2023. https://www.brainyquote.com/topics/innovation-quotes

    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.

    Cleroux, Pierre. The "I" Word. BDC. Accessed 1 Aug 2023. https://www.bdc.ca/en/articles-tools/blog/innovation-no-1-factor-business-success

    FutureCIO Editors. "Failed transformation can result in US$6 million in lost revenue." FutureCIO, 29 Apr 2022. Accessed 10 Jul 2023. https://futurecio.tech/failed-transformation-can-result-in-us6-million-in-lost-revenue/

    Goodreads. "W. Edwards Deming Quotes." Accessed 19 June 2023. https://www.goodreads.com/quotes/7327935-without-data-you-re-just-another-person-with-an-opinion

    Haefner, Naomi et al. "Artificial intelligence and innovation management: A review, framework, and research agenda." Technological Forecasting and Social Change, Volume 162, 2021. Accessed 15 June 2023. https://www.sciencedirect.com/science/article/pii/S004016252031218X

    IBM. "The new AI innovation equation." IBM Website. 13 Oct 2016. Accessed 15 June 2023. https://www.ibm.com/watson/advantage-reports/future-of-artificial-intelligence/ai-innovation-equation.html

    Isomaki, Atte. "60+ Innovation Quotes and What They Can Teach You." Viima, 19 Mar 2019. Accessed 6 July 2023. https://www.viima.com/blog/innovation-quotes

    Kay, Alan. "The best way to predict the future is to invent it." Quote Park, 3 June 2021. Accessed 15 June 2023. https://quotepark.com/quotes/1893243-alan-kay-the-best-way-to-predict-the-future-is-to-invent-it/

    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies." Harvard Business Review, 30 July 2018. Accessed 15 June 2023. https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies

    Kiyosaki, Robert. "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive." AZ Quotes, 11 Dec. 2013. Accessed 15 June 2023.

    Leadership IQ. "The State Of Leadership Development." Leadership IQ, 2020. Accessed 6 July 2023. https://www.leadershipiq.com/blogs/leadershipiq/leadership-development-state

    Lombard, Charl. "Defining Digital: A New Approach to Digital Transformation." Info-Tech LIVE Conference, 2022. https://tymansgrpup.com/videos/defining-digital-a-new-approach-to-digital-transformation

    Murphy, Mark. "A Shocking Number Of Leaders Are Not Aligned With Their Companies' Visions." Forbes, 28 Aug 2020. Accessed 6 Jul 2023. https://www.forbes.com/sites/markmurphy/2020/08/28/a-shocking-number-of-leaders-are-not-aligned-with-their-companies-visions

    Seymour, Harriet et al. "How to unlock a scientific approach to change management with powerful data insights." IBM, 11 Jan 2023. Accessed 6 July 2023. https://www.ibm.com/blog/how-to-unlock-a-scientific-approach-to-change-management-with-powerful-data-insights/

    Sinek, Simon. "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." Praxie, n.d. https://praxie.com/top-innovation-quotes/

    Stobierski, Tim. "The Advantages of Data-Driven Decision-Making." Harvard Business School Online, 26 Aug 2019. Accessed 6 July 2023. https://online.hbs.edu/blog/post/data-driven-decision-making

    Torres, Roberto. "How tech leaders can earn C-suite trust." CIO Dive, 1 Jul 2022. Accessed 7 Jul 2023. https://www.ciodive.com/news/C-suite-trust-CIO-executives/626476/

    Tushman, Michael et al. "Change Management Is Becoming Increasingly Data-Driven. Companies Aren't Ready." Harvard Business Review, 23 Oct 2017. Accessed 6 Jul 2023. https://hbr.org/2017/10/change-management-is-becoming-increasingly-data-driven-companies-arent-ready

    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.

    Modernize Communications and Collaboration Infrastructure

    • Buy Link or Shortcode: {j2store}306|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $68,332 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management
    • Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users.
    • Old communications technology, including legacy telephony systems, disjointed messaging and communication or collaboration mediums, and unintuitive video conferencing, deteriorates the ability of users to work together in a productive manner.
    • You need a solution that meets budgetary requirements and improves internal and external communication, productivity, and the ability to work together.

    Our Advice

    Critical Insight

    • Project scope and assessment will take more time than you initially anticipate. Poorly defined technical requirements can result in failure to meet the needs of the business. Defining project scope and assessing the existing solution is 60% of project time. Being thorough here will make the difference moving forward.
    • Even when the project is about modernizing technology, it’s not really about the technology. The requirements of your people and the processes you want to maintain or reform should be the influential factors in your decisions on technology.
    • Gaining business buy-in can be difficult for projects that the business doesn’t equate with directly driving revenue. Ensure your IT team communicates with the business throughout the process and establishes business requirements. Framing conversations in a “business first, IT second” way is crucial to speaking in a language the business will understand.

    Impact and Result

    • Define a comprehensive set of requirements (across people, process, and technology) at the start of the project. Communication solutions are long-term commitments and mistakes in planning will be amplified during implementation.
    • Analyze the pros and cons of each deployment option and identify a communications solution that balances your budget and communications objectives and requirements.
    • Create an effective RFP by outlining your specific business and technical needs and goals.
    • Make the case for your communications infrastructure modernization project and be prepared to support it.

    Modernize Communications and Collaboration Infrastructure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your communications and collaboration infrastructure, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess communications infrastructure

    Evaluate the infrastructure requirements and the ability to undergo modernization from legacy technology.

    • Modernize Communications and Collaboration Infrastructure – Phase 1: Assess Communications Infrastructure
    • Communications Infrastructure Roadmap Tool
    • Team Skills Inventory Tool
    • MACD Workflow Mapping Template - Visio
    • MACD Workflow Mapping Template - PDF

    2. Define the target state

    Build and document a formal set of business requirements using Info-Tech's pre-populated template after identifying stakeholders, aligning business and user needs, and evaluating deployment options.

    • Modernize Communications and Collaboration Infrastructure – Phase 2: Define the Target State
    • Stakeholder Engagement Workbook
    • Communications Infrastructure Stakeholder Focus Group Guide
    • IP Telephony and UC End-User Survey Questions
    • Enterprise Communication and Collaboration System Business Requirements Document
    • Communications TCO-ROI Comparison Calculator

    3. Advance the project

    Draft an RFP for a UC solution and gain project approval using Info-Tech’s executive presentation deck.

    • Modernize Communications and Collaboration Infrastructure – Phase 3: Advance the Project
    • Unified Communications Solution RFP Template
    • Modernize Communications Infrastructure Executive Presentation
    [infographic]

    Workshop: Modernize Communications and Collaboration Infrastructure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Communications Infrastructure

    The Purpose

    Identify pain points.

    Build a skills inventory.

    Define and rationalize template configuration needs.

    Define standard service requests and map workflow.

    Discuss/examine site type(s) and existing technology.

    Determine network state and readiness.

    Key Benefits Achieved

    IT skills & process understanding.

    Documentation reflecting communications infrastructure.

    Reviewed network readiness.

    Completed current state analysis.

    Activities

    1.1 Build a skills inventory.

    1.2 Document move, add, change, delete (MACD) processes.

    1.3 List relevant communications and collaboration technologies.

    1.4 Review network readiness checklist.

    Outputs

    Clearly documented understanding of available skills

    Documented process maps

    Complete list of relevant communications and collaboration technologies

    Completed readiness checklist

    2 Learn and Evaluate Options to Define the Future

    The Purpose

    Hold focus group meeting.

    Define business needs and goals.

    Define solution options.

    Evaluate options.

    Discuss business value and readiness for each option.

    Key Benefits Achieved

    Completed value and readiness assessment.

    Current targets for service and deployment models.

    Activities

    2.1 Conduct internal focus group.

    2.2 Align business needs and goals.

    2.3 Evaluate deployment options.

    Outputs

    Understanding of user needs, wants, and satisfaction with current solution

    Assessment of business needs and goals

    Understanding of potential future-state solution options

    3 Identify and Close the Gaps

    The Purpose

    Identify gaps.

    Examine and evaluate ways to remedy gaps.

    Determine specific business requirements and introduce draft of business requirements document.

    Key Benefits Achieved

    Completed description of future state.

    Identification of gaps.

    Identification of key business requirements.

    Activities

    3.1 Identify gaps and brainstorm gap remedies.

    3.2 Complete business requirements document.

    Outputs

    Well-defined gaps and remedies

    List of specific business requirements

    4 Build the Roadmap

    The Purpose

    Introduce Unified Communications Solution RFP Template.

    Develop statement of work (SOW).

    Document technical requirements.

    Complete cost-benefit analysis.

    Key Benefits Achieved

    Unified Communications RFP.

    Documented technical requirements.

    Activities

    4.1 Draft RFP (SOW, tech requirements, etc.).

    4.2 Conduct cost-benefit analysis.

    Outputs

    Ready to release RFP

    Completed cost-benefit analysis

    Modernize Your Corporate Website to Drive Business Value

    • Buy Link or Shortcode: {j2store}524|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
    • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

    Our Advice

    Critical Insight

    Complication

    • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
    • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

    Insights

    • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
    • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

    Impact and Result

    • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
    • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
    • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

    Modernize Your Corporate Website to Drive Business Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define UX requirements

    Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

    • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
    • Website Design Document Template

    2. Design UX-driven website

    Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

    • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
    [infographic]

    Workshop: Modernize Your Corporate Website to Drive Business Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your UX Requirements

    The Purpose

    List the business objectives of your website.

    Describe your user personas, use cases, and user workflow.

    Identify current UX issues through simulations, website design, and system reviews.

    Key Benefits Achieved

    Strong understanding of the business goals of your website.

    Knowledge of the behaviors and needs of your website’s users.

    Realization of the root causes behind the UX issues of your website.

    Activities

    1.1 Define the business objectives for the website you want to optimize

    1.2 Define your end-user personas and map them to use cases

    1.3 Build your website user workflow

    1.4 Conduct a SWOT analysis of your website to drive out UX issues

    1.5 Gauge the UX competencies of your web development team

    1.6 Simulate your user workflow to identify the steps driving down UX

    1.7 Assess the composition and construction of your website

    1.8 Understand the execution of your website with a system architecture

    1.9 Pinpoint the technical reason behind your UX issues

    1.10 Clarify and prioritize your UX issues

    Outputs

    Business objectives

    End-user personas and use cases

    User workflows

    Website SWOT analysis

    UX competency assessment

    User workflow simulation

    Website design assessment

    Current state of web system architecture

    Gap analysis of web system architecture

    Prioritized UX issues

    2 Design Your UX-Driven Website

    The Purpose

    Design wireframes and storyboards to be aligned to high priority use cases.

    Design a web system architecture that can sufficiently support the website.

    Identify UX metrics to gauge the success of the website.

    Establish a website design process flow.

    Key Benefits Achieved

    Implementation of key design elements and website functions that users will find stimulating and valuable.

    Optimized web system architecture to better support the website.

    Website design process aligned to your current context.

    Rollout plan for your UX optimization initiatives.

    Activities

    2.1 Define the roles of your UX development team

    2.2 Build your wireframes and user storyboards

    2.3 Design the target state of your web environment

    2.4 List your UX metrics

    2.5 Draw your website design process flow

    2.6 Define your UX optimization roadmap

    2.7 Identify and engage your stakeholders

    Outputs

    Roles of UX development team

    Wireframes and user storyboards

    Target state of web system architecture

    List of UX metrics

    List of your suppliers, inputs, processes, outputs, and customers

    Website design process flow

    UX optimization rollout roadmap

    Build an ERP Strategy and Roadmap

    • Buy Link or Shortcode: {j2store}585|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $76,462 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Enterprise Resource Planning
    • Parent Category Link: /enterprise-resource-planning
    • Organizations often do not know where to start with an ERP project.
    • They focus on tactically selecting and implementing the technology.
    • ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Our Advice

    Critical Insight

    • An ERP strategy is an ongoing communication tool for the business.
    • Accountability for ERP success is shared between IT and the business.
    • An actionable roadmap provides a clear path to benefits realization.

    Impact and Result

    • Align the ERP strategy and roadmap with business priorities, securing buy-in from the business for the program.
    • Identification of gaps, needs, and opportunities in relation to business processes; ensuring the most critical areas are addressed.
    • Assess alternatives for the critical path(s) most relevant to your organization’s direction.

    Build an ERP Strategy and Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an ERP Strategy and Roadmap – A comprehensive guide to align business and IT on what the organization needs from their ERP.

    A business-led, top-management-supported initiative partnered with IT has the greatest chance of success.

  • Aligning and prioritizing key business and technology drivers.
  • Clearly defining what is in and out of scope for the project.
  • Getting a clear picture of how the business process and underlying applications support the business strategic priorities.
  • Pulling it all together into an actionable roadmap.
    • Build an ERP Strategy and Roadmap – Phases 1-4
    • ERP Strategy Report Template
    [infographic]

    Workshop: Build an ERP Strategy and Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Introduction to ERP

    The Purpose

    To build understanding and alignment between business and IT on what an ERP is and the goals for the project

    Key Benefits Achieved

    Clear understanding of how the ERP supports the organizational goals

    What business processes the ERP will be supporting

    An initial understanding of the effort involved

    Activities

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Outputs

    ERP strategy model

    ERP Operating model

    2 Build the ERP operation model

    The Purpose

    Generate an understanding of the business processes, challenges, and application portfolio currently supporting the organization.

    Key Benefits Achieved

    An understanding of the application portfolio supporting the business

    Detailed understanding of the business operating processes and pain points

    Activities

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Outputs

    Application portfolio

    Mega-processes with level 1 process lists

    3 Project set up

    The Purpose

    A project of this size has multiple stakeholders and may have competing priorities. This section maps those stakeholders and identifies their possible conflicting priorities.

    Key Benefits Achieved

    A prioritized list of ERP mega-processes based on process rigor and strategic importance

    An understanding of stakeholders and competing priorities

    Initial compilation of the risks the organization will face with the project to begin early mitigation

    Activities

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    Outputs

    Prioritized ERP operating model

    Stakeholder map.

    Competing priorities list.

    Initial risk register.

    4 Roadmap and presentation review

    The Purpose

    Select a future state and build the initial roadmap to set expectations and accountabilities.

    Key Benefits Achieved

    Identification of the future state

    Initial roadmap with expectations on accountability and timelines

    Activities

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Outputs

    Future state options

    Initiative roadmap

    Draft final deliverable

    Further reading

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    Table of Contents

    Analyst Perspective

    Phase 3: Plan Your Project

    Executive Summary

    Step 3.1: Stakeholders, risk, and value

    Phase 1: Build Alignment and Scope

    Step 3.2: Project set up

    Step 1.1: Aligning Business and IT

    Phase 4: Next Steps

    Step 1.2: Scope and Priorities

    Step 4.1: Build your roadmap

    Phase 2: Define Your ERP

    Step 4.2: Wrap up and present

    Step 2.1: ERP business model

    Summary of Accomplishment

    Step 2.2: ERP processes and supporting applications

    Research Contributors

    Step 2.3: Process pains, opportunities, and maturity

    Related Info-Tech Research

    Bibliography

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    EXECUTIVE BRIEF

    Analyst Perspective

    A foundational ERP strategy is critical to decision making.

    Photo of Robert Fayle, Research Director, Enterprise Applications, Info-Tech Research Group.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business

    ERP systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the ERP system.

    Robert Fayle
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations often do not know where to start with an ERP project. They focus on tactically selecting and implementing the technology but ignore the strategic foundation that sets the ERP system up for success. ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Common Obstacles

    ERP projects impact the entire organization – they are not limited to just financial and operating metrics. The disruption is felt during both implementation and in the production environment.

    Missteps early on can cost time, financial resources, and careers. Roughly 55% of ERP projects reported being over budget, and two-thirds of organizations implementing ERP realized less than half of their anticipated benefits.

    Info-Tech’s Approach

    Obtain organizational buy-in and secure top management support. Set clear expectations, guiding principles, and critical success factors.

    Build an ERP operating model/business model that identifies process boundaries, scope, and prioritizes requirements. Assess stakeholder involvement, change impact, risks, and opportunities.

    Understand the alternatives your organization can choose for the future state of ERP. Develop an actionable roadmap and meaningful KPIs that directly align with your strategic goals.

    Info-Tech Insight

    Accountability for ERP success is shared between IT and the business. There is no single owner of an ERP. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.

    Insight summary

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    A measured and strategic approach to change will help mitigate many of the risks associated with ERP projects, which will avoid the chances of these changes becoming the dreaded “career killers.”

    A business led, top management supported initiative partnered with IT has the greatest chance of success.

    • A properly scoped ERP project reduces churn and provides all parts of the business with clarity.
    • This blueprint provides the business and IT the methodology to get the right level of detail for the business processes that the ERP supports so you can avoid getting lost in the details.
    • Build a successful ERP Strategy and roadmap by:
      • Aligning and prioritizing key business and technology drivers.
      • Clearly defining what is in and out of scope for the project.
      • Providing a clear picture of how the business process and underlying applications support the business strategic priorities.
      • Pulling it all together into an actionable roadmap.

    Enterprise Resource Planning (ERP)

    What is ERP?

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    A diagram visualizing the many aspects of ERP and the categories they fall under. Highlighted as 'Supply Chain Management' are 'Supply Chain: Procure to Pay' and 'Distribution: Forecast to Delivery'. Highlighted as 'Customer Relationship Management' are 'Sales: Quote to Cash', 'CRM: Market to Order', and 'Customer Service: Issue to Resolution'.

    ERP use cases:

    • Product-Centric
      Suitable for organizations that manufacture, assemble, distribute, or manage material goods.
    • Service-Centric
      Suitable for organizations that provide and manage field services and/or professional services.

    ERP by the numbers

    50-70%
    Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70%. Taking the low end of those analyst reports, one in two ERP projects is considered a failure. (Source: Saxena and Mcdonagh)

    85%
    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin. (Source: Gallup)

    40%
    Nearly 40% of companies said functionality was the key driver for the adoption of a new ERP. (Source: Gheorghiu)

    ERP dissatisfaction

    Drivers of Dissatisfaction
    Business
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    Data
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    People and teams
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    Technology
    • Systems integration
    • Multi-channel complexity
    • Capability shortfall
    • Lack of product support

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Info-Tech’s methodology for developing a foundational ERP strategy and roadmap

    1. Build alignment and scope 2. Define your ERP 3. Plan your project 4. Next Steps
    Phase Steps
    1. Aligning business and IT
    2. Scope and priorities
    1. ERP Business Model
    2. ERP processes and supporting applications
    3. Process pains, opportunities & maturity
    1. Stakeholders, risk & value
    2. Project set up
    1. Build your roadmap
    2. Wrap up and present
    Phase Outcomes Discuss organizational goals and how to advance those using the ERP system. Establish the scope of the project and ensure that business and IT are aligned on project priorities. Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes. Generate a list of applications that support the identified processes. Conclude with a complete view of the mega-processes and their sub-processes. Map out your stakeholders to evaluate their impact on the project, build an initial risk register and discuss group alignment. Conclude the phase by setting the initial core project team and their accountabilities to the project. Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution. Build a communication plan as part of organizational change management, which includes the stakeholder presentation.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample of the Key Deliverable 'ERP Strategy Report'.

    ERP Strategy Report

    Complete an assessment of processes, prioritization, and pain points, and create an initiative roadmap.

    Samples of blueprint deliverables related to 'ERP Strategy Report'.

    ERP Business Model
    Align your business and technology goals and objectives in the current environment.
    Sample of the 'ERP Business Model' blueprint deliverable.
    ERP Operating Model
    Identify and prioritize your ERP top-level processes.
    Sample of the 'ERP Operating Model' blueprint deliverable.
    ERP Process Prioritization
    Assess ERP processes against the axes of rigor and strategic importance.
    Sample of the 'ERP Process Prioritization' blueprint deliverable.
    ERP Strategy Roadmap
    A data-driven roadmap of how to address the ERP pain points and opportunities.
    Sample of the 'ERP Strategy Roadmap' blueprint deliverable.

    Executive Brief Case Study

    INDUSTRY: Aerospace
    SOURCE: Panorama, 2021

    Aerospace organization assesses ERP future state from opportunities, needs, and pain points

    Challenge

    Several issues plagued the aerospace and defense organization. Many of the processes were ad hoc and did not use the system in place, often relying on Excel. The organization had a very large pain point stemming from its lack of business process standardization and oversight. The biggest gap, however, was from the under-utilization of the ERP software.

    Solution

    By assessing the usage of the system by employees and identifying key workarounds, the gaps quickly became apparent. After assessing the organization’s current state and generating recommendations from the gaps, it realized the steps needed to achieve its desired future state. The analysis of the pain points generated various needs and opportunities that allowed the organization to present and discuss its key findings with executive leadership to set milestones for the project.

    Results

    The overall assessment led the organization to the conclusion that in order to achieve its desired future state and maximize ROI from its ERP, the organization must address the internal issues prior to implementing the upgraded software.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Phase 1

    • Call #1: Scoping call to understand the current situation.
    • Call #2: Establish business & IT alignment and project scope.

    Phase 2

    • Call #3: Discuss the ERP Strategy business model and mega-processes.
    • Call #4: Begin the drill down on the level 1 processes.

    Phase 3

    • Call #5: Establish the stakeholder map and project risks.
    • Call #6: Discuss project setup including stakeholder commitment and accountability.

    Phase 4

    • Call #7: Discuss resolution paths and build initial roadmap.
    • Call #8: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Introduction to ERP

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Build the ERP operating model

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Project set up

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    3.5 Workshop retrospective

    Roadmap and presentation review

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Next Steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. ERP strategy model
    2. ERP operating model
    1. Application portfolio
    2. Mega-processes with level 1 process lists
    1. Prioritized ERP operating model
    2. Stakeholder map
    3. Competing priorities list
    4. Initial risk register
    1. Future state options
    2. Initiative roadmap
    3. Draft final deliverable
    1. Completed ERP strategy template
    2. ERP strategy roadmap

    Build an ERP Strategy and Roadmap

    Phase 1

    Build alignment and scope

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    Build a common language to ensure clear understanding of the organizational needs. Define a vision and guiding principles to aid in decision making and enumerate how the ERP supports achievement of the organizational goals. Define the initial scope of the ERP project. This includes the discussion of what is not in scope.

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Create a compelling case that addresses strategic business objectives

    When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.

    When faced with a challenge, prepare for the WHY.

    • Why do we need this?
    • Why are we spending all this money?
    • Why are we bothering?
    • Why is this important?
    • Why did we do it this way?
    • Why did we choose this vendor?

    Most organizations can answer “What?”
    Some organizations can answer “How?”
    Very few organizations have an answer for “Why?”

    Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.

    Step 1.1

    Aligning business and IT

    Activities
    • 1.1.1 Build a glossary
    • 1.1.2 ERP Vision and guiding principles
    • 1.1.3 Corporate goals and ERP benefits

    This step will walk you through the following activities:

    • Building a common language to ensure a clear understanding of the organization’s needs.
    • Creating a definition of your vision and identifying the guiding principles to aid in decision making.
    • Defining how the ERP supports achievement of the organizational goals.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    Business and IT have a shared understanding of how the ERP supports the organizational goals.

    Are we all talking about the same thing?

    Every group has their own understanding of the ERP system, and they may use the same words to describe different things. For example, is there a difference between procurement of office supplies and procurement of parts to assemble an item for sale? And if they are different, do your terms differ (e.g., procurement versus purchasing)?

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Activity 1.1.1 Build a glossary

    1 hour
    1. As a group, discuss the organization’s functional areas, business capabilities, value streams, and business processes.
    2. Ask each of the participants if there are terms or “jargon” that they hear used that they may be unclear on or know that others may not be aware of. Record these items in the table along with a description.
      • Acronyms are particularly important to document. These are often bandied about without explanation. For example, people outside of finance may not understand that FP&A is short for Financial Planning and Analysis.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Glossary'.

    Download the ERP Strategy Report Template

    Activity 1.1.1 Working slide

    Example/working slide for your glossary. Consider this a living document and keep it up to date.

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Vision and Guiding Principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES

    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of best industry practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    1 hour

    1. As a group, discuss whether you want to create a separate ERP vision statement or re-state your corporate vision and/or goals.
      • An ERP vision statement will provide project-guiding principles, encompass the ERP objectives, and give a rationale for the project.
      • Using the corporate vision/goals will remind the business and IT that the project is to find an ERP solution that supports and enhances the organizational objectives.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we used internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Guiding Principles.

    Download the ERP Strategy Report Template

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real time data-driven decisions, increased employee productivity, and IT investment protection.

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Utilize ERP best practices: Do not recreate or replicate what we have today, focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unify data model and integrate processes where possible. Assess integration needs carefully.

    Align the ERP strategy with the corporate strategy

    Corporate Strategy Unified Strategy ERP Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.
    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    Info-Tech Insight

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.

    1.1.3 – Corporate goals and ERP benefits

    1-2 hours

    1. Discuss the business objectives. Identify two or three objectives that are a priority for this year.
    2. Produce several ways a new ERP system will meet each objective.
    3. Think about the modules and ERP functions that will help you realize these benefits.

    Cost Reduction

    • Decrease Total Cost: Reduce total costs by five percent by January 2022.
    • Decrease Specific Costs: Reduce costs of “x” business unit by ten percent by Jan. next year.

    ERP Benefits

    • Reduce headcount
    • Reallocate workers
    • Reduce overtime
    • Increased compliance
    • Streamlined audit process
    • Less rework due to decrease in errors

    Download the ERP Strategy Report Template

    Activity 1.1.3 – Corporate goals and ERP benefits

    Corporate Strategy ERP Benefits
    End customer visibility (consumer experience)
    • Help OEM’s target customers
    • Keep customer information up-to-date, including contact choices
    • [Product A] process support improvements
    • Ability to survey and track responses
    • Track and improve renewals
    • Service support – improve cycle times for claims, payment processing, and submission quality
    Social responsibility
    • Reduce paper internally and externally
    • Facilitating tracking and reporting of EFT
    • One location for all documents
    New business development
    • Track all contacts
    • Measure where in process the contact is
    • Measure impact of promotions
    Employee experience
    • Improve integration of systems reducing manual processes through automation
    • Better tracking of sales for employee comp
    • Ability to survey employees

    Step 1.2

    Scope and priorities

    Activities
    • 1.2.1 Project scope
    • 1.2.2 Competing priorities

    This step will walk you through the following activities:

    • Define the initial scope of the ERP project. This includes the discussion of what is not in scope. For example, a stand-alone warehouse management system may be out of scope while an existing HRMS could be in scope.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    A project scope statement and a prioritized list of projects that may compete for organizational resources.

    Understand the importance of setting expectations with a scope statement

    Be sure to understand what is in scope for an ERP strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling MMS or BI under ERP.

    A diamond shape with three layers. Inside is 'In Scope', middle is 'Scope Creep', and outside is 'Out of Scope'.

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of ERP will be based on the scope statement.

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. HRIS, CRM, PLM etc.) rather than granular requirements that would lead to vendor application selection (e.g. SAP, Microsoft, Oracle, etc.).

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration.

    In Scope Out of Scope
    Strategy High-level ERP requirements, strategic direction
    Software selection Vendor application selection, Granular system requirements

    Activity 1.2.1 – Define scope

    1 hour

    1. Formulate a scope statement. Decide which people, processes, and functions the ERP strategy will address. Generally, the aim of this project is to develop strategic requirements for the ERP application portfolio – not to select individual vendors.
    2. To assist in forming your scope statement, answer the following questions:
      • What are the major coverage points?
      • Who will be using the systems?
      • How will different users interact with the systems?
      • What are the objectives that need to be addressed?
      • Where do we start?
      • Where do we draw the line?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Scope Statements'.

    Download the ERP Strategy Report Template

    Activity 1.2.1 – Define scope

    Scope statements

    The following systems are considered in scope for this project:

    • Finance
    • HRMS
    • CRM
    • Supply chain

    The following systems are out of scope for this project:

    • PLM – product lifecycle management
    • Project management
    • Contract management

    The following systems are in scope, in that they must integrate into the new system. They will not change.

    • Payroll processing
    • Bank accounts
    • EDI software

    Know your competing priorities

    Organizations typically have multiple projects on the table or in flight. Each of those projects requires resources and attention from business and/or the IT organization.

    Don’t let poor prioritization hurt your ERP implementation.
    BNP Paribas Fortis had multiple projects that were poorly prioritized resulting in the time to bring products to market to double over a three-year period. (Source: Neito-Rodriguez, 2016)

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023

    Activity 1.2.2 – Competing priorities

    1 hour

    1. As a group, discuss the projects that are currently in flight as well as any known projects including such things as territory expansion or new regulation compliance.
    2. For each project discuss and record the following items:
      • The project timeline. When does it start and how long is it expected to run?
      • How important is this project to the organization? A lot of high priority projects are going to require more attention from the staff involved.
      • What are the implications of this project?
        • What staff will be impacted? What business users will be impacted, and what is the IT involvement?
        • To what extent will the overall organization be impacted? Is it localized to a location or is it organization wide?
        • Can the project be deferred?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Priorities'.

    Download the ERP Strategy Report Template

    Activity 1.2.2 – Competing priorities

    List all your known projects both current and proposed. Discuss the prioritization of those projects, whether they are more or less important than your ERP project.

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023 Medium
    Point of Sale replacement Oct 2021– Mar 2022 Medium
    ERP utilization and training on unused systems Friday, Sept 17 Medium Could impact multiple staff
    Managed Security Service RFP This calendar year Medium
    Mental Health Dashboard In research phase Low

    Build an ERP Strategy and Roadmap

    Phase 2

    Define your ERP

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes
    • Generate a list of applications that support the identified processes
    • Assign stakeholders, discuss pain points, opportunities, and key success indicators
    • Assign process and technology maturity to each stakeholder

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Step 2.1

    ERP business model

    Activities
    • 2.1.1 Environmental factors, technology drivers, and business needs
    • 2.1.2 Challenges, pain points, enablers, and organizational goals

    This step will walk you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discuss the ERP benefits and opportunities

    This step involves the following participants:

    • ERP implementation team
    • Business stakeholders

    Outcomes of this step

    • ERP business model

    Explore environmental factors and technology drivers

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements
    The ERP Business Model with 'Business Needs', 'Environmental Factors', and 'Technology Drivers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    External Considerations
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    Organizational Drivers
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
      • Use of data in the system (no exports)
    Technology Considerations
    • Data accuracy
    • Data quality
    • Better reporting
    Functional Requirements
    • Information availability
    • Integration between systems
    • Secure data

    Activity 2.1.1 – Explore environmental factors and technology drivers

    1 hour

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Environmental Factors', 'Technology Drivers', and 'Business Needs'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Environmental FactorsTechnology DriversBusiness Needs
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    • Document storage
    • Cloud security standards
    • Functionality based on deployment
    • Cloud-first based on above
    • Integration with external data suppliers
    • Integration with internal systems (Elite?)
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
    • Use of data in the system (no exports)
    • CapEx vs. OpEx

    Discuss challenges, pain points, enablers and organizational goals

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard and marker to capture key findings.
    3. Consider organizational goals along with barriers and enablers to ERP success.
    The ERP Business Model with 'Organizational Goals', 'Enablers', and 'Barriers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    Functional Gaps
    • No online purchase order requisition
    Technical Gaps
    • Inconsistent reporting – data quality concerns
    Process Gaps
    • Duplication of data
    • Lack of system integration
    Barriers to Success
    • Cultural mindset
    • Resistance to change
    Business Benefits
    • Business-IT alignment
    IT Benefits
    • Compliance
    • Scalability
    Organizational Benefits
    • Data accuracy
    • Data quality
    Enablers of Success
    • Change management
    • Alignment to strategic objectives

    Activity 2.1.2 – Discuss challenges, pain points, enablers, and organizational goals

    1 hour

    1. Identify challenges with the current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard or flip chart and markers to capture key findings.
    3. Consider functional gaps, technical gaps, process gaps, and barriers to ERP success.
    4. Identify the opportunities and benefits from an integrated system.
    5. Brainstorm potential enablers for successful ERP selection and implementation. Use a whiteboard and markers to capture key findings.
    6. Consider business benefits, IT benefits, organizational benefits, and enablers of success.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Organizational Goals', 'Enablers', and 'Barriers'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Organizational Goals Enablers Barriers
    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    Step 2.2

    ERP processes and supporting applications

    Activities
    • 2.2.1 ERP process inventory
    • 2.2.2 Application portfolio

    This step will walk you through the following activities:

    • Identify the top-level (mega) processes and create an initial list of the sub-processes
    • Generate a list of applications that support the identified processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A list of in scope business processes
    • A list of current applications and services supporting the business processes

    Process Inventory

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation rather than how.

    Business capabilities:

    • Represent stable business functions
    • Are unique and independent of each other
    • Will typically have a defined business outcome

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    A process map titled 'Business capability map (Level 0)' with many processes sectioned off into sections and subsections. The top-left section is 'Products and Services Development' with subsections 'Design'(6 processes) and 'Manufacturing'(3 processes). The top-middle section is 'Revenue Generation'(3 processes) and below that is 'Sourcing'(2 processes). The top-right section is 'Demand Fulfillment'(9 processes). Along the bottom is the section 'Enterprise Management and Planning' with subsections 'Human Resources'(4 processes), 'Business Direction'(4 processes), and 'Finance'(4 processes).

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Activity 2.2.1 – Process inventory

    2-4 hours

    1. As a group, discuss the business capabilities, value streams, and business processes.
    2. For each capability determine the following:
      • Is this capability applicable to our organization?
      • What application, if any, supports this capability?
    3. Are there any missing capabilities to add?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Process Inventory' table on the next slide.

    Download the ERP Strategy Report Template

    Activity 2.2.1 – Process inventory

    Core Finance Core HR Workforce Management Talent Management Warehouse Management Enterprise Asset Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • General ledger
    • Accounts payable
    • Accounts receivable
    • GL consolidation
    • Cash management
    • Billing and invoicing
    • Expenses
    • Payroll accounting
    • Tax management
    • Reporting
    • Payroll administration
    • Benefits administration
    • Position management
    • Organizational structure
    • Core HR records
    • Time and attendance
    • Leave management
    • Scheduling
    • Performance management
    • Talent acquisition
    • Offboarding & onboarding
    • Plan layout
    • Manage inventory
    • Manage loading docks
    • Pick, pack, ship
    • Plan and manage workforce
    • Manage returns
    • Transfer product cross-dock
    • Asset lifecycle management
    • Supply chain management
    • Maintenance planning & scheduling
    Planning & Budgeting Strategic HR Procurement Customer Relationship Management Facilities Management Project Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • Budget reporting
    • Variance analysis
    • Multi-year operating plan
    • Monthly forecasting
    • Annual operating plan
    • Compensation planning
    • Workforce planning
    • Succession planning
    • Supplier management
    • Purchase order management
    • Workflow approvals
    • Contract / tender management
    • Contact management
    • Activity management
    • Analytics
    • Plan and acquire
    • Asset maintenance
    • Disposal
    • Project management
    • Project costing
    • Budget control
    • Document management

    Complete an inventory collection of your application portfolio

    MANAGED vs. UNMANAGED APPLICATION ENVIRONMENTS

    • Managed environments make way for easier inventory collection since there is significant control as to what applications can be installed on a company asset. Organizations will most likely have a comprehensive list of supported and approved applications.
    • Unmanaged environments are challenging to control because users are free to install any applications on company assets, which may or may not be supported by IT.
    • Most organizations fall somewhere in between – there is usually a central repository of applications and several applications that are exceptions to the company policies. Ensure that all applications are accounted for.

    Determine your inventory collection method:

    MANUAL INVENTORY COLLECTION
    • In its simplest form, a spreadsheet is used to document your application inventory.
    • For large organizations, reps interview all business domains to create a list of installed applications.
    • Conducting an end-user survey within your business domains is one way to gather your application inventory and assess quality.
    • This manual approach is most appropriate for smaller organizations with small application portfolios across domains.
    AUTOMATED INVENTORY COLLECTION
    • Using inventory collection compatibility tools, discover all of the supported applications within your organization.
    • This approach may not capture all applications, depending on the parameters of your automated tool.
    • This approach works well in a managed environment.

    Activity 2.2.2 – Understand the current application portfolio

    1-2 hours

    1. Brainstorm a list of the applications that support the ERP business processes inventoried in Activity 2.2.1. If an application has multiple instances, list each instance as a separate line item.
    2. Indicate the following for each application:
      1. User satisfaction. This may be more than one entry as different groups – e.g., IT vs. business – may differ.
      2. Processes supported. Refer to processes defined in Activity 2.2.1. Update 2.2.1 if additional processes are identified during this exercise.
      3. Define a future disposition: Keep, Update, Replace. It is possible to have more than one disposition, e.g., Update or Replace is a valid disposition.
    3. [Optional] Collect the following information about each application. This information can be used to calculate the cost per application and total cost per user:
      1. Number of users or user groups
      2. Estimated maintenance costs
      3. Estimated capital costs
      4. Estimated licensing costs
      5. Estimated support costs

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Application Portfolio' table on the next slide.

    Download the ERP Strategy Report Template

    2.2.2 - Application portfolio

    Inventory your applications and assess usage, satisfaction, and disposition

    Application Name Satisfaction Processes Supported Future Disposition
    PeopleSoft Financials Medium and declining ERP – shares one support person with HR Update or Replace
    Time Entry (custom) Low Time and Attendance Replace
    PeopleSoft HR Medium Core HR Update or Replace
    ServiceNow High ITSM
    CSM: Med-Low
    ITSM and CSM
    CSM – complexity and process changes
    Update
    Data Warehouse High IT
    Business: Med-Low
    BI portal – Tibco SaaS datamart Keep
    Regulatory Compliance Medium Regulatory software – users need training Keep
    ACL Analytics Low Audit Replace
    Elite Medium Supply chain for wholesale Update (in progress)
    Visual Importer Med-High Customs and taxes Keep
    Custom Reporting application Med-High Reporting solution for wholesale (custom for old system, patched for Elite) Replace

    2.3.1 – Visual application portfolio [optional]

    A diagram of applications and how they connect to each other. There are 'External Systems' and 'Internal Systems' split into three divisions, 'Retail Division', 'Wholesale Division', and 'Corporate Services'. Example external systems are 'Moneris', 'Freight Carriers', and 'Banks'. Example internal systems are 'Retail ERP/POS', 'Elite', and 'Excel'.

    Step 2.3

    Process pains, opportunities, and maturity

    Activities
    • 2.3.1 Level one process inventory with stakeholders
    • 2.3.2 Process pain points and opportunities
    • 2.3.3 Process key success indicators
    • 2.3.4 Process and technology maturity
    • 2.3.5 Mega-process prioritization

    This step will walk you through the following activities:

    • Assign stakeholders, discuss pain points, opportunities, and key success indicators for the mega-processes identified in Step 2.1
    • Assign process and technology maturity to each prioritizing the mega-processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    For each mega-process:

    • Level 1 processes with process and technology maturity assigned
    • Stakeholders identified
    • Process pain points, opportunities, and key success indicators identified
    • Prioritize the mega-processes

    Building out the mega-processes

    Congratulations, you have made it to the “big lift” portion of the blueprint. For each of the processes that were identified in exercise 2.2.1, you will fill out the following six details:

    1. Primary stakeholder(s)
    2. A description of the process
    3. hat level 1 processes/capabilities the mega-process is composed of
    4. Problems the new system must solve
    5. What success will look like when the new system is implemented
    6. The process and technological maturity of each level 1 process.

    Sample of the 'Core Finance' slide in the ERP Strategy Report, as shown on the next slide, with numbers corresponding to the ordered list above. 1 is on a list of 'Stakeholders', 2 is by the 'Description' box, 3 is on the 'Capability' table column, 4 is on the 'Current Pain Points' box, 5 is on the 'Key Success Factors' box, and 6 is on the 'Maturity' ratings column.

    It will take one to three hours per mega-process to complete the six different sections.

    Note:
    For each mega-process identified you will create a separate slide in the ERP Strategy Report. Default slides have been provided. Add or delete as necessary.

    Sample of the 'Core Finance' slide in the ERP Strategy Report. Note on the list of stakeholders reads 'Primary Stakeholders'. Note on the title, Core Finance, reads 'Mega-process name'. Note on the description box reads 'Description of the process'. Note on the 'Key Success Factors' box reads 'What success looks like'. Note on the 'Current Pain Points' box reads 'Problems the new system must solve'. Below is a capability table with columns 'Capability', 'Maturity', and a blank on for notes. Note on the 'Capability' table column reads 'Level 1 process'. Note on the 'Maturity' ratings column reads 'Level 1 process maturity of process and technology'. Note on the notes column reads 'Level 1 process notes'.

    An ERP project is most effective when you follow a structured approach to define, select, implement, and optimize

    Top-down approach

    ERP Strategy
    • Operating Model – Define process strategy, objectives, and operational implications.
    • Level 1 Processes –Define process boundaries, scope at the organization level; the highest level of mega-process.

    • Level 2 Processes – Define processes by function/group which represent the next level of process interaction in the organization.
    • Level 3 Processes – Decompose process by activity and role and identify suppliers, inputs, outputs, customers, metrics, and controls.
    • Functional Specifications; Blueprint and Technical Framework – Refine how the system will support and enable processes; includes functional and technical elements.
    • Org Structure and Change Management – Align org structure and develop change mgmt. strategy to support your target operating model.
    • Implementation and Transition to Operations – Execute new methods, systems, processes, procedures, and organizational structure.
    • ERP Optimization and Continuous Improvement – Establish a program to monitor, govern, and improve ERP systems and processes.

    *A “stage gate” approach should be used: the next level begins after consensus is achieved for the previous level.

    Activity 2.3.1 – Level 1 process inventory with stakeholders

    1 hour per mega-process

    1. Identify the primary stakeholder for the mega-process. The primary stakeholder is usually the process owner. For example, for core finance the CFO is the process owner/primary stakeholder. Name a maximum of three stakeholders.
    2. In the lower section, detail all the capabilities/processes associated with the mega-process. Be careful to remain at the level 1 process level as it is easy to start identifying the “How” of a process. The “How” is too deep.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Stakeholders' list and 'Capability' table column highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.2 – Process pain points and opportunities

    30+ minutes per mega-process

    1. As a group, write a clear description of the mega-process. This helps establish alignment on the scope of the mega-process.
    2. Start with the discussion of current pain points with the various capabilities. These pain points will be items that the new solution will have to resolve.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.3 – Key success indicators

    30 minutes per mega-process

    1. Document key success factors that should be base-lined in the existing system to show the overall improvement once the new system is implemented. For example, if month-end close takes 12 days in the current system, target three days for month-end close in the new system.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.4 – Process and technology maturity

    1 hour

    1. For each capability/level 1 process identified determine you level of process maturity:
      • Weak – Ad hoc processes without documentation
      • Moderate – Documented processes that are often executed consistently
      • Strong – Documented processes that include exception handling that are rigorously followed
      • Payroll is an example of a strong process, even if every step is manual. The process is executed the same every time to ensure staff are paid properly and on time.
    2. For each capability/level 1 process identified determine you level of technology maturity:
      • Weak – manual execution and often paper-based
      • Moderate – Some technology support with little automation
      • Strong – The process executed entirely within the technology stack with no manual processes

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Maturity' and notes columns highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.5 – Mega-process prioritization

    1 hour

    1. For the mega-processes identified, map each process’s current state in terms of process rigor versus organizational importance.
      • For process rigor, refer to your process maturity in the previous exercises.
    2. Now, as a group discuss how you want to “move the needle” on each of the processes. Remember that you have a limited capacity so focus on the processes that are, or will be, of strategic importance to the organization. The processes that are placed in the top right quadrant are the ones that are likely the strategic differentiators.

    Record this information in the ERP Strategy Report Template.

    A smaller version of the process prioritization map on the next slide.

    Download the ERP Strategy Report Template.

    ERP Process Prioritization

    Establishing an order of importance can impact vendor selection and implementation roadmap; high priority areas are critical for ERP success.

    A prioritization map placing processes by 'Rigor' and 'Organizational Importance' They are numbered 1-9, 0, A, and B and are split into two colour-coded sets for 'Future (green)' and 'Current(red)'. On the x-axis 'Organizational Importance' ranges from 'Operational' to 'Strategic' and on the y-axis 'Process Rigor' ranges from 'Get the Job Done' to 'Best Practice'. Comparing 'Current' to 'Future', they have all moved up from 'Get the Job Done' into 'Best Practice' territory and a few have migrated over from 'Operational' to 'Strategic'. Processes are 1. Core Finance, 2. Core HR, 3. Workforce Management, 4.Talent Management, 5. Employee Health and Safety, 6. Enterprise Asset Management, 7.Planning & Budgeting, 8. Strategic HR, 9. Procurement Mgmt., 0. CRM, A. Facilities, and B. Project Management.

    Build an ERP Strategy and Roadmap

    Phase 3

    Plan your project

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned
    • Set the initial core project team and their accountabilities and get them started on the project

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 3.1

    Stakeholders, risk, and value

    Activities
    • 3.1.1 Stakeholder analysis
    • 3.1.2 Potential pitfalls and mitigation strategies
    • 3.1.3 Project value [optional]

    This step will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An understanding of the stakeholders and their project influence
    • An initial risk register
    • A consensus on readiness to proceed

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Value Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    An example stakeholder map, categorizing stakeholders by amount of influence and interest.

    Activity 3.1.1 – Map your stakeholders

    1 hour

    1. As a group, identify all the ERP stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected Influence and Involvement in the project
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.
      • Sponsor – An internal stakeholder who has final sign-off on the ERP project.
      • End User – Front-line users of the ERP technology.
      • IT – Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.
      • Business – Additional stakeholders that will be impacted by any ERP technology changes.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Slide titled 'Map the organization's stakeholders with a more in-depth example of a stakeholder map and long 'List of Stakeholders'. The quadrants that stakeholders are sorted into by influence and involvement are labelled 'Keep Satisfied (1)', 'Involve Closely (2)', 'Monitor (3)', and 'Keep Informed (4)'.

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding the technical and strategic risks of a project can help you establish contingencies to reduce the likelihood of risk occurrence and devise mitigation strategies to help offset their impact if contingencies are insufficient.

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Remember

    The biggest sources of risk in an ERP strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Managing change
    • Executive sponsorship
    • Sufficient funding
    • Setting the right expectations

    Activity 3.1.2 – Identify potential project pitfalls and mitigation strategies

    1-2 hours

    1. Discuss what “Impact” and “Likelihood” mean to your organization. For example, define Impact by what is important to your organization – financial loss, reputational impact, employee loss, and process impairment are all possible factors.
    2. Identify potential risks that may impede the successful completion of each work initiative. Risks may include predictable factors such as low resource capability, or unpredictable factors such as a change in priorities leading to withdrawn buy-in.
    3. For each risk, identify mitigation tactics. In some cases, mitigation tactics might take the form of standalone work initiative. For example, if a risk is lack of end-user buy-in, a work initiative to mitigate that risk might be to build an end-user communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Risks

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Project approval 1 1 Build a strong business case for project approval and allow adequate time for the approval process
    Software does not work as advertised resulting in custom functionality with associated costs to create/ maintain 1 2 Work with staff to change processes to match the software instead of customizing the system thorough needs analysis prior to RFP creation
    Under estimation of staffing levels required, i.e. staff utilized at 25% for project when they are still 100% on their day job 1 2 Build a proper business case around staffing (be somewhat pessimistic)
    EHS system does not integrate with new HRMS/ERP system 2 2
    Selection of an ERP/HRMS that does not integrate with existing systems 2 3 Be very clear in RFP on existing systems that MUST be integrated to
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Is the organization committed to the ERP project?

    A recent study of critical success factors to an ERP implementation identified top management support and interdepartmental communication and cooperation as the top two success factors.

    By answering the seven questions the key stakeholders are indicating their commitment. While this doesn’t guarantee that the top two critical success factors have been met, it does create the conversation to guide the organization into alignment on whether to proceed.

    A table of example stakeholder questions with options 1-5 for how strongly they agree or disagree. 'Strongly disagree - 1', 'Somewhat disagree - 2', 'Neither agree or disagree - 3', 'Somewhat agree - 4', 'Strongly agree - 5'.

    Activity 3.1.3 – Project value (optional)

    30 minutes

    1. As a group, discuss the seven questions in the table. Ensure everyone agrees on what the questions are asking. If necessary, modify the language so that the meaning is clear to everyone.
    2. Have each stakeholder answer the seven questions on their own. Have someone compile the answers looking for:
      1. Any disagrees, strongly, somewhat, or neither as this indicates a lack of clarity. Endeavour to discover what additional information is required.
      2. [Optional] Have the most positive and most negative respondents present their points of view for the group to discuss. Is someone being overly optimistic, or pessimistic? Did the group miss something?

    There are no wrong answers. It should be okay to disagree with any of these statements. The goal of the exercise is to generate conversation that leads to support of the project and collaboration on the part of the participants.

    Record this information in the ERP Strategy Report Template.

    A preview of the next slide.

    Download the ERP Strategy Report Template

    Ask the right questions now to determine the value of the project to the organization

    Please indicate how much you agree or disagree with each of the following statements.

    Question # Question Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree
    1. I have everything I need to succeed. 1 2 3 4 5
    2. The right people are involved in the project. 1 2 3 4 5
    3. I understand the process of ERP selection. 1 2 3 4 5
    4. My role in the project is clear to me. 1 2 3 4 5
    5. I am clear about the vision for this project. 1 2 3 4 5
    6. I am nervous about this project. 1 2 3 4 5
    7. There is leadership support for the project. 1 2 3 4 5

    Step 3.2

    Project set up

    Activities
    • 3.2.1 Create the project team
    • 3.2.2 Set the project RACI

    This step will walk you through the following activities:

    • Set the initial core project team and their accountabilities to the project.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • Identify the core team members and their time commitments.
    • Assign responsibility, accountability or communication needs.

    Identify the right stakeholders for your project team

    Consider the core team functions when composing the project team. It is essential to ensure that all relevant perspectives (business, IT, etc.) are evaluated to create a well-aligned and holistic ERP strategy.

    PROJECT TEAM ROLES

    • Project champion
    • Project advisor
    • Steering committee
    • Project manager
    • Project team
    • Subject matter experts
    • Change management specialist

    PROJECT TEAM FUNCTIONS

    • Collecting all relevant inputs from the business.
    • Gathering high-level requirements.
    • Creating a roadmap.

    Info-Tech Insight

    There may be an inclination towards a large project team when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units like HR and Finance, as well as IT.

    Activity 3.2.1 – Project team

    1 hour

    1. Considering your ERP project scope, discuss the resources and capabilities necessary, and generate a complete list of key stakeholders considering each of the roles indicated on the chart to the right.
    2. Using the list previously generated, identify a candidate(s) for each role and determine their responsibility in the ERP strategy and their expected time commitment.

    Record this information in the ERP Strategy Report Template.

    Preview of the table on the next slide.

    Download the ERP Strategy Report Template

    Project team

    Of particular importance for this table is the commitment column. It is important that the organization understands the level of involvement for all roles. Failure to properly account for the necessary involvement is a major risk factor.

    Role Candidate Responsibility Commitment
    Project champion John Smith
    • Provide executive sponsorship.
    20 hours/week
    Steering committee
    • Establish goals and priorities.
    • Define scope and approve changes.
    • Provide adequate resources and resolve conflict.
    • Monitor project milestones.
    10 hours/week
    Project manager
    • Prepare and manage project plan.
    • Monitor project team progress.
    • Conduct project team meetings.
    40 hours/week
    Project team
    • Drive day-to-day project activities.
    • Coordinate department communication.
    • Make process and design decisions.
    40 hours/week
    Subject matter experts by area
    • Attend meetings as needed.
    • Respond to questions and inquiries.
    5 hours/week

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core ERP strategy team members and then structure a RACI chart with the relevant categories and roles for the overall project.

    • Responsible – Conducts work to achieve the task
    • Accountable – Answerable for completeness of task
    • Consulted – Provides input for the task
    • Informed – Receives updates on the task

    Benefits of assigning RACI early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring stakeholders are kept informed of project progress, risks, and successes.

    Activity 3.2.2 – Project RACI

    1 hour

    1. The ERP strategy will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    2. Modify the left-hand column to match the activities expected in your project.

    Record this information in the ERP Strategy Report Template.

    Preview of the RACI chart on the next slide.

    Download the ERP Strategy Report Template

    3.2.2 – Project RACI

    Project champion Project advisor Project steering committee Project manager Project team Subject matter experts
    Determine project scope & vision I C A R C C
    Document business goals I I A R I C
    Inventory ERP processes I I A C R R
    Map current state I I A R I R
    Assess gaps and opportunities I C A R I I
    Explore alternatives R R A I I R
    Build a roadmap R A R I I R
    Create a communication plan R A R I I R
    Present findings R A R I I R

    Build an ERP Strategy and Roadmap

    Phase 4

    Next steps

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 4.1

    Build your roadmap

    Activities
    • 4.1.1 Pick your path
    • 4.1.2 Build your roadmap
    • 4.1.3 Visualize your roadmap (optional)

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    A diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Explore the options for achieving your ideal future state

    CURRENT STATE STRATEGY
    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention. MAINTAIN CURRENT SYSTEM
    Your existing application is, for the most part, functionally rich, but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. AUGMENT CURRENT SYSTEM
    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. OPTIMIZE: CONSOLIDATE AND INTEGRATE SYSTEMS
    Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes altogether. TRANSFORM: REPLACE CURRENT SYSTEM

    Option: Maintain your current system

    Resolve your existing process and people pain points

    MAINTAIN CURRENT SYSTEM

    Keep the system, change the process.

    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones, and involves minimal cost, time, and effort.

    INDICATORS POTENTIAL SOLUTIONS
    People Pain Points
    • Lack of training
    • Low user adoption
    • Lack of change management
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy
    Process Pain Points
    • Legacy processes
    • Workarounds and shortcuts
    • Highly specialized processes
    • Inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of reporting functions.
    • Lacking functional depth in key process areas.
    • Add point solutions or enable modules to address missing functionality.
    Data Pain Points
    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Option: Consolidate and integrate

    Consolidate and integrate your current systems to address your technology and data pain points

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing
    Data Pain Points
    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of functionality and poor integration.
    • Obsolete technology.
    • Not aligned with technology direction or enterprise architecture plans.
    • Evaluate the ERP technology landscape.
    • Determine if you need to replace the current system with a point solution or an all-in-one solution.
    • Align ERP technologies with enterprise architecture.
    Data Pain Points
    • Limited capability to store and retrieve data.
    • Understand your data requirements.
    Process Pains
    • Insufficient tools to manage workflow.
    • Review end-to-end processes.
    • Assess user satisfaction.

    Activity 4.1.1 – Path to future state

    1+ hour
    1. Discuss the four options and the implications for your organization.
    2. Come to an agreement on your chosen path.

    The same diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Activity 4.1.2 – Build a roadmap

    1-2 hours

    1. Start your roadmap with the stakeholder presentation. This is your mark in the sand to launch the project.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.

    Record this information in the ERP Strategy Report Template.

    Note:
    Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Preview of the strategy roadmap table on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy roadmap

    Initiative Owner Start Date Completion Date
    Create final workshop deliverable Info-Tech 16 September, 2021
    Review final deliverable Workshop sponsor
    Present to executive team Oct 2021
    Build business case CFO, CIO, Directors 3 weeks to build
    3-4 weeks process time
    Build an RFI for initial costings 1-2 weeks
    Stage 1 approval for requirements gathering Executive committee Milestone
    Determine and acquire BA support for next step 1 week
    Requirements gathering – level 2 processes Project team 5-6 weeks effort
    Build RFP (based on informal approval) CFO, CIO, Directors 4th calendar quarter 2022 Possible completion January 2023
    2-4 weeks

    Activity 4.1.3 – Build a visual roadmap [optional]

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.2 and creating a visual.

    Record this information in the ERP Strategy Report Template.

    Preview of the visual strategy roadmap chart on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy Roadmap

    A table set up similarly to the previous one, but instead of 'Start Date' and 'Completion Date' columns there are multiple small columns broken up by fiscal quarters (i.e.. FY2022: Q1, Q2, Q3, Q4). There is a key with a light blue diamond shape representing a 'Milestone' and a blue arrow representing a 'Work in progress'; they are placed the Quarters columns according to when each row item reached a milestone or began its progress.

    Step 4.2

    Wrap up and present

    Activities
    • 4.2.1 Communication plan
    • 4.2.2 Stakeholder presentation

    This step will walk you through the following activities:

    • Build a communication plan as part of organizational change management, which includes the stakeholder presentation

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An initial communication plan for organizational change management
    • A stakeholder presentation

    Effectively communicate the changes an ERP foundation strategy will impose

    A communication plan is necessary because not everyone will react positively to change. Therefore, you must be prepared to explain the rationale behind any initiatives that are being rolled out.

    Steps:

    1. Start by building a sound communication plan.
    2. The communication plan should address all stakeholders that will be subject to change, including executives and end users.
    3. Communicate how a specific initiative will impact the way employees work and the work they do.
    4. Clearly convey the benefits of the strategy to avoid resistance.

    “The most important thing in project management is communication, communication, communication. You have to be able to put a message into business terms rather than technical terms.” (Lance Foust, I.S. Manager, Plymouth Tube Company)

    Project Goals Communication Goals Required Resources Communication Channels
    Why is your organization embarking on an ERP project? What do you want employees to know about the project? What resources are going to be utilized throughout the ERP strategy? How will your project team communicate project updates to the employees?
    Streamline processes and achieve operational efficiency. We will focus on mapping and gathering requirements for (X) mega-processes. We will be hiring process owners for each mega-process. You will be kept up to date about the project progress via email and intranet. Please feel free to contact the project owner if you have any questions.

    Activity 4.2.1 – Communication plan

    1 hour

    1. List the types of communication events and documents you will need to produce and distribute.
    2. Indicate the purpose of the event or document, who the audience is, and who is responsible for the communication.
    3. Identify who will be responsible for the development and delivery of the communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the Communication Plan table on the next slide.

    Download the ERP Strategy Report Template

    Communication plan

    Use the communication planning template to track communication methods needed to convey information regarding ERP initiatives.

    This is designed to help your organization make ERP initiatives visible and create stakeholder awareness.

    Audience Purpose Delivery/ Format Communicator Delivery Date Status/Notes
    Front-line employees Highlight successes Bi-weekly email CEO Mondays
    Entire organization Highlight successes
    Plans for next iteration
    Monthly townhall Senior leadership Last Thursday of every month Recognize top contributors from different parts of the business. Consider giving out prizes such as coffee mugs
    Iteration demos Show completed functionality to key stakeholders Iteration completion web conference Delivery lead Every other Wednesday Record and share the demonstrations to all employees

    Conduct a presentation of the final deliverable for stakeholders

    After completing the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Decide what needs to be presented and to whom. The purpose and format for communicating initiatives varies based on the audience. Identify the audience first to ensure initiatives are communicated appropriately.
    • IT and the business speak different languages. The business may not have the patience to try to understand IT, so it is up to IT to learn and use the language of business. Failing to put messages into language that resonates with the business will create disengagement and resistance.
    • Effective communication takes preparation to get the right content and tone to convey your real message.

    Learn From Other Organizations

    “When delivering the strategy and next steps, break the project down into consumable pieces. Make sure you deliver quick wins to retain enthusiasm and engagement.

    By making it look like a different project you keep momentum and avoid making it seem unattainable.” (Scott Clark, Innovation Credit Union)

    “To successfully sell the value of ERP, determine what the high-level business problem is and explain how ERP can be the resolution. Explicitly state which business areas ERP is going to touch. The business often has a very narrow view of ERP and perceives it as just a financial system. The key part of the strategy is that the organization sees the broader view of ERP.” (Scott Clark, Innovation Credit Union)

    Activity 4.2.2 – Stakeholder presentation

    1 hour

    1. The following sections of the ERP Strategy Report Template are designed to function as the stakeholder presentation:
      1. Workshop Overview
      2. ERP Models
      3. Roadmap
    2. You can use the Template as your presentation deck or extract the above sections to create a stand-alone stakeholder presentation.
    3. Remember to take your audience into account and anticipate the questions they may have.

    Samples of the ERP Strategy Report Template.

    Download the ERP Strategy Report Template

    Summary of Accomplishment

    Get the Most Out of Your ERP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Build an ERP Strategy and Roadmap allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of ERP processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Research Contributors

    Name Title Organization
    Anonymous Anonymous Software industry
    Anonymous Anonymous Pharmaceutical industry
    Boris Znebel VP of Sales Second Foundation
    Brian Kudeba Director, Administrative Systems Fidelis Care
    David Lawrence Director, ERP Allegheny Technologies Inc.
    Ken Zima CIO Aquarion Water Company
    Lance Foust I.S. Manager Plymouth Tube Company
    Pooja Bagga Head of ERP Strategy & Change Transport for London
    Rob Schneider Project Director, ERP Strathcona County
    Scott Clark Innovation Credit Union
    Tarek Raafat Manager, Application Solutions IDRC
    Tom Walker VP, Information Technology StarTech.com

    Related Info-Tech Research

    Bibliography

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub. 2018. Accessed 21 Feb. 2021.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup. n.d. Accessed 21 Feb. 2021.

    Neito-Rodriguez, Antonio. Project Management | How to Prioritize Your Company's Projects. 13 Dec. 2016. Accessed 29 Nov 2021. Web.

    "A&D organization resolves organizational.“ Case Study. Panorama Consulting Group. 2021. PDF. 09 Nov. 2021. Web.

    "Process Frameworks." APQC. n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, 29-37. 22 Feb. 2019. Accessed 21 Feb. 2021.

    Lead Strategic Decision Making With Service Portfolio Management

    • Buy Link or Shortcode: {j2store}397|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • There are no standardized processes for the intake of new ideas and no consistent view of the drivers needed to assess the value of these ideas.
    • IT is spending money on low-value services and doesn’t have the ability to understand and track value in order to prioritize IT investment.
    • CIOs are not trusted to drive innovation.

    Our Advice

    Critical Insight

    • The service portfolio empowers IT to be a catalyst in business strategy, change, and growth.
    • IT must drive value-based investment by understanding value of all services in the portfolio.
    • Organizations must assess the value of their services throughout their lifecycle to optimize business outcomes and IT spend.

    Impact and Result

    • Optimize IT investments by prioritizing services that provide more value to the business, ensuring that you do not waste money on low-value or out-of-date IT services.
    • Ensure that services are directly linked to business objectives, goals, and needs, keeping IT embedded in the strategic vision of the organization.
    • Enable the business to understand the impact of IT capabilities on business strategy.
    • Ensure that IT maintains a strategic and tactical view of the services and their value.
    • Drive agility and innovation by having a streamlined view of your business value context and a consistent intake of ideas.
    • Provide strategic leadership and create new revenue by understanding the relative value of new ideas vs. existing services.

    Lead Strategic Decision Making With Service Portfolio Management Research & Tools

    Start here – read the Executive Brief

    Service portfolio management enables organizations to become strategic value creators by establishing a dynamic view of service value. Understand the driving forces behind the need to manage services through their lifecycles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the service portfolio

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 1: Establish the Service Portfolio
    • Service Portfolio Worksheet

    2. Develop a value assessment framework

    Use the value assessment tool to assess services based on the organization’s context of value.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 2: Develop a Value Assessment Framework
    • Value Assessment Tool
    • Value Assessment Example Tool

    3. Manage intake and assessment of initiatives

    Create a centralized intake process to manage all new service ideas.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 3: Manage Intake and Assessment of Initiatives
    • Service Intake Form

    4. Assess active services

    Continuously validate the value of the existing service and determine the future of service based on the value and usage of the service.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 4: Assess Active Services

    5. Manage and communicate the service portfolio

    Communicate and implement the service portfolio within the organization, and create a mechanism to seek out continuous improvement opportunities.

    • Lead Strategic Decision Making With Service Portfolio Management – Phase 5: Manage and Communicate the Service Portfolio
    [infographic]

    Workshop: Lead Strategic Decision Making With Service Portfolio Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Service Portfolio

    The Purpose

    Establish and understand the service portfolio process by setting up the Service Portfolio Worksheet.

    Understand at a high level the steps involved in managing the service portfolio.

    Key Benefits Achieved

    Adapt the Service Portfolio Worksheet to organizational needs and create a plan to begin documenting services in the worksheet.

    Activities

    1.1 Review the Service Portfolio Worksheet.

    1.2 Adapt the Service Portfolio Worksheet.

    Outputs

    Knowledge about the use of the Service Portfolio Worksheet.

    Adapt the worksheet to reflect organizational needs and structure.

    2 Develop a Value Assessment Framework

    The Purpose

    Understand the need for a value assessment framework.

    Key Benefits Achieved

    Identify the organizational context of value through a holistic look at business objectives.

    Leverage Info-Tech’s Value Assessment Tool to validate and determine service value.

    Activities

    2.1 Understand value from business context.

    2.2 Determine the governing body.

    2.3 Assess culture and organizational structure.

    2.4 Complete the value assessment.

    2.5 Discuss value assessment score.

    Outputs

    Alignment on value context.

    Clear roles and responsibilities established.

    Ensure there is a supportive organizational structure and culture in place.

    Understand how to complete the value assessment and obtain a value score for selected services.

    Understand how to interpret the service value score.

    3 Manage Intake and Assessment of Initiatives

    The Purpose

    Create a centralized intake process to manage all new service ideas.

    Key Benefits Achieved

    Encourage collaboration and innovation through a transparent, formal, and centralized service intake process.

    Activities

    3.1 Review or design the service intake process.

    3.2 Review the Service Intake Form.

    3.3 Design a process to assess and transfer service ideas.

    3.4 Design a process to transfer completed services to the service catalog.

    Outputs

    Create a centralized process for service intake.

    Complete the Service Intake Form for a specific initiative.

    Have a process designed to transfer approved projects to the PMO.

    Have a process designed for transferring of completed services to the service catalog.

    4 Assess Active Services

    The Purpose

    Continuously validate the value of existing services.

    Key Benefits Achieved

    Ensure services are still providing the expected outcome.

    Clear next steps for services based on value.

    Activities

    4.1 Discuss/review management of active services.

    4.2 Complete value assessment for an active service.

    4.3 Determine service value and usage.

    4.4 Determine the next step for the service.

    4.5 Document the decision regarding the service outcome.

    Outputs

    Understand how active services must be assessed throughout their lifecycles.

    Understand how to assess an existing service.

    Place the service on the 2x2 matrix based on value and usage.

    Understand the appropriate next steps for services based on value.

    Formally document the steps for each of the IRMR options.

    5 Manage and Communicate Your Service Portfolio

    The Purpose

    Communicate and implement the service portfolio within the organization.

    Key Benefits Achieved

    Obtain buy-ins for the process.

    Create a mechanism to identify changes within the organization and to seek out continuous improvement opportunities for the service portfolio management process and procedures.

    Activities

    5.1 Create a communication plan for service portfolio and value assessment.

    5.2 Create a communication plan for service intake.

    5.3 Create a procedure to continuously validate the process.

    Outputs

    Document the target audience, the message, and how the message should be communicated.

    Document techniques to encourage participation and promote participation from the organization.

    Document the formal review process, including cycle, roles, and responsibilities.

    Stabilize Release and Deployment Management

    • Buy Link or Shortcode: {j2store}453|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $38,699 Average $ Saved
    • member rating average days saved: 37 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Lack of control over the release process, poor collaboration between teams, and manual deployments lead to poor quality releases at a cost to the business.

    Our Advice

    Critical Insight

    • Manage risk. Release management should stabilize the IT environment. A poorly designed release can take down the whole business. Rushing releases out the door leads to increased risk for the business.
    • Quality processes are key. Standardized process will enable your release and deployment management teams to have a framework to deploy new releases with minimal chance of costly downtime further down the production chain.
    • Business must own the process. Release managers need oversight of the business to remain good stewards of the release management process.

    Impact and Result

    • Be prepared with a release management policy. With vulnerabilities discovered and published at an alarming pace, organizations have to build a plan to address and fix them quickly. A detailed release and patch policy should map out all the logistics of the deployment in advance, so that when necessary, teams can handle rollouts like a well-oiled machine.
    • Automate your software deployment and patch management strategy. Replace tedious and time-consuming manual processes with the use of automated release and patch management tools. Some organizations have a variety of release tools for various tasks and processes to ensure all or most of the required processes are covered across a diverse development environment.
    • Test deployments and monitor your releases. Larger organizations may have the luxury of a test environment prior to deployment, but that may be cost prohibitive for smaller organizations. If resources are a constraint, roll out the patch gradually and closely monitor performance to be able to quickly revert in the event of an issue.

    Stabilize Release and Deployment Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should control and stabilize your release and deployment management practice while improving the quality of releases and deployments, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Analyze current state

    Begin improving release management by assessing the current state and gaining a solid understanding of how core operational processes are actually functioning within the organization.

    • Stabilize Release and Deployment Management – Phase 1: Analyze Current State
    • Release Management Maturity Assessment
    • Release Management Project Roadmap Tool
    • Release Management Workflow Library (Visio)
    • Release Management Workflow Library (PDF)
    • Release Management Standard Operating Procedure
    • Patch Management Policy
    • Release Management Policy
    • Release Management Deployment Tracker
    • Release Management Build Procedure Template

    2. Plan releases and deployments

    Plan releases to gather all the pieces in one place and define what, why, when, and how a release will happen.

    • Stabilize Release and Deployment Management – Phase 2: Release and Deployment Planning

    3. Build, test, deploy

    Take a holistic and comprehensive approach to effectively designing and building releases. Get everything right the first time.

    • Stabilize Release and Deployment Management – Phase 3: Build, Test, Deploy

    4. Measure, manage, improve

    Determine desired goals for release management to ensure both IT and the business see the benefits of implementation.

    • Stabilize Release and Deployment Management – Phase 4: Measure, Manage, Improve
    [infographic]

    Workshop: Stabilize Release and Deployment Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze Current State

    The Purpose

    Release management improvement begins with assessment of the current state.

    Key Benefits Achieved

    A solid understanding of how core operational processes are actually functioning within the organization.

    Activities

    1.1 Evaluate process maturity.

    1.2 Assess release management challenges.

    1.3 Define roles and responsibilities.

    1.4 Review and rightsize existing policy suite.

    Outputs

    Maturity Assessment

    Release Management Policy

    Release Management Standard Operating Procedure

    Patch Management Policy

    2 Release Management Planning

    The Purpose

    In simple terms, release planning puts all the pertinent pieces in one place.

    Key Benefits Achieved

    It defines the what, why, when, and how a release will happen.

    Activities

    2.1 Design target state release planning process.

    2.2 Define, bundle, and categorize releases.

    2.3 Standardize deployment plans and models.

    Outputs

    Release Planning Workflow

    Categorization and prioritization schemes

    Deployment models aligned to release types

    3 Build, Test, and Deploy

    The Purpose

    Take a holistic and comprehensive approach to effectively designing and building releases.

    Key Benefits Achieved

    Standardize build and test procedures to begin to drive consistency.

    Activities

    3.1 Standardize build procedures for deployments.

    3.2 Standardize test plans aligned to release types.

    Outputs

    Build procedure for hardware and software releases

    Test models aligned to deployment models

    4 Measure, Manage, and Improve

    The Purpose

    Determine and define the desired goals for release management as a whole.

    Key Benefits Achieved

    Agree to key metrics and success criteria to start tracking progress and establish a post-deployment review process to promote continual improvement.

    Activities

    4.1 Determine key metrics to track progress.

    4.2 Establish a post-deployment review process.

    4.3 Understand and define continual improvement drivers.

    Outputs

    List of metrics and goals

    Post-deployment validation checklist

    Project roadmap

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact (scale of 10): 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Make the Case for Enterprise Business Analysis

    • Buy Link or Shortcode: {j2store}509|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • It can be difficult to secure alignment between the many lines of business, IT included, in your organization.
    • Historically, we have drawn a dividing line between IT and "the business.”
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed to make way for the loudest voice’s option.

    Our Advice

    Critical Insight

    • Enterprise business analysis can help you stop the debate between IT and “the business,” as it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove the bias and politics in decision making all too common in organizations.
    • The business analyst is the only role that can connect the strategic with the tactical, the systems, and the operations and do so objectively. It is the one source to show how people, process, and technology connect and relate, and the most skilled can remove bias and politics from their lens of view.
    • Maturity can’t be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    Impact and Result

    Let’s make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise analysis deliver better quality outcomes, with higher value, lower cost, and higher user satisfaction.
    • Business analysts should be contributing at the strategic level, as they need to understand multiple horizons simultaneously and be able to zoom in and out as the context calls for it. Business analysts aren’t only for projects.

    Make the Case for Enterprise Business Analysis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Enterprise Business Analysis Storyboard – Take your business analysis from tactics to strategy.

    • Make the Case for Enterprise Business Analysis Storyboard

    2. Communicate the Case for Enterprise Business Analysis Template – Make the case for enterprise business analysis.

    • Communicate the Case for Enterprise Business Analysis
    [infographic]

    Further reading

    Make the Case for Enterprise Business Analysis

    Putting the strategic and tactical puzzle together.

    Analyst Perspective

    We commonly recognize the value of effective business analysis at a project or tactical level. A good business analysis professional can support the business by identifying its needs and recommending solutions to address them.
    Now, wouldn't it be great if we could do the same thing at a higher level?
    Enterprise (or strategic) business analysis is all about seeing that bigger picture, an approach that makes any business analysis professional a highly valuable contributor to their organization. It focuses on the enterprise, not a specific project or line of business.
    Leading the business analysis effort at an enterprise level ensures that your business is not only doing things right, but also doing the right things; aligned with the strategic vision of your organization to improve the way decisions are made, options are analyzed, and successful results are realized.

    Vincent Mirabelli

    Vincent Mirabelli
    Principal Research Director, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Difficulty properly aligning between the many lines of business in your organization.
    • Historically, we have drawn a dividing line between IT and the business.
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed in favor of the loudest voice.

    Common Obstacles

    • Difficulty aligning an ever-changing backlog of projects, products, and services while simultaneously managing risks, external threats, and stakeholder expectations.
    • Many organizations have never heard of enterprise business analysis and only see the importance of business analysts at the project and delivery level.
    • Business analysis professionals rarely do enough to advocate for a seat at the strategic tables in their organizations.

    Info-Tech's Approach

    Let's make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise business analysis deliver better quality outcomes with higher value, lower cost, and higher user satisfaction.
    • Business analysts aren't only for projects. They should contribute at the strategic level, since they need to understand multiple horizons simultaneously and be able to zoom in and out as the context requires.

    Info-Tech Insight

    Enterprise business analysis can help you reframe the debate between IT and the business, since it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove bias and politics from decision making.

    Phase 1

    Build the case for enterprise business analysis

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 1.1.1 Discuss how business analysis is used in our organization
    • 1.1.2 Discuss your disconnects between strategy and tactics
    • 1.2.1 Identify your pains and opportunities

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    How business analysis supports our success today

    Delivering value at the tactical level

    Effective business analysis helps guide an organization through improvements to processes, products, and services. Business analysts "straddle the line between IT and the business to help bridge the gap and improve efficiency" in an organization (CIO, 2019).
    They are most heavily involved in:

    • Defining needs
    • Modeling concepts, processes, and solutions
    • Conducting analysis
    • Maintaining and managing requirements
    • Managing stakeholders
    • Monitoring progress
    • Doing business analysis planning
    • Conducting elicitation

    In a survey, business analysts indicated that of their total working time, they spend 31% performing business analysis planning and 41% performing elicitation and analysis (PMI, 2017).

    By including a business analyst in a project, organizations benefit by:
    (IAG, 2009)

    87%

    Reduced time overspending

    75%

    Prevented budget overspending

    78%

    Reduction in missed functionality

    1.1.1 Discuss how business analysis is used in your organization

    15-30 minutes

    1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives on business analysis. This should relate to their experience and not a future or aspirational usage.
    2. Have a team member facilitate the session.
    3. Brainstorm and document all shared thoughts and perspectives.
    4. Synthesize those thoughts and perspectives and record the results for the group to review and discuss.
    5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding of how your organization leverages its business analysis function

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Executives and leadership are satisfied with IT when there is alignment between tactics and goals

    Info-Tech's CIO Business Vision Survey data highlights the importance of IT projects in supporting the business to achieve its strategic goals.

    However, Info-Tech's CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT as poorly aligned with the business' strategic goals.

    Info-Tech's CIO-CEO Alignment Diagnostics

    43%

    of CEOs believe that business goals are going unsupported by IT.

    60%

    of CEOs believe that IT must improve understanding of business goals.

    80%

    of CIOs/CEOs are misaligned on the target role of IT.

    30%

    of business stakeholders support their IT departments.

    Addressing problems solely with tactics does not always have the desired effect

    94%

    Source: "Out of the Crisis", Deming (via Harvard Business Review)

    According to famed management and quality thought leader and pioneer W. Edwards Deming, 94% of issues in the workplace are systemic cause significant organizational pain.

    Yet we continue to address them on the surface, rather than acknowledge how ingrained they are in our culture, systems, and processes.

    For example, we:

    • Create workarounds to address process and solution constraints
    • Expect that poor (or lack of ) leadership can be addressed in a course or seminar
    • Expect that "going Agile" will resolve our problems, and that decision making, governance, and organizational alignment will happen organically.

    Band-aid solutions rarely have the desired effect, particularly in the long-term.

    Our solutions should likewise focus on the systemic/macro environment. We can do this via projects, products and services, but those don't always address the larger issues.

    If we take the work our business analysis currently does in defining needs and solutions, and elevate this to the strategic level, the results can be impactful.

    Many organizations would benefit from enhancing their business analysis maturity

    The often-overlooked strategic value of the role comes with maturing your practices.

    Only 18% of organizations have mature (optimized or established) business analysis practices.

    With that higher level of maturity comes increased levels of capability, efficiency, and effectiveness in delivering value to people, processes, and technology. Through such efforts, they're better equipped and able to connect the strategy of their organization to the projects, processes, and products they deliver.

    They shift focus from "figuring business analysis out" to truly unleashing its potential, with business analysts contributing in strategic and tactical ways.

    an image showing the following data: Optimized- 5; Established- 13; Improving- 37; Starting- 25; Ad hoc- 21

    (Adapted from PMI, 2017)

    Info-Tech Insight

    Business analysts are best suited to connect the strategic with the tactical, the systems, and the operations. They maintain the most objective lens regarding how people, process, and technology connect and relate, and the most skilled of them can remove bias and politics from their perspective.

    1.1.2 Discuss your disconnects between strategy and tactics

    30-60 minutes

      1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives regarding failures that resulted from disconnects between strategy and tactics.
      2. Have a team member facilitate the session.
      3. Brainstorm and document all shared thoughts and perspectives.
      4. Synthesize those thoughts and perspectives and record the results.
      5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding and list of failures due to disconnects between strategy and tactics

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Defining enterprise business analysis

    Terms may change, but the function remains the same.

    Enterprise business analysis (sometimes referred to as strategy analysis) "…focuses on defining the future and transition states needed to address the business need, and the work required is defined both by that need and the scope of the solution space. It covers strategic thinking in business analysis, as well as the discovery or imagining of possible solutions that will enable the enterprise to create greater value for stakeholders and/or capture more value for itself."
    (Source: "Business Analysis Body of Knowledge," v3)

    Define the function of enterprise business analysis

    This is a competitive advantage for mature organizations.

    Organizations with high-performing business analysis programs experience an enhanced alignment between strategy and operations. This contributes to improved organizational performance. We see this in financial (69% vs. 45%) and strategic performance (66% vs. 21%), also organizational agility (40% vs. 14%) and management of operational projects (62% vs. 29%). (PMI, 2017)

    When comparing enterprise with traditional business analysis, we see stark differences in the size and scope of their view, where they operate, and the role they play in organizational decision making.

    Enterprise Traditional
    Decision making Guides and influences Executes
    Time horizon 2-10 years 0-2 years
    Focus Strategy, connecting the strategic to the operational Operational, optimizing how business is done, and keeping the lights on
    Domain

    Whole organization

    Broader marketplace

    Only stakeholder lines of business relevant to the current project, product or service
    Organizational Level Executive/Leadership Project

    (Adapted from Schulich School of Business)

    Info-Tech Insight

    Maturity can't be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    An image showing the percentages of high- and low- maturity organizations, for the following categories: Financial performance; Strategy implementation; Organizational agility; Management of projects.

    (Adapted from PMI, 2017)

    How enterprise business analysis is used to improve organizations

    The biggest sources of project failure include:

    • Wrong (or poor) requirements
    • Unrealistic (or incomplete) business case
    • Lack of appropriate governance and oversight
    • Poor implementation
    • Poor benefits management
    • Environmental changes

    Source: MindTools.com, 2023.

    Enterprise business analysis addresses these sources and more.

    It brings a holistic view of the organization, improving collaboration and decision making across the many lines of business, effectively breaking down silos.

    In addition to ensuring we're doing the right things, not just doing things right in the form of improved requirements and more accurate business cases, or ensuring return on investment (ROI) and monitoring the broader landscape, enterprise business analysis also supports:

    • Reduced rework and waste
    • Understanding and improving operations
    • Making well-informed decisions through improved objectivity/reduced bias
    • Identifying new opportunities for growth and expansion
    • Identifying and mitigating risk
    • Eliminating projects and initiatives that do not support organizational goals or objectives
    • A career-pathing option for business analysts

    Identify your pains and opportunities

    There are many considerations in enterprise business analysis.

    Pains, gains, threats, and opportunities can come at your organization from anywhere. Be it a new product launch, an international expansion, or a new competitor, it can be challenging to keep up.

    This is where an enterprise business analyst can be the most helpful.

    By keeping a pulse on the external and internal environments, they can support growth, manage risks, and view your organization through multiple lenses and perspectives to get a single, complete picture.

    External

    Internal

    Identifying competitive forces

    In the global environment

    Organizational strengths and weaknesses

    • Monitoring and maintaining your competitive advantage.
    • Understanding trends, risks and threats in your business domain, and how they affect your organization.
    • Benchmarking performance against like and unlike organizations, to realize where you stand and set a baseline for continuous improvement and business development.
    • Leveraging tools and techniques to scan the broader landscape on an ongoing basis. Using PESTLE analysis, they can monitor the political, economic, social, technological, legal, and environmental factors that impact when, where, how, and with who you conduct your business and IT operations.
    • Supporting alignment between a portfolio or program of projects and initiatives.
    • Improving alignment between the various lines of business, who often lack full visibility outside of their silo, and can find themselves clashing over time, resources, and attention from leaders.
    • Improving solutions and outcomes through objective option selection.

    1.2.1 Identify your pains and opportunities

    30-60 minutes

    1. As a group, generate a list of the current pains and opportunities facing your organization. You can focus on a particular type (competitive, market, or internal) or leave it open. You can also focus on pains or opportunities separately, or simultaneously.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review, discuss, and prioritize.
      1. Discuss the impact and likelihood of each item. This can be formally ranked and quantified if there is data to support the item or leveraging the wisdom of the group.
      2. Prioritize the top three to five items of each type, as agreed by the group, and document the results.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Attendee knowledge
    • Supporting data, if available

    Output

    • A list of identified organizational pains and opportunities that has been prioritized by the group

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Phase 2

    Prepare the foundations for your enterprise business analysis program

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 2.1.1 Define your vision and goals
    • 2.1.2 Identify your enterprise business analysis inventory
    • 2.2.1 Now, Next, Later

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Set your vision

    Your vision becomes your "north star," guiding your journey and decisions.

    When thinking about a vision statement for enterprise business analysis, think about:

    • Who are we doing this for? Who will benefit?
    • What do our business partners need? What do our customers need?
    • What value do we provide them? How can we best support them?
    • Why is this special/different from how we usually do business?

    Always remember: Your goal is not your vision!

    Not knowing the difference will prevent you from both dreaming big and achieving your dream.

    Your vision represents where you want to go. It's what you want to do.

    Your goals represent how you want to achieve your vision.

    • They are a key element of operationalizing your vision.
    • Your strategy, initiatives, and features will align with one or more goals.

    Info-Tech Best Practice

    Your vision shouldn't be so far out that it doesn't feel real, nor so short term that it gets bogged down in details. Finding balance will take some trial and error and will be different depending on your organization.

    2.1.1 Define your vision and goals

    1-2 hours

    1. Gather the appropriate stakeholders to discuss their vision for enterprise business analysis. It should address the questions used in framing your vision statement.
    2. Have a team member facilitate the session.
    3. Review your current organizational vision and goals.
    4. Discuss and document all shared thoughts and perspectives on how enterprise business analysis can align with the organizational vision.
    5. Synthesize those thoughts and perspectives to create a vision statement.
    6. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder vision, knowledge, and experience
    • Current organizational vision and goals

    Output

    • A documented vision and goals for your enterprise business analysis program

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Components of successful enterprise business analysis programs

    Ensure you're off to the best start by examining where you are and where you want to go.

    Training

    • Do the current team members have the right level of training?
    • Can we easily obtain training to close any gaps?

    Competencies and capabilities

    • Do our business analysts have the right skills, attributes, and behaviors to be successful?

    Structure and alignment

    • Would the organizational culture support enterprise business analysis (EBA)?
    • How might we structure the EBA unit to maximize effectiveness?
    • How can we best support the organization's goals and objectives?

    Methods and processes

    • How do we plan on managing the work to be done?
    • Can we define our processes and workflows?

    Tools, techniques, and templates

    • Do we have the most effective tools, techniques, and templates?

    Governance

    • How will we make decisions?
    • How will the program be managed?

    2.1.2 Identify your enterprise business analysis inventory

    30-60 minutes

    1. Gather the appropriate stakeholders to discuss the current business analysis assets, which could be leveraged for enterprise business analysis. This includes people, processes, and technologies which cover skills, knowledge, resources, experience, knowledge, and competencies. Focus on what the organization currently has, and not what it needs.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review and discuss.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your current business analysis assets and resources Stakeholder knowledge and experience

    Output

    • A list of assets and resources to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Define your roadmap and next steps

    What do we have? What do we need?

    From completing the enterprise business analysis inventory, you will have a comprehensive list of all available assets.

    The next question is, how can this be leveraged to start building for the future?

    To operationalize enterprise business analysis, consider:

    • What do we still need to do?
    • How important are the identified gaps? Can we still operate?
    • What decisions do we need to make?
    • What stakeholders do we need to involve? Have we engaged them all?

    Lay out your roadmap

    Taking steps to mature your enterprise business analysis practice.

    The Now, Next, Later technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

    • Now tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
    • Next tasks are those that should be completed soon. These tasks are not as critical as Now tasks, but they are still important and should be tackled relatively soon.
    • Later tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

    By using this technique, you can prioritize and plan the most important tasks, while allowing the flexibility to adjust as necessary.

    This technique also helps clarify what must be done first vs. what can wait. This prioritizes the most important things while keeping track of what must be done next, maintaining a smooth development/improvement process.

    An image of the now - next - later roadmap technique.

    2.2.1 Now, Next, Later

    1-2 hours

    1. Use the list of items created in 2.1.2 (Identify your enterprise business analysis inventory). Add any you feel are missing during this exercise.
    2. Have a team member facilitate the session.
    3. In the Communicate the Case for Enterprise Business Analysis template, categorize these items according to Now, Next and Later, where:
      1. Now = Critically important items that may require little effort to complete. These must be done within the next six months.
      2. Next = Important items that may require more effort or depend on other factors. These must be done in six to twelve months.
      3. Later = Less important items that may require significant effort to complete. These must be done at some point within twelve months.

    Ultimately, the choice of priority and timing is yours. Recognize that items may change categories as new information arises.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your enterprise business analysis inventory and gaps
    • Stakeholder knowledge and experience

    Output

    • A prioritized list of items to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    2.3 Complete your executive communication deck

    Use the results of your completed exercises to build your executive communication slide deck, to make the case for enterprise business analysis

    Slide Header Associated Exercise Rationale
    Pains and opportunities

    1.1.2 Discuss your disconnects between strategy and tactics

    1.2.1 Identify your pains and opportunities

    This helps build the case for enterprise business analysis (EBA), leveraging the existing pains felt in the organization. This will draw the connection for your stakeholders.
    Our vision and goals 2.1.1 Define your vision and goals Defines where you want to go and what effort will be required.
    What is enterprise business analysis

    1.1.1 How is BA being used in our organization today?
    Pre-populated supporting content

    Defines the discipline of EBA and how it can support and mature your organization.
    Expected benefits Pre-populated supporting content What's in it for us? This section helps answer that question. What benefits can we expect, and is this worth the investment of time and effort?
    Making this a reality 2.1.2 Identify your EBA inventory Identifies what the organization presently has that makes the effort easier. It doesn't feel as daunting if there are existing people, processes, and technologies in place and in use today.
    Next steps 2.2.1 Now, Next, Later A prioritized list of action items. This will demonstrate the work involved, but broken down over time, into smaller, more manageable pieces.

    Track metrics

    Track metrics throughout the project to keep stakeholders informed.

    As the project nears completion:

    1. You will have better-aligned and more satisfied stakeholders.
    2. You will see fewer projects and initiatives that don't align with the organizational goals and objectives.
    3. There will be a reduction in costs attributed to misaligned projects and initiatives (as mentioned in #2) and the opportunity to allocate valuable time and resources to other, higher-value work.
    Metric Description Target Improvement/Reduction
    Improved stakeholder satisfaction Lines of business and previously siloed departments/divisions will be more satisfied with time spent on solution involvement and outcomes. 10% year 1, 20% year 2
    Reduction in misaligned/non-priority project work Reduction in projects, products, and services with no clear alignment to organizational goals. With that, resource costs can be allocated to other, higher-value solutions. 10% year 1, 25% year 2
    Improved delivery agility/lead time With improved alignment comes reduced conflict and political infighting. As a result, the velocity of solution delivery will increase. 10%

    Bibliography

    Bossert, Oliver and Björn Münstermann. "Business's 'It's not my problem' IT problem." McKinsey Digital. 30 March, 2023.
    Brule, Glenn R. "The Lay of the Land: Enterprise Analysis." Modern Analyst.
    "Business Analysis: Leading Organizations to Better Outcomes." Project Management Institute (PMI), 2017
    Corporate Finance Institute. "Strategic Analysis." Updated 14 March 2023
    IAG Consulting. Business Analysis Benchmark Report, 2009.
    International Institute of Business Analysis. "A Guide to the Business Analysis Body of Knowledge" (BABOK Guide) version 3.
    Mirabelli, Vincent. "Business Analysis Foundations: Enterprise" LinkedIn Learning, February 2022.
    - - "Essential Techniques in Enterprise Analysis" LinkedIn Learning, September 2022.
    - - "The Essentials of Enterprise Analysis" Love the Process Academy. May 2020.
    - - "The Value of Enterprise Analysis." VincentMirabelli.com
    Praslova, Ludmila N. "Today's Most Critical Workplace Challenges Are About Systems." Harvard Business Review. 10 January 2023.
    Pratt, Mary K. and Sarah K. White. "What is a business analyst? A key role for business-IT efficiency." CIO. 17 April, 2019.
    Project Management Institute. "Business Analysis: Leading Organizations to Better Outcomes." October 2017.
    Sali, Sema. "The Importance of Strategic Business Analysis in Successful Project Outcomes." International Institute of Business Analysis. 26 May 2022.
    - - "What Does Enterprise Analysis Look Like? Objectives and Key Results." International Institute of Business Analysis. 02 June 2022.
    Shaker, Kareem. "Why do projects really fail?" Project Management Institute, PM Network. July 2010.
    "Strategic Analysis: Definition, Types and Benefits" Voxco. 25 February 2022.
    "The Difference Between Enterprise Analysis and Business Analysis." Schulich School of Business, Executive Education Center. 24 September 2018 (Updated June 2022)
    "Why Do Projects Fail: Learning How to Avoid Project Failure." MindTools.com. Accessed 24 April 2023.

    Initiate Digital Accessibility for IT

    • Buy Link or Shortcode: {j2store}520|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Determining IT requirements (legal and business needs) is overwhelming.
    • Prioritizing people in the process is often overlooked.
    • Mandating changes instead of motivating change isn’t sustainable.

    Our Advice

    Critical Insight

    • Compliance is the minimum; the people and behavior changes are the harder part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility makes the necessary behavior changes easier. Communicate, communicate, and communicate some more.
    • Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative, however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging, the tendency is to start with tech or compliance, however, starting with the people is key. It must be culture.
    • Think about accessibility like you think about IT security. Use IT security concepts that you and your team are already familiar with to initiate the accessibility program.

    Impact and Result

    • Take away the overwhelm that many feel when they hear ‘accessibility’ and make the steps for your organization approachable.
    • Clearly communicate why accessibility is critical and how it supports the organization’s key objectives and initiatives.
    • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.
    • Build your accessibility plan while prioritizing the necessary culture change
    • Use change management and communication practices to elicit the behavior shift needed to sustain accessibility.

    Initiate Digital Accessibility for IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Initiate Digital Accessibility for IT – Use this blueprint to narrow down the requirements for your organization and team while also clearly communicating why accessibility is critical and how it supports the organization’s key objectives and initiatives.

    A step-by-step approach to walk you through understanding the IT accessibility compliance requirements, building your roadmap, and communicating with your department. This storyboard will help you figure out what’s needed from IT to support the business and launch accessibility with your team.

    • Initiate Digital Accessibility for IT – Phases 1-2

    2. IT Manager Meeting Template – A clear, concise, and compelling communication to introduce accessibility for your organization to IT managers and to facilitate their participation in building the roadmap.

    Accessibility compliance can be overwhelming at first. Use this template to simplify the requirements for the IT managers and build out a roadmap.

    • IT Manager Meeting Template

    3. Accessibility Compliance Tracking Tool – This tool helps to decrease the overwhelm of accessibility compliance. Narrow down the list of controls needed to the ones that apply to your organization and to IT.

    Using the EN 301 549 V3.2.1 (2021-03) as a basis for digital accessibility conformance. Use this tool to build a priorities list of requirements that are applicable to your organization.

    • Accessibility Compliance Tracking Tool

    4. Departmental Meeting Template – Cascade your communication down to the IT department with this facilitation guide for introducing accessibility and the roadmap to the entire IT team.

    Use this pre-built slide deck to customize your accessibility communication to the IT department. It will help you build a shared vision for accessibility, a current state picture, and plans to build to the target future state.

    • Departmental Meeting Template
    • Accessibility Quick Cards

    Infographic

    Further reading

    Initiate Digital Accessibility For IT

    Make accessibility accessible.

    EXECUTIVE BRIEF

    Analyst Perspective

    Accessibility is a practice, not a project.

    Accessibility is an organizational directive; however, IT plays a fundamental role in its success. As business partners require support and expertise to assist with their accessibility requirements IT needs to be ready to respond. Even if your organization hasn't fully committed to an accessibility standard, you can proactively get ready by planting the seeds to change the culture. By building understanding and awareness of the significant impact technology has on accessibility, you can start to change behaviors.

    Implementing an accessibility program requires many considerations: legal requirements; international guidelines, such as Web Content Accessibility Guidelines (WCAG); training for staff; ongoing improvement; and collaborating with accessibility experts and people with disabilities. It can be overwhelming to know where to start. The tendency is to start with compliance, which is a fantastic first step. For a sustained program use, change management practices are needed to change behaviors and build inclusion for people with disabilities.

    15% of the world's population identify as having some form of a disability (not including others that are impacted, e.g. caretakers, family). Why would anyone want to alienate over 1.1 billion people?

    This is a picture of Heather Leier-Murray

    Heather Leier-Murray
    Senior Research Analyst, People & Leadership
    Info-Tech Research Group

    Disability is part of being human

    Merriam-Webster defines disability as a "physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person's ability to engage in certain tasks or actions or participate in typical daily activities and interactions."(1)

    The World Health Organization points out that a crucial part of the definition of disability is that it's not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.(2)

    The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.(2)

    Many people acquire disabilities as they age yet may not identify as "a person with a disability."3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. (4)

    "Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out."
    – Paudie Healy, CEO, Universal Access

    (1.) Merriam-Webster
    (2.) World Health Organization, 2022
    (3.) Digital Leaders, as cited in WAI, 2018
    (4.) Disabled World, as cited in WAI, 2018

    Executive Summary

    Your Challenge

    You know the push for accessibility is coming in your organization. You might even have a program started or approval to build one. But you're not sure if you and your team are ready to support and enable the organization on its accessibility journey.

    Common Obstacles

    Understanding where to start, where accessibility lives, and if or when you're done can be overwhelmingly difficult. Accessibility is an organizational initiative that IT enables; being able to support the organization requires a level of understanding of common obstacles.

    • Determining IT requirements (legal and business needs) is overwhelming.
    • Prioritizing people in the process is often overlooked.
    • Mandating changes instead of motivating change isn't sustainable.

    Info-Tech's Approach

    Prepare your people for accessibility and inclusion, even if your organization doesn't have a formal standard yet. Take your accessibility from mandate to movement, i.e. from Phase 1 - focused on compliance to Phase 2 - driven by experience for sustained change.

    • Use this blueprint to build your accessibility plan while prioritizing the necessary culture change.
    • Use change management and communication practices to elicit the behavior shift needed to sustain accessibility.

    Info-Tech Insight

    Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging because the tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.

    Your challenge

    This research is designed to help IT leaders who are looking to:

    • Determine accessibility requirements of IT based on the business' needs and priorities, and the existing standards and regulations.
    • Prepare the IT leaders to implement and sustain accessibility and prepare for the behavior shift that is necessary.
    • Build the plan for IT as it pertains to accessibility, including a list of business needs and priorities, and prioritization of accessibility initiatives that IT is responsible for.
    • Ensure that accessibility is sustained in the IT department by following phase 2 of this blueprint on using change management and communication to impact behavior and change the culture.

    90% of companies claim to prioritize diversity.
    Source: Harvard Business Review, 2020

    Over 30% of those that claim to prioritize diversity are focused on compliance.
    Source: Harvard Business Review, 2022

    Accessibility is an organizational initiative

    Is IT ready and capable to enable it?

    • With increasing rates of lawsuits related to digital accessibility, more organizations are prioritizing initiatives to support increased accessibility. About 68% of Applause's survey respondents indicated that digital accessibility is a higher priority for their organization than it was last year.
    • This increase in priority will trickle into IT's tasks – get ahead and start working toward accessibility proactively so you're ready when business requests start coming in.

    A survey of nearly 1,800 respondents conducted by Applause found that:

    • 79% of respondents rated digital accessibility either a top priority or important for their organizations.
    • 42% of respondents indicated they have limited or no in-house expertise or resources to test accessibility.
      Source: Business Wire, May 2022

    How organizations prioritize digital accessibility

    • 43% rated accessibility as a top priority.
    • 36% rated accessibility as important.
    • Fewer than 5% rated accessibility as either low priority or not even on the radar.
    • More than 65% agreed or strongly agreed that accessibility is a higher priority than last year.

    Source: Angel Business Communications, 2022

    Why organizations address accessibility

    Top three reasons:

    1. 61% To comply with laws
    2. 62% To provide the best user experience
    3. 78% To include people with disabilities
      Source: Level Access, 2022

    Still, most businesses aren't meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.

    Source: Institute for Disability Research, Policy, and Practice, 2022

    Info-Tech's approach to Initiate Digital Accessibility

    An image of the Business Case for Accessibility

    The Info-Tech difference:

    1. Phase 1 of this blueprint gets you started and helps you build a plan to get you to the initial compliance driven maturity level. It's focused more on standards and regulations than on the user and employee experience.
    2. Phase 2 takes you further in maturity and helps you become experience driven in your efforts. It focuses on building your accessibility maturity into the developing, defined, and managed levels, as well as balancing mandate and movement of the accessibility maturity continuum.

    Determining conformance seems overwhelming

    Unfortunately, it's the easier part.

    • Focus on local regulations and what corporate leaders are setting as accessibility standards for the organization. This will narrow down the scope of what compliance looks like for your team.
    • Look to best practices like WCAG guidelines to ensure digital assets are accessible and usable for all users. WCAG's international guideline outlines principles that can also aid in scoping.
    • In phase 1 of this blueprint, use the Accessibility Compliance Tracking Toolto prioritize criteria and legislation for which IT is responsible.
    • Engage with business partners and other areas of the organization to figure out what is needed from IT. Accessibility is an organizational initiative; it shouldn't be on IT to figure it all out. Determine what your team is specifically responsible for before tackling it all.

    Motivating behavior change

    This is the hard part.

    Changing behaviors and mindsets is necessary to be experience driven and sustain accessibility.

    • Compliance is the minimum when it comes to accessibility, much like employment or labor regulations.
    • Making accessibility an organizational imperative is an iterative process. Managing the change is hard. People, culture, and behavior change matures accessibility from compliance driven to experience driven, increasing the benefits of accessibility.
    • Focus accessibility initiatives on improving the experience of everyone and improving engagement (customer and employee).
    • Being people focused and experience driven enables the organization to provide the best user experience and realize the benefits of accessibility.

    A picture of Jordyn Zimmerman

    "Compliance is the minimum. And when we look at web tech, people are still arguing about their positioning on the standards that need to be enforced in order to comply, forgetting that it isn't enough to comply."
    -- Jordyn Zimmerman, M.Ed., Director of Professional Development, The Nora Project, and Appointee, President's Committee for People with Intellectual Disabilities.

    This is an image of the Info-Tech Accessibility Maturity Framework Table.

    To see more on the Info-Tech Accessibility Maturity Framework:

    The Accessibility Business Case for IT

    Think of accessibility like you think of IT security

    Use IT security concepts to build your accessibility program.

    • Risk management: identify and prioritize accessibility risks and implement controls to mitigate those risks.
    • Compliance: use an IT security-style compliance approach to ensure that the accessibility program is compliant with the many accessibility regulations and standards.
    • Defense in depth: implement multiple layers of accessibility controls to address different types of accessibility risks and issues.
    • Response and recovery: quickly and effectively respond to accessibility issues, minimizing the potential impact on the organization and its users.
    • End-user education: educate end users about accessibility best practices, such as how to use assistive technologies and how to report accessibility issues.
    • Monitor and audit: use monitoring and auditing tools to ensure that accessibility remains over time and to identify and address issues that arise.
    • Collaboration: ensure the accessibility program is effective and addresses the needs of all users by collaborating with accessibility experts and people with disabilities.

    "As an organization matures, the impact of accessibility shifts. A good company will think of security at the very beginning. The same needs to be applied to accessibility thinking. At the peak of accessibility maturity an organization will have people with disabilities involved at the outset."
    -- Cam Beaudoin, Owner, Accelerated Accessibility

    This is a picture of Cam Beaudoin

    Info-Tech's methodology for Initiate Digital Accessibility for IT

    1. Planning IT's accessibility requirements

    2. Change enablement of accessibility

    Phase Steps

    1. Determine accessibility requirements of IT
    2. Build the IT accessibility plan
    1. Build awareness
    2. Support new behaviors
    3. Continuous reinforcement

    Phase Outcomes

    List of business needs and priorities related to accessibility

    IT accessibility requirements for conformance

    Assessment of state of accessibility conformance

    Prioritization of accessibility initiatives for IT

    Remediation plan for IT related to accessibility conformance

    Accessibility commitment statement

    Team understanding of what, why, and how

    Accessibility Quick Cards

    Sustainment plan

    Insight summary

    Overarching insight

    Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging. The tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.

    Insight 1

    Compliance is the minimum; people and behavior changes are the hardest part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility makes the necessary behavior changes easier. Communicate, communicate, and communicate some more.

    Insight 2

    Think about accessibility like you think about IT security. Use IT security concepts that you and your team are already familiar with to initiate the accessibility program.

    Insight 3

    People are learning a new way to behave and think; this can be an unsettling period. Patience, education, communication, support, and time are keys for success of the implementation of accessibility. There is a transition period needed; people will gradually change their practices and attitudes. Celebrate small successes as they arise.

    Insight 4

    Accessibility isn't a project as there is no end. Effective planning and continuous reinforcement of "the new way of doing things" is necessary to enable accessibility as the new status quo.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    IT Manager Meeting Template

    IT Manager Meeting Template
    Use this meeting slide deck to work with IT managers to build out the accessibility remediation plan and commitment statement.

    Departmental Meeting Template

    Departmental Meeting Template
    Use this meeting slide deck to introduce the concept of accessibility and communicate IT goals and objectives.

    Accessibility Quick Cards

    Accessibility Quick Cards
    Using the Info-Tech IT Management and Governance Framework to identify key activities to help improve and maintain the accessibility of your organization and your core IT processes.

    Key deliverable:

    Accessibility Compliance Tracking Tool

    Accessibility Compliance Tracking Tool
    This tool will assist you in identifying remediation priorities applicable to your organization.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Know and understand your role and responsibility in accessibility implementation within the organization.
    • Provide effective support and excellent business service experience to internal stakeholders related to accessibility.
    • You will be set up to effectively support your team through the necessary behavior, process, and thinking changes.
    • Proactively prepare for accessibility requests that will be coming in.
    • Move beyond compliance to support your organization's sustainment of accessibility.
    • Don't lose out on a trillion-dollar market.
    • Don't miss opportunities to work with organizations because you're not accessible.
    • Enable and empower current employees with disabilities.
    • Minimize potential for negative brand reputation due to a lack of consideration for people with disabilities.
    • Decrease the risk of legal action being brought upon the organization.

    Measure the value of this blueprint

    Improve IT effectiveness and employee buy-in to change.

    Measuring the effectiveness of your program helps contribute to a culture of continuous improvement. Having consistent measures in place helps to inform decisions and enables your plan to be iterative to take advantage of emerging opportunities.

    Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.

    Remember, accessibility is not a project – just because measures are positive does not mean your work is done.

    In phase 1 of this blueprint, we will help you establish metrics for your organization.
    In phase 2, we will help you develop a sustainment for achieving those metrics.

    A screenshot of the slide titled Establish Baseline Metrics.

    Suggested Metrics
    • Overall end-customer satisfaction
    • Requests for accommodation or assistive technology fulfilled
    • Employee engagement
    • Overall compliance status

    Info-Tech's IT Metrics Library

    Executive brief case study

    INDUSTRY: Technology


    SOURCE: Microsoft.com
    https://blogs.microsoft.com/accessibility/accessib...

    Microsoft

    Microsoft's accessibility journey starts with the goal of building a culture of accessibility and disability inclusion. They recognize that the starting point for the magnitude of organizational change is People.

    "Accessibility in Action Badge"

    Every employee at Microsoft is trained on accessibility to build understanding of why and how to be inclusive using accessibility. The program entails 90 minutes of virtual content.

    Microsoft treats accessibility and inclusion like a business, managing and measuring it to ensure sustained growth and success. They have worked over the years to bust systemic bias company-wide and to build a program with accessibility criteria that works for their business.

    Results

    The program Microsoft has built allows them to shift the accessibility lens earlier in their processes and listen to its users' needs. This allows them to continuously mature their accessibility program, which means continuously improving its users' experience.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided implementation

    What does a typical guided implementation (GI) on this topic look like?

    Phase 1 Phase 2

    Call #1: Discuss motivation for the initiative and foundational knowledge requirements.
    Call #2: Discuss stakeholder analysis and business needs of IT.

    Call #3: Identify current maturity and IT accountabilities.
    Call #4: Discuss introduction to senior IT leaders and drivers.
    Call #5: Discuss manager meeting outline and slides.

    Call #6: Review key messages and next steps to prepare for departmental meeting.
    Call #7: Discuss post-meetings next steps and timelines.

    Call #8: Review sustainment plan and plan next steps.

    A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is eight to ten calls over the course of four to six months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Understand Your Legislative Environment

    Understand Your Current State

    Define the
    IT Target State

    Build the IT Accessibility Plan

    Prepare for Change Enablement

    Next Steps and
    Wrap-Up

    Activities

    0.1 Make a list of the legislation you need to comply with
    0.2 Seek legal counsel or and/or professional services' input on compliance
    0.3 Complete the Accessibility Maturity Assessment
    0.4 Conduct stakeholder analysis

    1.1 Define the risks of inaction
    1.2 Review maturity assessment
    1.3 Conduct stakeholder focus group

    2.1 Define IT compliance accountabilities
    2.2 Define IT accessibility goals/objectives/ metrics
    2.3 Indicate the target-state maturity

    3.1 Assess current accessibility compliance and mitigation
    3.2 Decide on priorities
    3.3 Write an IT accessibility commitment statement

    4.1 Prepare the roadmap
    4.2 Prepare the communication plan

    5.1 Complete in-progress deliverables from previous four days
    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Legislative requirements for your organization
    2. List of stakeholders
    3. Completed maturity assessment.
    1. Defined risks of inaction
    2. Stakeholder analysis completed with business needs identified
    1. IT accessibility goals/objectives
    2. Target maturity
    1. Accessibility Compliance Tracking Tool completed
    2. Accessibility commitment statement
    3. Current compliance and mitigation assessed
    1. IT accessibility roadmap
    2. Communication plan
    1. IT accessibility roadmap
    2. Communication plan

    Phase 1

    Planning IT's Accessibility Requirements.

    Phase 1

    Phase 2

    1.1 Determine accessibility requirements of IT

    1.2 Build IT accessibility plan

    2.1 Build awareness

    2.2 Support new behaviors

    2.3 Continuous reinforcement

    Initiate Digital Accessibility For IT

    This phase will walk you through the following activities:

    • Analyzing stakeholders to determine accessibility needs of business for IT.
    • Determining accessibility compliance requirements of IT.
    • Build a manager communication deck.
    • Assess current accessibility compliance and mitigation.
    • Prioritize and assign timelines.
    • Build a sunrise diagram to visualize your accessibility roadmap.
    • Write an IT accessibility commitment statement.

    This phase involves the following participants:

    • CIO
    • IT leadership team
    • Business partners in other areas of the organization (e.g., HR, finance, communications)

    Step 1.1

    Determine the accessibility requirements of IT.

    Activities

    1.1.1 Determine what the business needs from IT
    1.1.2 Complete the Accessibility Maturity Assessment (optional)
    1.1.3 Determine IT compliance requirements
    1.1.4 Define target state
    1.1.5 Create a list of goals and objectives
    1.1.6 Finalize key metrics
    1.1.7 Prepare a meeting for IT managers

    Prepare to support the organization with accessibility

    This step involves the following participants:

    • CIO
    • IT senior leaders
    • IT managers
    • Business partners in other areas of the organization (e.g., HR, finance, communications)

    Outcomes of this step

    • Stakeholder analysis with business needs listed
    • Defined target future state
    • List of goals and objectives
    • Key metrics
    • Communication deck for IT management rollout meeting

    While defining future state, consider your drivers

    The Info-Tech Accessibility Maturity Framework identifies three key strategic drivers: compliance, experience, and incorporation.

    • Over 30% of organizations are focused on compliance, according to a 2022 survey by Harvard Business Review and Slack's Future Forum. The survey asked more than 10,000 workers in six countries about their organizations' approach to diversity, equity, and inclusion (DEI).(2)
    • Even though 90% of companies claim to prioritize diversity, over 30% are focused on compliance.(1)

    1. Harvard Business Review, 2020
    2. Harvard Business Review, 2022

    31.6% of companies remain in the compliant stage where they are focused on DEI compliance and not on integrating DEI throughout the organization or on creating continual improvement, from Harvard Business Review 2022.

    Info-Tech accessibility maturity framework

    This is an image of Info-Tech's accessibility maturity framework

    Info-Tech Insight

    IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to IT accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.

    After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you'll optimize by continuously improving.

    Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.

    At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.

    Align the benefits of program drivers to organizational goals or outcomes

    Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.

    This is an image of a table describing the maturity level; Description; Advantages, and Disadvantages for the three drivers: Compliance; Experience; and Incorporation.

    Accessibility maturity levels

    Driver Description Benefits
    Initial Compliance
    • Accessibility processes are mostly undocumented.
    • Accessibility happens mostly on a reactive or ad hoc basis.
    • No one is aware of who is responsible for accessibility or what role they play.
    • Heavily focused on complying with regulations and standards to decrease legal risk.
    • The organization is aware of the need for accessibility.
    • Legal risk is decreased.
    Developing Experience
    • The organization is starting to take steps to increase accessibility beyond compliance.
    • Lots of opportunity for improvement.
    • Defining and refining processes.
    • Working toward building a library of assistive tools.
    • Awareness of the need for accessibility is growing.
    • Process review for accessibility increases process efficiency through avoiding rework.
    Defined Experience
    • Accessibility processes are repeatable.
    • There is a tendency to resort to old habits under stress.
    • Tools are in place to facilitate accommodation.
    • Employees know accommodations are available to them.
    • Accessibility is becoming part of daily work.
    Managed Experience
    • Defined by effective accessibility controls, processes, and metrics.
    • Mostly anticipating preferences.
    • Roles and responsibilities are defined.
    • Disability is included as part of DEI.
    • Employees understand their role in accessibility.
    • Engagement is positively impacted.
    • Attraction and retention are positively impacted.
    Optimized Incorporation
    • Not the goal for every organization.
    • Characterized by a dramatic shift in organizational culture and a feeling of belonging.
    • Ongoing continuous improvement.
    • Seamless interactions with the organization for everyone.
    • Using feedback to inform future initiatives.
    • More likely to be innovative and inclusive, reach more people positively, and meet emerging global legal requirements.
    • Better equipped for success.

    Cheat sheet: Identify stakeholders

    Ask stakeholders, "Who else should I be talking to?" to discover additional stakeholders and ensure you don't miss anyone.

    Identify stakeholders through the following questions:

    Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.

    • Who in areas of influence will be adversely affected by potential environmental and social impacts of what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?
    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who is negatively impacted by the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who are the owners, governors, customers, and suppliers of impacted capabilities or functions?
    • Executives
    • Peers
    • Direct reports
    • Partners
    • Customers
    • Subcontractors
    • Suppliers
    • Contractors
    • Lobby groups
    • Regulatory agencies

    Categorize your stakeholders with a stakeholder prioritization map

    A stakeholder prioritization map help teams categorize their stakeholders by their level of influence and ownership.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    This is an image of a quadrant analysis for mediators; players; spectators; and noisemakers.
    • Players – Players have a high interest in the initiative and high influence to affect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
    • Mediators – Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – Generally, spectators are apathetic and have little influence over or interest in the initiative.

    Strategize to engage stakeholders by type

    Each group of stakeholders draws attention and resources away from critical tasks.

    By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of the mediators and players are met.

    Type Quadrant Actions
    Players High influence, high interest Actively Engage
    Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
    Mediators High influence, low interest Keep Satisfied
    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest Keep InformedTry to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using mediators to help them.
    Spectators Low influence, low interest MonitorThey are followers. Keep them in the loop by providing clarity on objectives and status updates.

    1.1.1 Determine what the business needs from IT (stakeholder analysis)

    1.5 hours

    1. Consider all the potential individuals or groups of individuals who will be impacted or influence the accessibility needs of IT.
    2. List each of the stakeholders you identify. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that potentially have needs from IT related to accessibility before, during, or after the initiative.
    3. As you list each stakeholder, consider how they perceive IT. This perception could impact how you choose to interact with them.
    4. For each stakeholder identified as potentially having a business need requirement for IT related to accessibility, conduct an analysis to understand their degree of influence or impact.
    5. Based on the stakeholder, the influence or impact of the business need can inform the interaction and prioritization of IT requirements.
    6. Update slide 9 of the IT Manager Meeting Template.

    Input

    • The change
    • Why the change is needed
    • Key stakeholder map from activity 2.1.1 of The Accessibility Business Case for IT (optional)

    Output

    • The degree of influence or impact each stakeholder has on accessibility needs from IT

    Materials

    • Stakeholder Management Analysis Tool (optional)

    Participants

    • CIO/ head of IT/ initiative lead
    • Business partners

    Proactively consider how accessibility could be received

    Think about the positive and negative reactions you could face about implementing accessibility.

    It's likely individuals will have an emotional reaction to change and may have different emotions at different times during the change process.
    Plan for how to leverage support and deal with resistance to change by assessing people's emotional responses:

    • What are possible questions, objections, suggestions, and concerns that might arise.
    • How will you respond to the possible questions and concerns.
    • Include proactive messaging in your communications that address possible objections.
    • Express an understanding for others point of views by re-positioning objections and suggestions as questions.

    This is an image of the 10 change chakras

    Determine your level of maturity

    Use Info-Tech's Accessibility Maturity Assessment.

    On the accessibility questionnaire, tab 2, choose the amount you agree or disagree with each statement. Answer the questions based on your knowledge of your current state organizationally.

    Once you've answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.

    Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the "Optimize" maturity level.

    A series of three screenshots from the Accessibility Maturity Assessment

    Download the Accessibility Maturity Assessment

    1.1.2 Complete the Accessibility Maturity Assessment (optional)

    1. Download the Accessibility Maturity Assessment and save it with the date so that as you work on your accessibility program, you can reassess later and track your progress.
    2. Once you have saved the assessment, select the appropriate answer for each statement on tab 2, Accessibility Questions, based on your knowledge of the organization's approach.
    3. After reviewing all the accessibility statements, see your maturity level results on tab 3, Accessibility Results. Then see tab 4, Recommendations, for suggestions based on your answers.
    4. Document your accessibility maturity results on slides 12 and 13 of the IT Manager Meeting Template and slide 17 of the Departmental Meeting Template.
    5. Use the maturity assessment results in activity 1.1.3.

    Input

    • Assess your current state of accessibility by choosing all the statements that apply to your organization

    Output

    • Identified accessibility maturity level

    Materials

    • Accessibility Maturity Assessment
    • Accessibility Business Case Template

    Participants

    • Project leader/sponsor
    • IT leadership team

    1.1.3 Determine IT compliance responsibilities

    1-3 hours

    Before you start this activity, you may need to discuss with your organization's legal counsel to determine the legislation that applies to your organization.

    1. Determine which controls apply to your organization based on your knowledge of the organization goals, stakeholders, and accessibility maturity target. If you haven't determined your current and future state maturity model, use the Info-Tech resource from the Accessibility Business Case for IT(see previous two slides).
    2. Using the drop down in column J – Applies to My Org., select "Yes" or "No" for each control on each of the data entry tabs of the Accessibility Compliance Tracking Tool.
    3. For each control you have selected "Yes" for in column J, identify the control owner in column I.
    4. Update slide 10 in the IT Manager Meeting Template and slide 13 in the IT Departmental Meeting Template.

    Input

    • Local, regional, and/or global legislation and guidelines applicable to your organization
    • Organizational accessibility standard
    • Business needs list
    • Completed Accessibility Maturity Assessment (optional)

    Output

    • List of legislation and standards requirements that are narrowed based on organization need

    Materials

    • Accessibility Maturity Assessment
    • Accessibility Business Case Template

    Participants

    • CIO/ head of IT/ CAO/ initiative leader
    • Legal counsel

    Download the Accessibility Compliance Tracking Tool

    1.1.4 Conduct future-state analysis*

    Identify your target state of maturity.

      1. Provide the group with the accessibility maturity levels to review as well as the slides on the framework and drivers (slides 27-29).
      2. Ask the group to brainstorm pain points created by inaccessibility (e.g. challenges related to stakeholders, process issues).
      3. Next, discuss opportunities to be gained from improving these practices.
      4. Then, have everyone look at the accessibility maturity levels and, based on the descriptions, determine as a group the current maturity level of accessibility in your organization .
      5. Next, review the benefits listed on the accessibility maturity levels slide to those that you named in step 3 and determine which maturity level best describes your target state. Discuss as a group and agree on one desired maturity level to reach.
      6. Document your current and target states on slide 14 of the IT Manager Meeting Template.

    *Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activities 2.1.2 and 2.1.3.

    Input

    • Accessibility maturity levels chart, framework, and drivers slides
    • Maturity level assessment results (optional)

    Output

    • Target maturity level documented

    Materials

    • Paper and pens
    • Handouts of maturity levels

    Participants

    • CIO
    • IT senior leaders

    What does a good goal look like?

    SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.

    Use the SMART framework to build effective goals.

    S

    Specific: Is the goal clear, concrete, and well defined?

    M

    Measurable: How will you know when the goal is met?

    A

    Achievable: Is the goal possible to achieve in a reasonable time?

    R

    Relevant: Does this goal align with your responsibilities and with departmental and organizational goals?

    T

    Time-based: Have you specified a time frame in which you aim to achieve the goal?

    1.1.5 Create a list of goals and objectives*

    Use the outcomes from activity 1.2.1.

    1. Using the information from activity 1.2.1, develop goals.
    2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
    3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
    4. Document your goals and objectives on slides 6 and 9 in your IT Manager Meeting Template.

    *Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.1.

    Input

    • Outcomes of activity 1.2.1
    • Organizational and departmental goals

    Output

    • Accessibility goals and objectives identified

    Materials

    • n/a

    Participants

    • CIO/ head of IT/ initiative lead
    • IT senior leaders

    Establish baseline metrics

    Baseline metrics will be improved through:

    1. Progressing through the accessibility maturity model.
    2. Addressing accessibility earlier in processes with input from people with disabilities.
    3. Motivating behavior changes and culture that supports accessibility and disability inclusion.
    4. Ensuring compliance with regulations and standards.
    5. Focusing on experience and building a disability inclusive culture.
    Metric Definition Calculation
    Overall end-customer satisfaction The percentage of end customers who are satisfied with the IT department. Number of end customers who are satisfied / Total number of end customers
    Requests for accommodation or assistive technology fulfilled The percentage of accommodation/assistive technology requests fulfilled by the IT department. Number of requests fulfilled / Total number of requests
    Employee engagement The percentage of employees who are engaged within an organization. Number of employees who are engaged / Total number of employees
    Overall compliance status The percentage of accessibility controls in place in the IT department. The number of compliance controls in place / Total number of applicable accessibility controls

    1.1.6 Finalize key metrics*

    Finalize key metrics the organization will use to measure accessibility success.

    1. Brainstorm how you will measure the success of each goal you identified in the previous activity, based on the benefits, challenges, and risks you previously identified.
    2. Write each of the metric ideas down and finalize three to five key metrics which you will track. The metrics you choose should relate to the key challenges or risks you have identified and match your desired maturity level and driver.
    3. Document your key metrics on slide 15 of your IT Manager Meeting Templateand slide 23 of the Departmental Meeting Template.

    Input

    • Accessibility challenges and benefits
    • Goals from activity 1.2.2

    Output

    • Three to five key metrics to track

    Materials

    • n/a

    Participants

    • IT leadership team
    • Project lead/sponsor

    *Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.2.

    Use Info-Tech's template to communicate with IT managers

    Cascade messages down to IT managers next. This ensures they will have time to internalize the change before communicating it to others.

    Communicate with and build the accessibility plan with IT managers by customizing Info-Tech's IT Manager Meeting Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.

    It includes:

    • Project scope and objectives
    • Current state analysis
    • Compliance planning
    • Commitment statement drafting

    IT Manager Meeting Template

    Download the IT Manager Meeting Template

    Info-Tech Insight

    Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.

    1.1.7 Prepare a meeting for IT managers

    Now that you understand your current and desired accessibility maturity, the next step is to communicate with IT managers and begin planning your initiatives.

    Know your audience:

    1. Consider who will be included in your presentation audience.
    2. You want your presentation to be succinct and hard-hitting. Managers are under huge demands and time is tight, they will lose interest if you drag out the delivery.
    3. Contain the presentation and planning activities to no more than an afternoon. You want to ensure adequate time for questions and answers, as well as the planning activities necessary to inform the roll out to the larger IT department later.
    4. Schedule a meeting with the IT managers.

    Download the IT Manager Meeting Template

    Input

    • Activity results

    Output

    • A completed presentation to communicate your accessibility initiatives to IT managers

    Materials

    • IT Manager Meeting Template

    Participants

    • CIO/ head of IT/ initiative lead
    • IT senior leaders
    • IT managers

    Step 1.2

    Build the IT accessibility action plan.

    Activities

    1.2.1 Assess current accessibility compliance and mitigation

    1.2.2 Decide on your priorities

    1.2.3 Add priorities to the roadmap

    1.2.4 Write an IT accessibility commitment statement

    Planning IT's accessibility requirements

    This step involves the following participants:

    • CIO/ head of IT/ initiative lead
    • IT senior leaders
    • IT managers

    Outcomes of this step

    • Priority controls and mitigation list with identified control owners.
    • IT accessibility commitment statement.
    • Draft visualization of roadmap/sunrise diagram.

    Involve managers in assessing current compliance

    To know what work needs to happen you need to know what's already happening.

    Use the spreadsheet from activity 1.1.3 where you identified which controls apply to your organization.

    Have managers work in groups to identify which controls (of the applicable ones) are currently being met and which ones have an existing mitigation plan.

    Info-Tech Insight

    Based on EN 301 549 V3.2.1 (2021-03) as a basis for digital accessibility conformance. This tool is designed to assist you in building a priorities list of requirements that are applicable to your organization. EN 301 549 is currently the most robust accessibility regulation and encompasses other regulations within it. Although EN 301 549 is the European Standard, other countries are leaning on it as the standard they aspire to as well.

    This is an image of the Compliance Tracing Tool, with a green box drawn around the columns for Current Compliance, and Mitigation.

    1.2.1 Assess current accessibility compliance and mitigation

    1-3 hours

    1. Share the Accessibility Compliance Tracking Tool with the IT leaders and managers during the meeting with IT management that you scheduled in activity 1.1.7.
    2. Break into smaller groups (or if too small, continue as a single group):
      1. Divide up the controls between the small groups to work on assessing current compliance and mitigation plans.
      2. For each control that is identified as applying to your organization, identify if there currently is compliance by selecting "yes" from the drop-down. For controls where the organization is not compliant, select "no" and identify if there is a mitigation plan in place by selecting "yes" or "no" in column L.
      3. Use the comments column to add any pertinent information regarding the control.

    Input

    • List of IT compliance requirements applicable to the org. from activities 1.1.2 and 1.1.3

    Output

    • List of IT compliance requirements that have current compliance or mitigation plans

    Materials

    • Accessibility Compliance Tracking Tool

    Participants

    • CIO
    • IT senior leaders
    • IT managers

    Download the Accessibility Compliance Tracking Tool

    Involve managers in building accountability into the accessibility plan

    Building accountability into your compliance tracking will help ensure accessibility is prioritized.

    Use the spreadsheet from activity 1.3.1.

    Have managers work in the same groups to prioritize controls by assigning a quarterly timeline for compliance.

    An image of the Compliance Tracking tool, with the timeline column highlighted in green.

    1.2.2 Decide on your priorities

    1-3 hours

    1. In the same groups used in activity 1.2.1, prioritize the list of controls that have no compliance and no mitigation plan.
    2. As you work through the spreadsheet again, assign a timeline using the drop-down menu in column M for each control that applies to the organization and has no current compliance. Consider the following in your prioritization:
      1. Does the control impact customers or is it public-facing?
      2. What are the business needs related to accessibility?
      3. Does the team currently have the skills and knowledge needed to address the control?
      4. What future state accessibility maturity are you targeting?
    3. Be prepared to review with the larger group.

    Input

    • List from activity 1.2.1
    • Business needs from activity 1.1.1

    Output

    • List of IT compliance requirements with accountability timelines

    Materials

    • Accessibility Compliance Tracking Tool

    Participants

    • CIO
    • IT senior leaders
    • IT managers

    Download the Accessibility Compliance Tracking Tool

    Review your timeline

    Don't overload your team. Make sure the timelines assigned in the breakout groups make sense and are realistic.

    A screenshot of the Accessibility Compliance Dashboard.

    Download the Accessibility Compliance Tracking Tool

    Empty roadmap template

    An image of an empty Roadmap Template.

    1.2.3 Add priorities to the roadmap

    1 hour

    1. Using the information entered in the compliance tracking spreadsheet during activities 1.2.1 and 1.2.2, build a visual representation to capture your strategic initiatives over time, using themes and timelines. Consider group initiatives in four categories, technology, people, process, and other.
    2. Copy and paste the controls onto the roadmap from the Accessibility Compliance Tracking Toolto the desired time quadrant on the roadmap.
    3. Set your desired timelines by changing the Q1-Q4 blocks (set the timelines that make sense for your situation).

    Input

    • Output of activity 1.2.2
    • Roadmap template
    • Other departmental project plans and timelines

    Output

    • Visual roadmap of accessibility compliance controls

    Materials

    • n/a

    Participants

    • CIO
    • IT senior leaders
    • IT managers

    Communicate commitment

    Support people leaders in leading by example with an accessibility commitment statement.

    A commitment statement communicates why accessibility and disability inclusion are important and guides behaviors toward the ideal state. The statement will guide and align work, build accountability, and acknowledge the dedication of the leadership team to accessibility and disability inclusion. The statement will:

    • Publicly commit the team to fostering disability inclusivity.
    • Highlight related values and goals of the team or organization.
    • Set expectations.
    • Help build trust and increase feelings of belonging.
    • Connect the necessary changes (people, process, and technology related) to organization strategy.

    Take action! Writing the statement is only the first step. It takes more than words to build accessibility and make your work environment more disability inclusive.

    Info-Tech Insight

    Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.

    Sample accessibility commitment statements

    theScore

    "theScore strives to provide products and services in a way that respects the dignity and independence of persons with disabilities. We are committed to giving persons with disabilities the same opportunity to access our products and services and allowing them to benefit from the same services, in the same place and in a similar way as other clients. We are also committed to meeting the needs of persons with disabilities in a timely manner, and we will meet applicable legislative requirements for preventing and removing barriers."(1)

    Apple Canada

    "Apple Canada is committed to ensuring equal access and participation for people with disabilities. Apple Canada is committed to treating people with disabilities in a way that allows them to maintain their dignity and independence. Apple Canada believes in integration and is committed to meeting the needs of people with disabilities in a timely manner. Apple Canada will do so by removing and preventing barriers to accessibility and meeting accessibility requirements under the AODA and provincial and federal laws across Canada." (2)

    Google Canada

    "We are committed to meeting the accessibility needs of people with disabilities in a timely manner, and will do so by identifying, preventing and removing barriers to accessibility, and by meeting the accessibility requirements under the AODA." (3)

    Source 1: theScore
    Source 2: Apple Canada
    Source 3: Google Canada.

    1.2.4 Write an IT accessibility commitment statement

    45 minutes

    1. As a group, brainstorm the key reasons and necessity for disability inclusion and accessibility for your organization, and the drivers and behaviors required. Record the ideas brainstormed by the group.
    2. Break into smaller groups or pairs (or if too small, continue as a single group):
      • Each group uses the brainstormed ideas to draft an accessibility commitment statement.
    3. Each smaller group shares their statement with the larger group and receives feedback. Smaller groups redraft their statements based on the feedback.
    4. Post each redrafted statement and provide each person two dot stickers to place on the two statements that resonate the most with them.
    5. Using the two statements with the highest number of dot votes, write the final accessibility commitment statement.
    6. Add the commitment statement to slide 18 of the Departmental Meeting Template.

    Input

    • Business objectives
    • Risks related to accessibility
    • Target future accessibility maturity

    Output

    • IT accessibility commitment statement

    Materials

    • Whiteboard/flip charts
    • Dot stickers or other voting mechanism

    Participants

    • CIO
    • IT senior leaders
    • IT managers

    Phase 2

    Change Enablement for Accessibility.

    Phase 1

    Phase 2

    1.1 Determine accessibility requirements of IT

    1.2 Build IT accessibility plan

    2.1 Build awareness

    2.2 Support new behaviors

    2.3 Continuous reinforcement

    This phase will walk you through the following activities:

    • Clarifying key messages
    • IT department accessibility presentation
    • Establishing a frequency and timeframe for communications
    • Obtaining feedback
    • Sustainment plan

    This phase involves the following participants:

    • CIO
    • IT senior leaders
    • IT managers
    • Other key business stakeholders
    • Marketing and communications team

    Be experience driven

    Building awareness and focusing on experience helps move along the accessibility maturity framework. Shifting from mandate to movement.

    In this phase, start to move beyond compliance. Build the IT team's understanding of accessibility, disability inclusion, and their role.
    Communicate the following messages to your team:

    • The motivation behind the change.
    • The reasons for the change.
    • And encourage feedback.

    Info-Tech Accessibility Maturity Framework

    an image of the Info-Tech Accessibility Maturity Framework

    Info-Tech Insight

    Compliance is the minimum; the people and behavior changes are the harder part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier. Communicate, communicate, and communicate some more.

    What is an organizational change?

    Before communicating, understand the degree of change.

    Incremental Change:

    • Changes made to improve current processes or systems (e.g. optimizing current technology).

    Transitional Change:

    • Changes that involve dismantling old systems and/or processes in favor of new ones (e.g. new product or services added).

    Transformational Change:

    • Significant change in organizational strategy or culture resulting in substantial shift in direction.

    Examples:

    • New or changed policy
    • Switching from on-premises to cloud-first infrastructure
    • Implementing ransomware risk controls
    • Implementing a Learning and Development Plan

    Examples:

    • Moving to an insourced or outsourced service desk
    • Developing a BI and analytics function
    • Integrating risk into organization risk
    • Developing a strategy (technology, architecture, security, data, service, infrastructure, application)

    Examples:

    • Organizational redesign
    • Acquisition or merger of another organization
    • Implementing a digital strategy
    • A new CEO or board taking over the organization's direction

    Consider the various impacts of the change

    Invest time at the start to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time. Evaluate the impact from a people, process, and technology perspective.

    Leverage a design thinking principle: Empathize with the stakeholder – what will change?

    People

    Process Technology
    • Team structure
    • Reporting structure
    • Career paths
    • Job skills
    • Responsibilities
    • Company vision/mission
    • Number of FTE
    • Culture
    • Training required
    • Budget
    • Work location
    • Daily workflow
    • Working conditions
    • Work hours
    • Reward structure
    • Required number of completed tasks
    • Training required
    • Required tools
    • Required policies
    • Required systems
    • Training required

    Change depends on how well people understand it

    Help people internalize what they can do to make the organization more inclusive.

    Anticipate responses to change:

    1. Emotional reaction – different people require different styles of management to guide them through the change. Individual's may have different emotions at different times during the change process. The more easily you can identify persona characteristics, the better you can manage them.
    2. Level of impact – the higher level of change on an individual's day-to-day, the more difficult it will be to adjust to the change. The more impactful the change, the more time focused on people management.

    an image showing staff personas at different stages through the change process.

    Quickly assess the size of change by answering these questions:

    1. Will the change affect your staff's daily work?
    2. Is the change high urgency?
    3. Is there a change in reporting relationships?
    4. Is there a change in skills required for staff to be successful?
    5. Will the change modify entrenched cultural practices?
    6. Is there a change in the mission or vision of the role?

    If you answered "Yes" to two or more questions, the change is bigger than you think. Your staff will feel the impact.

    Ensure effective communication by focusing on four key elements

    1. Audience
    • Stakeholders (either groups or individuals) who will receive the communication.
  • Message
    • Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.
  • Messenger
    • Person who delivers the communication to the audience. The communicator and owner are two different things.
  • Channel
    • Method or channel used to communicate to the audience.
  • Step 2.1

    Build awareness and define key messages for IT.

    This step involves the following participants:

    • IT leadership team
    • Marketing/communications (optional)

    Outcomes of this step

    • Key accessibility messages

    Determine the desired outcome of communicating within IT

    This phase is focused on communicating within IT. All communication has an overall goal. This outcome or purpose of communicating is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change will have on them. Consider each of the communication outcomes listed below.

    Communicating within IT

    • Obtain buy-in
    • Inform about the IT change
    • Create a training plan
    • Inform about department changes
    • Inform about organization changes
    • Inform about a crisis
    • Obtain adoption related to the change
    • Distribute key messages to change agents

    Departmental Meeting Template

    Departmental Meeting Template

    Accessibility Quick Cards

    Accessibility Quick Cards

    Establish and define key messages based on organizational objectives

    What are key messages?

    1. Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
    2. Distill key messages down from organizational objectives and use them to reinforce the organization's strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.

    How to establish key messages

    Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization's key messages:

    • Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
    • Look at the organization's values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

    The intent of key messages is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

    Info-Tech Insight

    Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me?, and specific expectations.

    2.1.1 Clarify the key messages

    30 minutes

    1. Brainstorm the key stakeholders and target audiences you will likely need to communicate with to sustain the accessibility initiative (depending on the size of your group, you might break into pairs or smaller groups and each work on one target audience).
    2. Based on the outcome expected from engaging the target audience in communications, define one to five key messages that should be expressed about accessibility.
    3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, plan of action, or next steps. The goal here is to ensure the target audience is included in the communication process.
    4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
    5. Document the key messages on Tab 3 of the Communications Planner Tool.

    Download the Communications Planner Tool

    Input

    • The change
    • Target audience
    • Communication outcomes

    Output

    • Key messages to support a consistent approach

    Materials

    • Communications Planner Tool
    • Sticky notes
    • Whiteboard

    Participants

    • IT leadership team
    • Marketing/communications partner (optional)

    Step 2.2

    Support new behaviors.

    Activities

    2.2.1 Prepare for IT department meeting

    2.2.2 Practice delivery of your presentation

    2.2.3 Hold department meeting

    This step involves the following participants:

    • Entire IT department

    Outcomes of this step

    • IT departmental meeting slides
    • Accessibility quick cards
    • Task list of how each IT team will support the accessibility roadmap

    Key questions to answer with change communication

    To effectively communicate change, answer questions before they're asked, whenever possible. To do this, outline at each stage of the change process what's happening next for the audience, as well as answer other anticipated questions. Pair key questions with core messages.

    Examples of key questions by change stage include:

    The outline for each stage of the change process, showing what happens next.

    2.2.1 Prepare for the IT departmental meeting

    2 hours

    1. Download the IT Department Presentation Template and follow the instructions on each slide to update for your organization.
    2. Insert information on the current accessibility maturity level. If you haven't determined your current and future state maturity level, use the Info-Tech resource from The Accessibility Business Case for IT.
    3. Review the presentation with the information added.
    4. Consider what could be done to make the presentation better:
      1. Concise: Identify opportunities to remove unnecessary information.
      2. Clear: It uses only terms or language the target audience would understand.
      3. Relevant: It matters to the target audience and the problems they face.
      4. Consistent: The message could be repeated across audiences.
    5. Schedule a departmental meeting or add the presentation to an existing departmental meeting.

    Download the Departmental Presentation Template

    Input

    • Organizational accessibility risks
    • Accessibility maturity current state
    • Outputs from manager presentation
    • Key messages

    Output

    • Prepared presentation to introduce accessibility to the entire IT department

    Materials

    • Departmental Presentation Template

    Participants

    • CIO/ head of IT/ CAO/ initiative leader

    Hone presentation skills before meeting with key stakeholders

    Using voice and body

    Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, frame – all have an impact on what might be conveyed.

    If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

    Be professional and confident

    State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

    Present in a way that is genuine to you and your voice. Whether you have an energetic personality or calm and composed personality, the presentation should be authentic to you.

    Connect with your audience

    Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

    Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Info-Tech Insight

    You are responsible for the response of your audience. If they aren't engaged, it is on you as the communicator.

    2.2.2 Practice delivery of your presentation and schedule department meeting

    45 minutes

    1. Take ten minutes to think about how to deliver your presentation. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
    2. Set a timer on your phone or watch. Record yourself if possible.
    3. Take a few seconds to center yourself and prepare to deliver your pitch.
    4. Practice delivery of your presentation out loud. Don't forget to use your body language and your voice to deliver.
    5. Listen to the recording. Are the ideas communicated correctly? Are you convinced?
    6. Review and repeat.

    Input

    • Presentation deck from activity 2.2.1
    • Best practices for delivering

    Output

    • An ability to deliver the presentation in a clear and concise manner that creates understanding

    Materials

    • Recorder
    • Timer

    Participants

    • CIO/ head of IT/ initiative leader

    2.2.3 Lead the IT department meeting

    1–2 hours

    1. Gather the IT department in a manner appropriate for your organization and facilitate the meeting prepared in activity 2.2.1.
    2. Within the meeting, capture all key action items and outcomes from the Quick Cards Development and Roadmap Planning.
    3. Following the meeting, review the quick cards that everyone built and share these with all IT participants.
    4. Update your sunrise diagram to include any initiatives that came up in the team meetings to support moving to experiential.

    Input

    • Presentation deck from activity 2.2.1

    Output

    • A shared understanding of accessibility at your organization and everyone's role
    • Area task list (including behavior change needs)
    • Accessibility quick cards

    Materials

    Participants

    • CIO/ head of IT/ initiative leader

    Download the Accessibility Quick Cards template

    Step 2.3

    Continuous reinforcement – keep the conversation going – sustain the change.

    Activities

    2.3.1 Establish a frequency and timeframe for communications

    2.3.2 Obtain feedback and improve

    2.3.3 Sustainment plan

    This step involves the following participants:

    • CIO/ head of IT/ initiative lead
    • IT leadership team

    Outcomes of this step

    • Assigned roles for ongoing program monitoring
    • Communication plan
    • Accessibility maturity monitoring plan
    • Program evaluation

    Communication is ongoing before, during, and after implementing a change initiative

    Just because you've rolled out the plan doesn't mean you can stop talking about it.

    An image of the five steps, with steps four and five highlighted in a green box. The five headings are: Identify and Prioritize; Prepare for initiative; Create a communication plan; Implement change; Sustain the desired outcome

    Don't forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

    2.3.1 Establish a frequency and timeframe

    30 minutes

    1. For each row in Tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
      • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
      • Timeframe: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
    2. When selecting the timeframe, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so that the message is not lost in the noise.
    3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organizations. And even then, it will sometimes require more than one conversation. Be mindful of this.

    Input

    • The change
    • Target audience
    • Communication outcome
    • Communication channel

    Output

    • Frequency and timeframe of the communication

    Materials

    • Communications Planner Tool
    • Sticky notes
    • Whiteboard

    Participants

    • Changes based on those who would be relevant to your initiative

    Download the Communications Planner Tool

    Ensure feedback mechanisms are in place

    Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

    Make sure you have established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

    • Evaluating intranet comments and interactions (e.g. likes, etc.) if this function is enabled.
    • Measuring comprehension and satisfaction through surveys and polls.
    • Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

    Feedback Mechanisms:

    • CIO business vision survey
    • Engagement surveys
    • Focus groups
    • Suggestion boxes
    • Team meetings
    • Random sampling
    • Informal feedback
    • Direct feedback
    • Audience body language
    • Repeating the message back

    Gather feedback on plan and iterate

    Who

    The project team gathers feedback from:

    • As many members of impacted groups as possible, as it helps build broad buy-in for the plan.
    • All levels (e.g. frontline employees, managers, directors).

    What

    Gather feedback on:

    • How to implement tactics successfully.
    • The timing of implementation (helps inform the next slide).
    • The resources required (helps inform the next slide).
    • Potential unforeseen impacts, questions, and concerns.

    How

    • Use focus groups to gather feedback.
    • Adjust sustainment plan based on feedback.

    Use Info-Tech's Standard Focus Group Guide

    2.3.2 Obtain feedback and improve

    20 minutes

    1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
    2. For each row, identify a feedback mechanism (slide 75) that could be used to enable the collection and confirm a successful outcome.
    3. Come back as a group and validate the feedback mechanisms selected.
    4. The important aspect here is not just to measure if the desired outcome was achieved. If the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
    5. Every communication can be better. Feedback, whether it be tactical or strategic, will help inform methods to improve future communication activities.

    Input

    • Communication outcome
    • Target audience
    • Communication channel

    Output

    • A mechanism to measure communication feedback and adjust future communications when necessary

    Materials

    • Communications Planner Tool
    • Sticky notes
    • Whiteboard

    Participants

    • Changes based on those who would be relevant to your initiative

    Download the Communications Planner Tool

    Identify owners and assign other roles

    • Eventually there needs to be a hand off to leaders to sustain accessibility. Senior leaders continue to play the role of guide and facilitator, helping the team identify owners and transfer ownership.
    • Guide the team to work with owners to assign roles to other stakeholders. Spread responsibility across multiple people to avoid overload.

    R

    Responsible
    Carries out the work to implement the component (e.g. payroll manager).

    A

    Accountable
    Owner of the component and held accountable for its implementation (e.g. VP of finance).

    C

    Consulted
    Asked for feedback and input to modify sustainment tactics (e.g. sustainment planning team).

    I

    Informed
    Told about progress of implementation (senior leadership team, impacted staff).

    Identify required resources and secure budget

    Sustainment is critical to success of accessibility

    • This step (i.e. sustainment) often gets overlooked because leaders are focused on the implementation. It takes resources and budget to sustain a plan and change as well.
    • Resorting to the old way is more likely to occur when you don't plan to support sustainment with ongoing resources and budget that's required.

    Resources

    Identify resources required for sustainment components using metrics and input from implementation owners, subject matter experts, and frontline managers.

    For example:

    • Inventory
    • Collateral for communications
    • Technology
    • Physical space
    • People resources (FTE)

    Budget

    Estimate the budget required for resources based on past projects that used similar resources, and then estimate the time it will take until the change evolves into "business as usual" (e.g. 6 months, 12 months).

    Monitor accessibility maturity

    If you haven't already performed the Accessibility Maturity Assessment, complete it in the wake of the accessibility initiative to assess improvements and progress toward target future accessibility maturity.
    As your accessibility program starts to scale out over a range of projects, revisit the assessment on a quarterly or bi-annual basis to help focus your improvement efforts across the six accessibility categories.

    • Vendor relations
    • Products and services
    • Policy and process
    • Support and accommodation
    • Communication
    • People and culture

    Info-Tech Insight

    To drive continual improvement of your organizational accessibility and disability inclusion, continue to share progress, wins, challenges, feedback, and other accessibility related concerns with stakeholders. At the end of the day, IT's efforts to become a change leader and support organizational accessibility will come down to stakeholder perceptions based upon employee morale and benefits realized.

    Download the Accessibility Maturity Assessment

    An image of the maturity level bar graph.

    Evaluate and iterate the program on an ongoing basis

    1. Continually monitor the results of project metrics.
      • Track progress toward goals and metrics set at the beginning of the initiative to gauge the success of the program.
      • Analyze metrics at the work-unit level to highlight successes and challenges in accessibility and disability inclusion and the parameters around it for each impacted unit.
    2. Regularly gather feedback on program effectiveness using questions such as:
      • Has the desired culture been effectively communicated and leveraged, or has the culture changed?
      • Collect feedback through regular channels (e.g. manager check-ins) and set up a cadence to survey employees on the program (e.g. three months after rollout and then annually).
    3. Determine if changes to the program structure are needed.
      • Revisit the accessibility maturity framework and the compliance requirements of IT. Understand what is being experienced; it may be necessary to select a different target or adjust the parameters to mitigate the common challenges.
      • Evaluate the effectiveness of current internal processes to determine if the program would benefit from a dedicated resource.

    2.3.3 Sustain the change

    1. Identify who will own what pieces of the program going forward and assign roles to transition the initiative from implementation to the new normal.
    2. Continue to communicate with stakeholders about accessibility and disability inclusion initiatives, controls, and requirements.
    3. Identify required resources and secure any budget that will be needed to support the accessibility program. Think about employee training, consulting needs, assistive technology requirements, human resources (FTE), etc.
    4. Continue to monitor your accessibility maturity. Use the Accessibility Maturity Assessment tool to periodically evaluate progress on goals and targets. Also, use this tool to communicate progress with senior leaders and executives.
    5. Strive for continuous improvement by evaluating and iterating the program on an ongoing basis.

    Input

    • Activity outputs from this blueprint

    Output

    • Ongoing continuous improvement and progress related to accessibility
    • Demonstrable results

    Materials

    • n/a

    Participants

    • CIO/ head of IT/ initiative Lead
    • IT senior leaders
    • IT managers

    Related Info-Tech Research

    The Accessibility Business Case for IT

    • Take away the overwhelm that many feel when they hear "accessibility" and make the steps for your organization approachable.
    • Clearly communicate why accessibility is critical and how it supports the organization's key objectives and initiatives.
    • Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

    Lead Staff through Change

    • Anticipate and respond to staff questions about the change in order to keep messages consistent, organized, and clear.
    • Manage staff based on their specific concerns and change personas to get the best out of your team during the transition through change.
    • Maintain a feedback loop between staff, executives, and other departments in order to maintain the change momentum and reduce angst throughout the process.

    IT Diversity and Inclusion Tactics

    • Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
    • This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

    Implement and Mature Your User Experience Design Practice

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.

    Works cited

    "2021 State of Digital Accessibility." Level Access, n.d. Accessed 10 Aug. 2022
    "Apple Canada Accessibility Policy & Plan." Apple Canada, 11 March 2019. .
    Casey, Caroline. "Do Your D&I Efforts Include People With Disabilities?" Harvard Business Review, 19 March 2020. Accessed 28 July 2022.
    Digitalisation World. "Organisations failing to meet digital accessibility standards." Angel Business Communications, 19 May 2022. Accessed Oct. 2022.
    "disability." Merriam-Webster.com Dictionary, Merriam-Webster, . Accessed 10 Aug. 2022.
    "Disability." World Health Organization, 2022. Accessed 10 Aug 2022.
    "Google Canada Corporation Accessibility Policy and Multi Year Plan." Google Canada, June 2020. .
    Hypercontext. "The State of High Performing Teams in Tech 2022." Hypercontext. 2022..
    Lay-Flurrie, Jenny. "Accessibility Evolution Model: Creating Clarity in your Accessibility Journey." Microsoft, 2023. <https://blogs.microsoft.com/accessibility/accessibility-evolution-model/>.
    Maguire, Jennifer. "Applause 2022 Global Accessibility Survey Reveals Organizations Prioritize Digital Accessibility but Fall Short of Conformance with WCAG 2.1 Standards." Business Wire, 19 May 2022. . Accessed 2 January 2023.
    "The Business Case for Digital Accessibility." W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.
    "THESCORE's Commitment to Accessibility." theScore, May 2021. .
    "The WebAIM Million." Web AIM, 31 March 2022. Accessed 28 Jul. 2022.
    Washington, Ella F. "The Five Stages of DEI Maturity." Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.
    Web AIM. "The WebAIM Million." Institute for Disability Research, Policy, and Practice, 31 March 2022. Accessed 28 Jul. 2022.

    Organizational Change Management

    • Buy Link or Shortcode: {j2store}35|cart{/j2store}
    • Related Products: {j2store}35|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $19,055
    • member rating average days saved: 24
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects
    If you don't know who is responsible for organizational change, it's you.

    Identify Opportunities to Mature the Security Architecture

    • Buy Link or Shortcode: {j2store}385|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
    • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

    Our Advice

    Critical Insight

    • The security architecture is a living, breathing thing based on the risk profile of your organization.
    • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

    Impact and Result

    • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
    • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
    • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
    • Creating a defensible roadmap will assist with justifying future security spend.

    Identify Opportunities to Mature the Security Architecture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the organization’s ideal security architecture

    Complete three unique assessments to define the ideal security architecture maturity for your organization.

    • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
    • Security Architecture Recommendation Tool
    • None

    2. Create a security program roadmap

    Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

    • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
    [infographic]

    Manage Service Catalogs

    • Buy Link or Shortcode: {j2store}44|cart{/j2store}
    • Related Products: {j2store}44|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.0/10
    • member rating average dollars saved: $3,956
    • member rating average days saved: 24
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture

    The challenge

    • Your business users may not be aware of the full scope of your services.
    • Typically service information is written in technical jargon. For business users, this means that the information will be tough to understand.
    • Without a service catalog, you have no agreement o what is available, so business will assume that everything is.

    Our advice

    Insight

    • Define your services from a user's or customer perspective.
      • When your service catalog contains too much information that does not apply to most users, they will not use it.
    • Separate the line-of-business services from enterprise services. It simplifies your documentation process and makes the service catalog more comfortable to use.

    Impact and results 

    • Our approach helps you organize your service catalog in a business-friendly way while keeping it manageable for IT.
    • And manageable also means that your service catalog remains a living document. You can update your service records easily.
    • Your service catalog forms a visible bridge between IT and the business. Improve IT's perception by communicating the benefits of the service catalog.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why building a service catalog is a good idea for your company. We'll show you our methodology and the ways we can help you in handling this.

    Minimize the risks from attrition through an effective knowledge transfer process.

    Launch the initiative

    Our launch phase will walk you through the charter template, build help a balanced team, create your change message and communication plan to obtain buy-in from all your organization's stakeholders.

    • Design & Build a User-Facing Service Catalog – Phase 1: Launch the Project (ppt)
    • Service Catalog Project Charter (doc)

    Identify and define the enterprise services

    Group enterprise services which you offer to everyone in the company, logically together.

    • Design & Build a User-Facing Service Catalog – Phase 2: Identify and Define Enterprise Services (ppt)
    • Sample Enterprise Services (ppt)

    Identify and define your line-of-business (LOB) services

    These services apply only to one business line. Other business users should not see them in the catalog.

    • Design & Build a User-Facing Service Catalog – Phase 3: Identify and Define Line of Business Services (ppt)
    • Sample LOB Services – Industry Specific (ppt)
    • Sample LOB Services – Functional Group (ppt)

    Complete your services definition chart

    Complete this chart to allow the business to pick what services to include in the service catalog. It also allows you to extend the catalog with technical services by including IT-facing services. Of course, separated-out only for IT.

    • Design & Build a User-Facing Service Catalog – Phase 4: Complete Service Definitions (ppt)
    • Services Definition Chart (xls)

    Dive Into Five Years of Security Strategies

    • Buy Link or Shortcode: {j2store}247|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • As organizations build their security programs, there is often the question of what are other companies doing.
    • Part of this is a desire to know whether challenges are unique to certain companies, but also to understand how people are tackling some of their security gaps.

    Our Advice

    Critical Insight

    Don’t just wonder what others are doing – use this report to see how companies are faring in their current state, where they want to target in their future state, and the ways they’re planning to raise their security posture.

    Impact and Result

    • Whether you’re building out your security program for the first time or are just interested in how others are faring, review insights from 66 security strategies in this report.
    • This research complements the blueprint, Build an Information Security Program, and can be used as a guide while completing that project.

    Dive Into Five Years of Security Strategies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out what this report contains.

    [infographic]

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Build a Strategy for Big Data Platforms

    • Buy Link or Shortcode: {j2store}203|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The immaturity of the big data market means that organizations lack examples and best practices to follow, and they are often left trailblazing their own paths.
    • Experienced and knowledgeable big data professionals are limited and without creative resourcing; IT might struggle to fill big data positions.
    • The term NoSQL has become a catch-all phrase for big data technologies; however, the technologies falling under the umbrella of NoSQL are disparate and often misunderstood. Organizations are at risk of adopting incorrect technologies if they don’t take the time to learn the jargon.

    Our Advice

    Critical Insight

    • NoSQL plays a key role in the emergence of the big data market, but it has not made relational databases outdated. Successful big data strategies can be conducted using SQL, NoSQL, or a combination of the two.
    • Assign a Data Architect to oversee your initiative. Hire or dedicate someone who has the ability to develop both a short-term and long-term vision and that has hands-on experience with data management, mining and modeling. You will still need someone (like a database administrator) who understands the database, the schemas, and the structure.
    • Understand your data before you attempt to use it. Take a master data management approach to ensure there are rules and standards for managing your enterprise’s data, and take extra caution when integrating external sources.

    Impact and Result

    • Assess whether SQL, NoSQL, or a combination of both technologies will provide you with the appropriate capabilities to achieve your business objectives and gain value from your data.
    • Form a Big Data Team to bring together IT and the business in order to leave a successful initiative.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end-user understanding.
    • Frequently scan the big data market space to identify new technologies and opportunities to help optimize your big data strategy.

    Build a Strategy for Big Data Platforms Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a big data strategy

    Know where to start and where to focus attention in the implementation of a big data strategy.

    • Storyboard: Build a Strategy for Big Data Platforms

    2. Assess the appropriateness of big data technologies

    Decide the most correct tools to use in order to solve enterprise data management problems.

    • Big Data Diagnostic Tool

    3. Determine the TCO of a scale out implementation

    Compare the TCO of a SQL (scale up) with a NoSQL (scale out) deployment to determine whether NoSQL will save costs.

    • Scale Up vs. Scale Out TCO Tool
    [infographic]

    Make the Case for Product Delivery

    • Buy Link or Shortcode: {j2store}184|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $41,674 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery practices. This form of delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Our Advice

    Critical Insight

    • Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Impact and Result

    • We will help you build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Make the Case for Product Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Product Delivery Deck – A guide to help align your organization on the practices to deliver what matters most.

    This project will help you define “product” for your organization, define your drivers and goals for moving to product delivery, understand the role of product ownership, lay out the case to your stakeholders, and communicate what comes next for your transition to product.

    • Make the Case for Product Delivery Storyboard

    2. Make the Case for Product Delivery Presentation Template – A template to help you capture and detail your case for product delivery.

    Build a proposal deck to help make the case to your stakeholders for product-centric delivery.

    • Make the Case for Product Delivery Presentation Template

    3. Make the Case for Product Delivery Workbook – A tool to capture the results of exercises to build your case to change your product delivery method.

    This workbook is designed to capture the results of the exercises in the Make the Case for Product Delivery Storyboard. Each worksheet corresponds to an exercise in the storyboard. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Make the Case for Product Delivery Workbook
    [infographic]

    Further reading

    Make the Case for Product Delivery

    Align your organization on the practices to deliver what matters most.

    Table of Contents

    Define product

    Define your drivers and goals

    Understand the role of product ownership

    Communicate what comes next

    Make the case to your stakeholders

    Appendix: Additional research

    Appendix: Product delivery strategy communication

    Appendix: Manage stakeholder influence

    Appendix: Product owner capability details

    Executive Summary

    Your Challenge
    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    Common Obstacles
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery.
    • Product delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.
    Info-Tech’s Approach
    • Info-Tech will enable you to build a proposal deck to make the case to your stakeholders for product-centric delivery.
    • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
      • A common definition of product.
      • How this form of delivery differs from traditional project-centric approaches.
      • Key challenges and benefits.
      • The capabilities needed to effectively own products and deliver value.
      • What you are asking of stakeholders.
      • A roadmap of how to get started.

    Info-Tech Insight

    Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

    Many executives perceive IT as being poorly aligned with business objectives

    Info-Tech’s CIO Business Vision Survey data highlights the importance of IT initiatives in supporting the business in achieving its strategic goals.

    However, Info-Tech’s CEO-CIO Alignment Survey (2021; N=58) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals.

    Info-Tech CEO-CIO Alignment Diagnostics, 2021 (N=58)

    40% Of CEOs believe that business goals are going unsupported by IT.

    34% Of business stakeholders are supporters of their IT departments (n=334).

    40% Of CIOs/CEOs are misaligned on the target role for IT.

    Info-Tech Insight

    Great technical solutions are not the primary driver of IT success. Focusing on delivery of digital products that align with organizational goals will produce improved outcomes and will foster an improved relationship between business and IT.

    Increase product success by involving IT, business, and customers in your product roadmaps, planning, and delivery

    Product management and delivery seek to promote improved relationships among IT, business, and customers, a critical driver for business satisfaction.

    IT

    Stock image of an IT professional.

    1

    Collaboration

    IT, business, and customers work together through all stages of the product lifecycle, from market research through the roadmapping and delivery processes and into maintenance and retirement. The goal is to ensure the risks and dependencies are realized before work is committed.

    Stakeholders, Customers, and Business

    Stock image of a business professional.

    2

    Communication

    Prioritize high-value modes of communication to break down existing silos and create common understanding and alignment across functions. This approach increases transparency and visibility across the entire product lifecycle.

    3

    Integration

    Explore methods to integrate the workflows, decision making, and toolsets among the business, IT, and customers. The goal is to become more reactive to changes in business and customer expectations and more proactive about market trends.

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.
    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Organizations need a common understanding of what a product is and how it pertains to the business.

    This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.” (Chad Beier, “How Do You Define a Product?” Scrum.org)

    Products enable the long-term and continuous delivery of value

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

    Phase 1

    Build the case for product-centric delivery

    Phase 1
    1.1 Define product
    1.2 Define your drivers and goals
    1.3 Understand the role of product ownership
    1.4 Communicate what comes next
    1.5 Make the case to your stakeholders

    This phase will walk you through the following activities:

    • Define product in your context.
    • Define your drivers and goals for moving to product delivery.
    • Understand the role of product ownership.
    • Communicate what comes next for your transition to product.
    • Lay out the case to your stakeholders.

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Step 1.1

    Define product

    Activities
    • 1.1.1 Define “product” in your context
    • 1.1.2 Consider examples of what is (and is not) a product in your organization
    • 1.1.3 Identify the differences between project and product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear definition of product in your organization’s context.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.1.1 Define “product” in your context

    30-60 minutes

    Output: Your enterprise/organizational definition of products and services

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Discuss what “product” means in your organization.
    2. Create a common, enterprise-wide definition for “product.”
    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

    Record the results in the Make the Case for Product-Centric Delivery Workbook.

    Example: What is a product?

    Not all organizations will define products in the same way. Take this as a general example:

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.
    Stock image of an open human head with gears and a city for a brain.

    How do we know what is a product?

    What isn’t a product:
    • Features (on their own)
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams
    You have a product if the given item...
    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate

    Exercise 1.1.2 Consider examples of what is (and is not) a product in your organization

    15 minutes

    Output: Examples of what is and isn’t a product in your specific context.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Leverage the definition you created in exercise 1.1.1 and the explanation on the slide What is a product?
    2. Pick examples that effectively show the difference between products and non-products and facilitate a conversation on the ones that seem to be on the line. Specific server instances, or instances of providing a service, are worthwhile examples to consider.
    3. From the list you come up with, take the top three examples and put them into the Make the Case for Product Delivery Presentation Template.
    Example:
    What isn’t a product?
    • Month-end SQL scripts to close the books
    • Support Engineer doing a password reset
    • Latest research project in R&D
    What is a product?
    • Self-service password reset portal
    • Oracle ERP installation
    • Microsoft Office 365

    Record the results in the Make the Case for Product Delivery Workbook.

    Product delivery practices should consider everything required to support it, not just what users see.

    Cross-section of an iceberg above and below water with visible product delivery practices like 'Funding', 'External Relationships', and 'Stakeholder Management' above water and internal product delivery practices like 'Product Governance', 'Business Functionality', and 'R&D' under water. There are far more processes below the water.

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:
    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Exercise 1.1.3 Identify the differences between project and product delivery

    30-60 minutes

    Output: List of differences between project and product delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Consider project delivery and product delivery.
    2. Discuss what some differences are between the two.
      Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.
    Theme Project Delivery (Current) Product Delivery (Future)
    Timing Defined start and end Does not end until the product is no longer needed
    Funding Funding projects Funding products and teams
    Prioritization LoB sponsors Product owner
    Capacity Management Project management Managed by product team

    Record the results in the Make the Case for Product Delivery Workbook.

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects — Funding –› Fund products or teams
    Line of business sponsor — Prioritization –› Product owner
    Makes specific changes to a product —Product management –› Improves product maturity and support
    Assignment of people to work — Work allocation –› Assignment of work to product teams
    Project manager manages — Capacity management –› Team manages capacity

    Info-Tech Insights

    • Product ownership should be one of your first areas of focus when transitioning from project to product delivery.
    • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum. Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Step 1.2

    Define your drivers and goals

    Activities
    • 1.2.1 Understand your drivers for product-centric delivery
    • 1.2.2 Define the goals for your product-centric organization

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A clear understanding of your motivations and desired outcomes for moving to product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Exercise 1.2.1 Understand your drivers for product-centric delivery

    30-60 minutes

    Output: Organizational drivers to move to product-centric delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your pain points in the current delivery model.
    2. What is the root cause of these pain points?
    3. How will a product-centric delivery model fix the root cause (drivers)?
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.2.2 Define the goals for your product-centric organization

    30 minutes

    Output: Goals for product-centric delivery

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Review the differences between project and product delivery from exercise 1.1.3 and the list of drivers from exercise 1.2.1.
    2. Define your goals for achieving a product-centric organization.
      Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.
    Pain Points
    • Lack of ownership
    Root Causes
    • Siloed departments
    Drivers
    • Accountability
    Goals
    • End-to-end ownership

    Record the results in the Make the Case for Product Delivery Workbook.

    Step 1.3

    Understand the role of product ownership

    Activities
    • 1.3.1 Identify product ownership capabilities

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Product owner capabilities that you agree are critical to start your product transformation.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Accountability for the delivery of value through product ownership is not optional

    Tree of 'Enterprise Goals and Priorities' leading to 'Product' through a 'Product Family'.

    Info-Tech Insight

    People treat the assignment of accountability for products (aka product ownership) as optional. Without assigning accountability up front, your transition to product delivery will stall. Accountable individuals will be focused on the core outcome for product delivery, which is the delivery of the right value, at the right time, to the right people.

    Description of the tree levels shown in the diagram on the left. First is 'Enterprise Goals and Priorities', led by 'Executive Leadership' using the 'Enterprise Strategic Roadmap'. Second is 'Product Family', led by 'Product Manager' using the 'Product Family Roadmap'. Last is 'Product', led by the 'Product Owner' using the 'Product Roadmap' and 'Backlog' on the strategic end, and 'Releases' on the Tactical end. In the holistic context, 'Product Family is considered 'Strategic' while 'Product' is 'Tactical'.

    Recognize the different product owner perspectives

    Business
    • Customer facing, revenue generating
    Technical
    • IT systems and tools
    Operations
    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.” (Robbin Schuurman, “Tips for Starting Product Owners”)

    Implement the Info-Tech product owner capability model

    As discussed in Build a Better Product Owner, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization. 'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.
    Vision
    • Market Analysis
    • Business Alignment
    • Product Roadmap
    Leadership
    • Soft Skills
    • Collaboration
    • Decision Making
    Product Lifecycle Management
    • Plan
    • Build
    • Run
    Value Realization
    • KPIs
    • Financial Management
    • Business Model

    Details on product ownership capabilities can be found in the appendix.

    Exercise 1.3.1 Identify product ownership capabilities

    60 minutes

    Output: Product owner capability mapping

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Write down the capabilities product owners need to perform their duties (one per sticky note) in order to describe product ownership in your organization. Consider people, processes, and tools.
    2. Mark each capability with a plus (current capability), circle (some proficiency), or dash (missing capability).
    3. Discuss each capability and place on the appropriate quadrant.

    'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.

    Record the results in the Make the Case for Product Delivery Workbook.

    Differentiate between product owners and product managers

    Product Owner (Tactical Focus)
    • Backlog management and prioritization
    • Epic/story definition, refinement in conjunction with business stakeholders
    • Sprint planning with Scrum Master
    • Working with Scrum Master to minimize disruption to team velocity
    • Ensuring alignment between business and Scrum teams during sprints
    • Profit and loss (P&L) product analysis and monitoring
    Product Manager (Strategic Focus)
    • Product strategy, positioning, and messaging
    • Product vision and product roadmap
    • Competitive analysis and positioning
    • New product innovation/definition
    • Release timing and focus (release themes)
    • Ongoing optimization of product-related marketing and sales activities
    • P&L product analysis and monitoring

    Info-Tech Insight

    “Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users.

    Step 1.4

    Communicate what comes next

    Activities
    • 1.4.1 How do we get started?

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A now, next, later roadmap indicating your overall next steps.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Make a plan in order to make a plan!

    Consider some of the techniques you can use to validate your strategy.

    Cyclical diagram of the 'Continuous Delivery of Value' within 'Business Value'. Surrounding attributes are 'User Centric', 'Adaptable', 'Accessible', 'Private & Secured', 'Informative & Insightful', 'Seamless Application Connection', 'Relationship & Network Building', 'Fit for Purpose'.

    Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

    Possible areas of focus:

    • Regulatory requirements or questions to answer around accessibility, security, privacy.
    • Stress testing any new processes against situations that may occur.
    Learning Milestones

    The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

    Possible areas of focus:

    • Align teams on product strategy prior to build
    • Market research and analysis
    • Dedicated feedback sessions
    • Provide information on feature requirements
    Stock image of people learning.
    Sprint Zero (AKA Project-before-the-project)

    The completion of a set of key planning activities, typically the first sprint.

    Possible areas of focus:

    • Focus on technical verification to enable product development alignment
    • Sign off on architectural questions or concerns
    Stock photo of a person writing on a board of sticky notes.

    The “Now, Next, Later” roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    • Now
      What are you going to do now?
    • Next
      What are you going to do very soon?
    • Later
      What are you going to do in the future?
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Exercise 1.4.1 How do we get started?

    30-60 minutes

    Output: Product transformation critical steps and basic roadmap

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify what the critical steps are for the organization to embrace product-centric delivery.
    2. Group each critical step by how soon you need to address it:
      • Now: Let’s do this ASAP.
      • Next: Sometime very soon, let’s do these things.
      • Later: Much further off in the distance, let’s consider these things.
    A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
    (Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

    Record the results in the Make the Case for Product Delivery Workbook.

    Example

    Example table for listing tasks to complete Now, Next, or Later

    Step 1.5

    Make the case to your stakeholders

    Activities
    • 1.5.1 Identify what support you need from your stakeholders
    • 1.5.2 Build your pitch for product delivery

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • A deliverable that helps make the case for product delivery.

    Make the Case for Product Delivery

    Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

    Develop a stakeholder strategy to define your product owner landscape

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product teams operate within this network of stakeholders who represent different perspectives within the organization.

    See the appendix for activities and guidance on how to devise a strategy for managing stakeholders.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Exercise 1.5.1 Identify what support you need from your stakeholders

    30 minutes

    Output: Clear understanding of stakeholders, what they need from you, and what you need from them.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. If you don’t yet know who your stakeholders are, consider completing one or more of the stakeholder management exercises in the appendix.
    2. Identify your key stakeholders who have an interest in solution delivery.
    3. Consider their perspective on product-centric delivery. (For example: For head of support, what does solution delivery mean to them?)
    4. Identify what role each stakeholder would play in the transformation.
      • This role represents what you need from them for this transformation to product-centric delivery.
    Stakeholder
    What does solution delivery mean to them?
    What do you need from them in order to be successful?

    Record the results in the Make the Case for Product Delivery Workbook.

    Exercise 1.5.2 Build your pitch deck

    30 minutes (and up)

    Output: A completed presentation to help you make the case for product delivery.

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Take the results from the Make the Case for Product Delivery Workbook and transfer them into the presentation template.
    2. Follow the instructions on each page listed in the instruction bubbles to know what results to place where.
    3. This is meant to be a template; you are welcome to add and remove slides as needed to suit your audience!

    Sample of slides from the Make the Case for Product Delivery Workbook with instruction bubbles overlaid.

    Record the results in the Make the Case for Product Delivery Workbook.

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build Your Agile Acceleration Roadmap

    • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    • Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Application Portfolio Management

    Application Portfolio Management (APM) Research Center

    • See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management for Small Enterprises

    • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

    Streamline Application Maintenance

    • Effective maintenance ensures the long-term value of your applications.

    Build an Application Rationalization Framework

    • Manage your application portfolio to minimize risk and maximize value.

    Modernize Your Applications

    • Justify modernizing your application portfolio from both business and technical perspectives.

    Review Your Application Strategy

    • Ensure your applications enable your business strategy.

    Application Portfolio Management Foundations

    • Ensure your application portfolio delivers the best possible return on investment.

    Streamline Application Management

    • Move beyond maintenance to ensuring exceptional value from your apps.

    Optimize Applications Release Management

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Embrace Business-Managed Applications

    • Empower the business to implement their own applications with a trusted business-IT relationship.

    Related Info-Tech Research

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    • Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    • Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    • Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    • Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    • Commit to achievable software releases by grounding realistic expectations

    Reduce Time to Consensus With an Accelerated Business Case

    • Expand on the financial model to give your initiative momentum.

    Optimize IT Project Intake, Approval, and Prioritization

    • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Related Info-Tech Research

    Org Design and Performance

    Redesign Your IT Organizational Structure

    • Focus product delivery on business value–driven outcomes.

    Build a Strategic IT Workforce Plan

    • Have the right people, in the right place, at the right time.

    Implement a New IT Organizational Structure

    • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Build an IT Employee Engagement Program

    • Measure employee sentiment to drive IT performance

    Set Meaningful Employee Performance Measures

    • Set holistic measures to inspire employee performance.

    Master Organizational Change Management Practices

    • PMOs, if you don't know who is responsible for org change, it's you.

    Appendix

    Product delivery strategy communication

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    Diagram on how to get from product owner capabilities to 'Business Value Realization' through 'Product Roadmap' with a 'Tiered Backlog', 'Delivery Capacity and Throughput' via a 'Product Delivery Pipeline'.
    (Adapted from: Pichler, “What Is Product Management?”)

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.
    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Two-part diagram showing the 'Product Backlog' segmented into '1. Current: Features/ Stories', '2. Near-term: Capabilities', and '3. Future: Epics', and then the 'Product Roadmap' with the same segments placed into a timeline.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Product managers and product owners have many responsibilities, and a roadmap can be a useful tool to complete those objectives through communication or organization of tasks.

    However, not all roadmaps address the correct audience and achieve those objectives. Care must be taken to align the view to the given audience.

    Pie Chart showing the surveyed most important reason for using a product roadmap. From largest to smallest are 'Communicate a strategy', 'Plan and prioritize', 'Communicate milestones and releases', 'Get consensus on product direction', and 'Manage product backlog'.
    Surveyed most important reason for using a product roadmap (Source: ProductPlan, 2018)

    Audience
    Business/ IT leaders Users/Customers Delivery teams
    Roadmap View
    Portfolio Product Technology
    Objectives
    To provide a snapshot of the portfolio and priority apps To visualize and validate product strategy To coordinate and manage teams and show dev. progress
    Artifacts
    Line items or sections of the roadmap are made up of individual apps, and an artifact represents a disposition at its highest level. Artifacts are generally grouped by various product teams and consist of strategic goals and the features that realize those goals. Artifacts are grouped by the teams who deliver that work and consist of features and technical enablers that support those features.

    Appendix

    Managing stakeholder influence

    From Build a Better Product Owner

    Step 1.3 (from Build a Better Product Owner)

    Manage Stakeholder Influence

    Activities
    • 1.3.1 Visualize interrelationships to identify key influencers
    • 1.3.2 Group your product owners into categories
    • 1.3.3 Prioritize your stakeholders
    • 1.3.4 Delegation Poker: Reach better decisions

    This step will walk you through the following activities:

    To be successful, product owners need to identify and manage all stakeholders for their products. This step will build a stakeholder map and strategy.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Delivery managers
    • Business analysts

    Outcomes of this step

    • Relationships among stakeholders and influencers
    • Categorization of stakeholders and influencers
    • Stakeholder and influencer prioritization
    • Better understanding of decision-making approaches and delegation
    Product Owner Foundations
    Step 1.1 Step 1.2 Step 1.3

    Develop a product owner stakeholder strategy

    Stakeholder Influence

    Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

    Product owners operate within this network of stakeholders who represent different perspectives within the organization.

    First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

    Without accomplishing these missing pieces, product owners will encounter obstacles, resistance, or unexpected changes.

    Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

    Create a stakeholder network map to product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Legend
    Black arrow with a solid line and single direction. Black arrows indicate the direction of professional influence
    Green arrow with a dashed line and bi-directional. Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

    1.3.1 Visualize interrelationships to identify key influencers

    60 minutes

    Input: List of product stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      1. Use black arrows to indicate the direction of professional influence.
      2. Use dashed green arrows to indicate bidirectional, informal influence relationships.
    5. Record the results in the Build a Better Product Owner Workbook.

    Record the results in the Build a Better Product Owner Workbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product owners categorize their stakeholders by their level or influence and ownership in the product and/or teams.

    Stakeholder prioritization map split into four quadrants along two axes, 'Influence', and 'Ownership/Interest': 'Players' (high influence, high interest); 'Mediators' (high influence, low interest); 'Noisemakers' (low influence, high interest); 'Spectators' (low influence, low interest). Source: Info-Tech Research Group

    There are four areas in the map, and the stakeholders within each area should be treated differently.
    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.3.2 Group your product owners into categories

    30 minutes

    Input: Stakeholder map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify your stakeholder’s interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    3. Record the results in the Build a Better Product Owner Workbook.
    Same stakeholder prioritization map as before but with example positions mapped onto it.
    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the Build a Better Product Owner Workbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Stakeholder prioritization table with 'Stakeholder Category' as row headers ('Player', 'Mediator', 'Noisemaker', 'Spectator') and 'Level of Support' as column headers ('Supporter', 'Evangelist', 'Neutral', 'Blocker'). Importance ratings are 'Critical', 'High', 'Medium', 'Low', and 'Irrelevant'.

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: how likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive the focus of your attention. The table to the right indicates how stakeholders are ranked.

    1.3.3 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix, Stakeholder prioritization

    Output: Stakeholder and influencer prioritization

    Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

    Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
    3. Record the results in the Build a Better Product Owner Workbook.
    Stakeholder Category Level of Support Prioritization
    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the Build a Better Product Owner Workbook.

    Define strategies for engaging stakeholders by type

    Stakeholder strategy map assigning stakeholder strategies to stakeholder categories, as described in the adjacent table.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence; low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Appendix

    Product owner capability details

    From Build a Better Product Owner

    Develop product owner capabilities

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    Each capability has three components needed for successful product ownership.

    Definitions are on the following slides.

    Central diagram title 'Product Owner Capabilities'.

    Define the skills and activities in each component that are directly related to your product and culture.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.
    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'. Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    Capabilities: Vision

    Market Analysis

    • Unique solution: Identify the target users and unique value your product provides that is not currently being met.
    • Market size: Define the size of your user base, segmentation, and potential growth.
    • Competitive analysis: Determine alternative solutions, products, or threats that affect adoption, usage, and retention.

    Business Alignment

    • SWOT analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.
    • Enterprise alignment: Align product to enterprise goals, strategies, and constraints.
    • Delivery strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes.

    Product Roadmap

    • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
    • Value prioritization: Define criteria used to evaluate and sequence demand.
    • Go to market strategy: Create organizational change management, communications, and a user implementation approach.

    Info-Tech Insight

    Data comes from many places and may still not tell the complete story.

    Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

    “Customers are best heard through many ears.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Leadership

    Soft Skills

    • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
    • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
    • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

    Collaboration

    • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
    • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
    • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

    Decision Making

    • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
    • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
    • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

    Info-Tech Insight

    Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

    Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.

    “Everything walks the walk. Everything talks the talk.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Product lifecycle management

    Plan

    • Product backlog: Follow a schedule for backlog intake, refinement, updates, and prioritization.
    • Journey map: Create an end-user journey map to guide adoption and loyalty.
    • Fit for purpose: Define expected value and intended use to ensure the product meets your end user’s needs.

    Build

    • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
    • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
    • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

    Run

    • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
    • Support: Build operational support and business continuity into every team.
    • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

    Info-Tech Insight

    Product owners must actively manage the full lifecycle of the product.

    Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'.

    “Pay fantastic attention to detail. Reward, recognize, celebrate.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Capabilities: Value realization

    Key Performance Indicators (KPIs)

    • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
    • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
    • Fit for purpose: Verify the product addresses the intended purpose better than other options.

    Financial Management

    • P&L: Manage each product as if it were its own business with profit and loss statements.
    • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
    • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

    Business Model

    • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
    • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
    • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

    Info-Tech Insight

    Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

    Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

    “The competition is anyone the customer compares you with.” (Thomas K. Connellan, Inside the Magic Kingdom)

    Avoid common capability gaps

    Vision

    • Focusing solely on backlog refining (tactical only)
    • Ignoring or failing to align product roadmap to enterprise goals
    • Operational support and execution
    • Basing decisions on opinion rather than market data
    • Ignoring or missing internal and external threats to your product

    Leadership

    • Failing to include feedback from all teams who interact with your product
    • Using a command-and-control approach
    • Viewing product owner as only a delivery role
    • Acting as a proxy for stakeholder decisions
    • Avoiding tough strategic decisions in favor of easier tactical choices

    Product Lifecycle Management

    • Focusing on delivery and not the full product lifecycle
    • Ignoring support, operations, and technical debt
    • Failing to build knowledge management into the lifecycle
    • Underestimating delivery capacity, capabilities, or commitment
    • Assuming delivery stops at implementation

    Value Realization

    • Focusing exclusively on “on time/on budget” metrics
    • Failing to measure a 360-degree end-user view of the product
    • Skipping business plans and financial models
    • Limiting financial management to project/change budgets
    • Ignoring market analysis for growth, penetration, and threats

    Bibliography – Product Ownership

    A, Karen. “20 Mental Models for Product Managers.” Medium, Product Management Insider, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Agile Alliance. “Product Owner.” Agile Alliance, n.d. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint, 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group, 2005. Web.

    Cohn, Mike “What is a product?” Mountain Goat Software, 16 Sept. 2016, Web

    Connellan, Thomas K. Inside the Magic Kingdom. Bard Press, 1997. Print.

    Curphey, Mark, “Product Definition.” slideshare.net, 25 Feb. 2007. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” Medium.com, 6 March 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile Alliance, Agile2016, 2016. Web.

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” Medium.com, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Medium.com, 23 July 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    Management 3.0. “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    Bibliography – Product Ownership

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

    Mironov, Rich. “Scaling Up Product Manager/Owner Teams: Rich Mironov's Product Bytes.” Rich Mironov's Product Bytes, Mironov Consulting, 12 April 2014 . Web.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 March 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Bibliography – Product Ownership

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin VOP #50, 2 Oct. 2018. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium.com, 19 Dec. 2017. Web.

    VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” Medium.com, 10 Feb. 2017. Web.

    “How do you define a product?” Scrum.org, 4 April 2017, Web.

    “Product Definition.” TechTarget, Sept. 2005. Web

    Bibliography – Product Roadmap

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012, Herzlia, Israel, 2012 IEEE International Conference on Software Science, Technology and Engineering, 12 June 2012. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, n.d. Accessed Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, Inc., 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP)?” LEANSTACK, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 Oct. 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018

    Research Contributors and Experts

    Photo of Emily Archer, Lead Business Analyst, Enterprise Consulting, authentic digital agency.

    Emily Archer
    Lead Business Analyst,
    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    Photo of David Berg, Founder & CTO, Strainprint Technologies Inc.

    David Berg
    Founder & CTO
    Strainprint Technologies Inc.

    David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Research Contributors and Experts

    Blank photo template.

    Kathy Borneman
    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Photo of Charlie Campbell, Product Owner, Merchant e-Solutions.

    Charlie Campbell
    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Research Contributors and Experts

    Photo of Yarrow Diamond, Sr. Director, Business Architecture, Financial Services.

    Yarrow Diamond
    Sr. Director, Business Architecture
    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Photo of Cari J. Faanes-Blakey, CBAP, PMI-PBA, Enterprise Business Systems Analyst, Vertex, Inc.

    Cari J. Faanes-Blakey, CBAP, PMI-PBA
    Enterprise Business Systems Analyst,
    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Research Contributors and Experts

    Photo of Kieran Gobey, Senior Consultant Professional Services, Blueprint Software Systems.

    Kieran Gobey
    Senior Consultant Professional Services
    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

    Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Photo of Rupert Kainzbauer, VP Product, Digital Wallets, Paysafe Group.

    Rupert Kainzbauer
    VP Product, Digital Wallets
    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Research Contributors and Experts

    Photo of Saeed Khan, Founder, Transformation Labs.

    Saeed Khan
    Founder,
    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

    Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders, the only global community of senior-level product executives.

    Photo of Hoi Kun Lo, Product Owner, Nielsen.

    Hoi Kun Lo
    Product Owner
    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL, and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Research Contributors and Experts

    Photo of Abhishek Mathur, Sr Director, Product Management, Kasisto, Inc.

    Abhishek Mathur
    Sr Director, Product Management
    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Photo of Jeff Meister, Technology Advisor and Product Leader.

    Jeff Meister
    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

    Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

    Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Research Contributors and Experts

    Photo of Vincent Mirabelli, Principal, Global Project Synergy Group.

    Vincent Mirabelli
    Principal,
    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Photo of Oz Nazili, VP, Product & Growth, TWG.

    Oz Nazili
    VP, Product & Growth
    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Research Contributors and Experts

    Photo of Mark Pearson, Principal IT Architect, First Data Corporation.

    Mark Pearson
    Principal IT Architect
    First Data Corporation

    Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

    Photo of Brenda Peshak, Product Owner, Widget Industries, LLC.

    Brenda Peshak
    Product Owner,
    Widget Industries, LLC

    Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

    Research Contributors and Experts

    Photo of Mike Starkey, Director of Engineering, W.W. Grainger.

    Mike Starkey
    Director of Engineering
    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Photo of Anant Tailor, Cofounder & Head of Product, Dream Payments Corp.

    Anant Tailor
    Cofounder & Head of Product
    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

    Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

    Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Research Contributors and Experts

    Photo of Angela Weller, Scrum Master, Businessolver.

    Angela Weller
    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Establish an Effective IT Steering Committee

    • Buy Link or Shortcode: {j2store}191|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $44,821 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Unfortunately, when CIOs implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Our Advice

    Critical Insight

    • 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    • Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    • Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    Impact and Result

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:

    • IT Steering Committee Charter: Use this template in combination with this blueprint to form a highly tailored committee.
    • IT Steering Committee Stakeholder Presentation: Build understanding around the goals and purpose of the IT steering committee, and generate support from your leadership team.
    • IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining project prioritization criteria. Track project prioritization and assess your portfolio.

    Establish an Effective IT Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish an IT steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the steering committee charter

    Build your IT steering committee charter using results from the stakeholder survey.

    • Establish an Effective IT Steering Committee – Phase 1: Build the Steering Committee Charter
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter

    2. Define IT steering commitee processes

    Define your high level steering committee processes using SIPOC, and select your steering committee metrics.

    • Establish an Effective IT Steering Committee – Phase 2: Define ITSC Processes

    3. Build the stakeholder presentation

    Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.

    • Establish an Effective IT Steering Committee – Phase 3: Build the Stakeholder Presentation
    • IT Steering Committee Stakeholder Presentation

    4. Define the prioritization criteria

    Build the new project intake and prioritization process for your new IT steering committee.

    • Establish an Effective IT Steering Committee – Phase 4: Define the Prioritization Criteria
    • IT Steering Committee Project Prioritization Tool
    • IT Project Intake Form
    [infographic]

    Workshop: Establish an Effective IT Steering Committee

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build the IT Steering Committee

    The Purpose

    Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.

    Key Benefits Achieved

     An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders

    Activities

    1.1 Launch stakeholder survey for business leaders.

    1.2 Analyze results with an Info-Tech advisor.

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach.

    Outputs

    Report on business leader governance priorities and awareness

    Refined workshop agenda

    2 Define the ITSC Goals

    The Purpose

    Define the goals and roles of your IT steering committee.

    Plan the responsibilities of your future committee members.

    Key Benefits Achieved

     Groundwork for completing the steering committee charter

    Activities

    2.1 Review the role of the IT steering committee.

    2.2 Identify IT steering committee goals and objectives.

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC.

    2.5 Define ITSC participation.

    Outputs

    IT steering committee key responsibilities and participants identified

    IT steering committee priorities identified

    3 Define the ITSC Charter

    The Purpose

    Document the information required to create an effective ITSC Charter.

    Create the procedures required for your IT steering committee.

    Key Benefits Achieved

    Clearly defined roles and responsibilities for your steering committee

    Completed IT Steering Committee Charter document

    Activities

    3.1 Build IT steering committee participant RACI.

    3.2 Define your responsibility cadence and agendas.

    3.3 Develop IT steering committee procedures.

    3.4 Define your IT steering committee purpose statement and goals.

    Outputs

    IT steering committee charter: procedures, agenda, and RACI

    Defined purpose statement and goals

    4 Define the ITSC Process

    The Purpose

    Define and test your IT steering committee processes.

    Get buy-in from your key stakeholders through your stakeholder presentation.

    Key Benefits Achieved

    Stakeholder understanding of the purpose and procedures of IT steering committee membership

    Activities

    4.1 Define your high-level IT steering committee processes.

    4.2 Conduct scenario testing on key processes, establish ITSC metrics.

    4.3 Build your ITSC stakeholder presentation.

    4.4 Manage potential objections.

    Outputs

    IT steering committee SIPOC maps

    Refined stakeholder presentation

    5 Define Project Prioritization Criteria

    The Purpose

    Key Benefits Achieved

    Activities

    5.1 Create prioritization criteria

    5.2 Customize the project prioritization tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Outputs

    IT Steering Committee Project Prioritization Tool

    Action plan

    Further reading

    Establish an Effective IT Steering Committee

    Have the right people making the right decisions to drive IT success.

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • IT Leaders

    This Research Will Also Assist:

    • Business Partners

    This Research Will Help You:

    • Structure an IT steering committee with the appropriate membership and responsibilities
    • Define appropriate cadence around business involvement in IT decision making
    • Define your IT steering committee processes, metrics, and timelines
    • Obtain buy-in for IT steering committee participations
    • Define the project prioritization criteria

    This Research Will Help Them:

    • Understand the importance of IT governance and their role
    • Identify and build the investment prioritization criteria

    Executive Summary

    Situation

    • An effective IT steering committee (ITSC) is one of the top predictors of value generated by IT, yet only 11% of CIOs believe their committees are effective.
    • An effective steering committee ensures that the right people are involved in critical decision making to drive organizational value.

    Complication

    • Unfortunately, when CIOs do implement IT steering committees, they often lack the appropriate structure and processes to be effective.
    • Due to the high profile of the IT steering committee membership, CIOs need to get this right – or their reputation is at risk.

    Resolution

    Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:

    1. IT Steering Committee Charter: Customizable charter complete with example purpose, goals, responsibilities, procedures, RACI, and processes. Use this template in combination with this blueprint to get a highly tailored committee.
    2. IT Stakeholder Presentation: Use our customizable presentation guide to build understanding around the goals and purpose of the IT steering committee and generate support from your leadership team.
    3. IT Steering Committee Project Prioritization Tool: Engage your IT steering committee participants in defining the project prioritization criteria. Use our template to track project prioritization and assess your portfolio.

    Info-Tech Insight

    1. 88% of IT steering committees fail. The organizations that succeed have clearly defined responsibilities that are based on business needs.
    2. Without a documented process your committee can’t execute on its responsibilities. Clearly define the flow of information to make your committee actionable.
    3. Limit your headaches by holding your IT steering committee accountable for defining project prioritization criteria.

    IT Steering Committee

    Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).

    IT STEERING COMMITTEES HAVE 3 PRIMARY OBJECTIVES – TO IMPROVE:

    1. Alignment: IT steering committees drive IT and business strategy alignment by having business partners jointly accountable for the prioritization and selection of projects and investments within the context of IT capacity.
    2. Accountability: The ITSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for IT decisions in five critical areas: investments, projects, risk, services, and data.
    3. Value Generation: The ITSC is responsible for the ongoing evaluation of IT value and performance of IT services. The committee should define these standards and approve remediation plans when there is non-achievement.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"

    – Martha Heller, President, Heller Search Associates

    An effective IT steering committee improves IT and business alignment and increases support for IT across the organization

    CEOs’ PERCEPTION OF IT AND BUSINESS ALIGNMENT

    67% of CIOs/CEOs are misaligned on the target role for IT.

    47% of CEOs believe that business goals are going unsupported by IT.

    64% of CEOs believe that improvement is required around IT’s understanding of business goals.

    28% of business leaders are supporters of their IT departments.

    A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.

    Source: Info-Tech CIO/CEO Alignment data

    Despite the benefits, 9 out of 10 steering committees are unsuccessful

    WHY DO IT STEERING COMMITTEES FAIL?

    1. A lack of appetite for an IT steering committee from business partners
    2. An effective ITSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ITSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CIOs responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    3. IT steering committees are given inappropriate responsibilities
    4. The IT steering committee is fundamentally about decision making; it’s not a working committee. CIOs struggle with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting, or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ITSC, not the other way around.
    5. Lack of process around execution
    6. An ITSC is only valuable if members are able to successfully execute on the responsibilities. Without well defined processes it becomes nearly impossible for the ITSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    GOVERNANCE and ITSC and IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    RELATIONSHIP BETWEEN STRATEGIC, TACTICAL, AND OPERATIONAL GROUPS

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.

    1. Governance of the IT Portfolio & Investments: ensures that funding and resources are systematically allocated to the priority projects that deliver value
    2. Governance of Projects: ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
    3. Governance of Risks: ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
    4. Governance of Services: ensures that IT delivers the required services at the acceptable performance levels.
    5. Governance of Information and Data: ensures the appropriate classification and retention of data based on business need.

    If these symptoms resonate with you, it might be time to invest in building an IT steering committee

    SIGNS YOU MAY NEED TO BUILD AN IT STEERING COMMITTEE

    As CIO I find that there is a lack of alignment between business and IT strategies.
    I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply.
    I’ve noticed that IT projects are not meeting target project metrics.
    I’ve struggled with a lack of accountability for decision making, especially by the business.
    I’ve noticed that the business does not understand the full cost of initiatives and projects.
    I don’t have the authority to say “no” when business requests come our way.
    We lack a standardized approach for prioritizing projects.
    IT has a bad reputation within the organization, and I need a way to improve relationships.
    Business partners are unaware of how decisions are made around IT risks.
    Business partners don’t understand the full scope of IT responsibilities.
    There are no SLAs in place and no way to measure stakeholder satisfaction with IT.

    Info-Tech’s approach to implementing an IT steering committee

    Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.

    • Measure your business partner level of awareness and interest in the five IT governance areas, and target specific responsibilities for your steering committee based on need.
    • Customize Info-Tech’s IT Steering Committee Charter Template to define and document the steering committee purpose, responsibilities, participation, and cadence.
    • Build critical steering committee processes to enable information to flow into and out of the committee to ensure that the committee is able to execute on responsibilities.
    • Customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to make your first meeting a breeze, providing stakeholders with the information they need, with less than two hours of preparation time.
    • Leverage our workshop guide and prioritization tools to facilitate a meeting with IT steering committee members to define the prioritization criteria for projects and investments and roll out a streamlined process.

    Info-Tech’s Four-Phase Process

    Key Deliverables:
    1 2 3 4
    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    • IT Steering Committee Stakeholder Survey
    • IT Steering Committee Charter
      • Purpose
      • Responsibilities
      • RACI
      • Procedures
    • IT Steering Committee SIPOC (Suppliers, Inputs, Process, Outputs, Customers)
    • Defined process frequency
    • Defined governance metrics
    • IT Steering Committee Stakeholder Presentation template
      • Introduction
      • Survey outcomes
      • Responsibilities
      • Next steps
      • ITSC goals
    • IT project prioritization facilitation guide
    • IT Steering Committee Project Prioritization Tool
    • Project Intake Form

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your program or project

    COBIT METRICS Alignment
    • Percent of enterprise strategic goals and requirements supported by strategic goals.
    • Level of stakeholder satisfaction with scope of the planned portfolio of programs and services.
    Accountability
    • Percent of executive management roles with clearly defined accountabilities for IT decisions.
    • Rate of execution of executive IT-related decisions.
    Value Generation
    • Level of stakeholder satisfaction and perceived value.
    • Number of business disruptions due to IT service incidents.
    INFO-TECH METRICS Survey Metrics:
    • Percent of business leaders who believe they understand how decisions are made in the five governance areas.
    • Percentage of business leaders who believe decision making involved the right people.
    Value of Customizable Deliverables:
    • Estimated time to build IT steering committee charter independently X cost of employee
    • Estimated time to build and generate customer stakeholder survey and generate reports X cost of employee
    • # of project interruptions due to new or unplanned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    Situation

    A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.

    The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.

    Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.

    Solution

    The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.

    The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.

    Results

    • Satisfaction with IT increased by 12% after establishing the committee and IT was no longer seen as red tape for completing projects
    • IT received approval to hire two more staff members to increase capacity
    • IT was able to augment service levels, allowing them to reinvest in innovative projects
    • Project prioritization process was streamlined

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Establish an Effective IT Steering Committee

    Build the Steering Committee Charter Define ITSC Processes Build the Stakeholder Presentation Define the Prioritization Criteria
    Best-Practice Toolkit

    1.1 Survey Your Steering Committee Stakeholders

    1.2 Build Your ITSC Charter

    2.1 Build a SIPOC

    2.2 Define Your ITSC Process

    3.1 Customize the Stakeholder Presentation

    4.1 Establish your Prioritization Criteria

    4.2 Customize the Project Prioritization Tool

    4.3 Pilot Test Your New Prioritization Criteria

    Guided Implementations
    • Launch your stakeholder survey
    • Analyze the results of the survey
    • Build your new ITSC charter
    • Review your completed charter
    • Build and review your SIPOC
    • Review your high-level steering committee processes
    • Customize the presentation
    • Build a script for the presentation
    • Practice the presentation
    • Review and select prioritization criteria
    • Review the Project Prioritization Tool
    • Review the results of the tool pilot test
    Onsite Workshop

    Module 1:

    Build a New ITSC Charter

    Module 2:

    Design Steering Committee Processes

    Module 3:

    Present the New Steering Committee to Stakeholders

    Module 4:

    Establish Project Prioritization Criteria

    Phase 1 Results:
    • Customized ITSC charter

    Phase 2 Results:

    • Completed SIPOC and steering committee processes
    Phase 3 Results:
    • Customized presentation deck and script
    Phase 4 Results:
    • Customized project prioritization tool

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build the IT Steering Committee

    1.1 Launch stakeholder survey for business leaders

    1.2 Analyze results with an Info-Tech Advisor

    1.3 Identify opportunities and threats to successful IT steering committee implementation.

    1.4 Develop the fit-for-purpose approach

    Define the ITSC Goals

    2.1 Review the role of the IT steering committee

    2.2 Identify IT steering committee goals and objectives

    2.3 Conduct a SWOT analysis on the five governance areas

    2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation

    Define the ITSC Charter

    3.1 Build IT steering committee participant RACI

    3.2 Define your responsibility cadence and agendas

    3.3 Develop IT steering committee procedures

    3.4 Define your IT steering committee purpose statement and goals

    Define the ITSC Process

    4.1 Define your high-level IT steering committee processes

    4.2 Conduct scenario testing on key processes, establish ITSC metrics

    4.3 Build your ITSC stakeholder presentation

    4.4 Manage potential objections

    Define Project Prioritization Criteria

    5.1 Create prioritization criteria

    5.2 Customize the Project Prioritization Tool

    5.3 Pilot test the tool

    5.4 Define action plan and next steps

    Deliverables
    1. Report on business leader governance priorities and awareness
    2. Refined workshop agenda
    1. IT steering committee priorities identified
    2. IT steering committee key responsibilities and participants identified
    1. IT steering committee charter: procedures, agenda, and RACI
    2. Defined purpose statement and goals
    1. IT steering committee SIPOC maps
    2. Refined stakeholder presentation
    1. Project Prioritization Tool
    2. Action plan

    Phase 1

    Build the IT Steering Committee Charter

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Formalize the Security Policy Program

    Proposed Time to Completion: 1-2 weeks

    Select Your ITSC Members

    Start with an analyst kick-off call:

    • Launch your stakeholder survey

    Then complete these activities…

    • Tailor the survey questions
    • Identify participants and tailor email templates

    With these tools & templates:

    • ITSC Stakeholder Survey
    • ITSC Charter Template

    Review Stakeholder Survey Results

    Review findings with analyst:

    • Review the results of the Stakeholder Survey

    Then complete these activities…

    • Customize the ITSC Charter Template

    With these tools & templates:

    • ITSC Charter Template

    Finalize the ITSC Charter

    Finalize phase deliverable:

    • Review the finalized ITSC charter with an Info-Tech analyst

    Then complete these activities…

    • Finalize any changes to the ITSC Charter
    • Present it to ITSC Members

    With these tools & templates:

    • ITSC Charter Template

    Build the IT Steering Committee Charter

    This step will walk you through the following activities:

    • Launch and analyze the stakeholder survey
    • Define your ITSC goals and purpose statement
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.

    Tailor Info-Tech’s IT Steering Committee Charter Template to define terms of reference for the ITSC

    1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.

    Committee Purpose: The rationale, benefits of, and overall function of the committee.

    Responsibilities: What tasks/decisions the accountable committee is making.

    Participation: Who is on the committee

    RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.

    Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Charter Template.">

    IT Steering Committee Charter

    Take a data-driven approach to build your IT steering committee based on business priorities

    1.2

    Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.

    Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.

    The Stakeholder Survey consists of 17 questions on:

    • Priority governance areas
    • Desired level of involvement in decision making in the five governance areas
    • Knowledge of how decisions are made
    • Five open-ended questions on improvement opportunities

    To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.

    Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.

    A screenshot of Info-Tech's first page of the <em data-verified=IT Steering Committee Stakeholder Survey "> A screenshot of Info-Tech's survey.

    Leverage governance reports to define responsibilities and participants, and in your presentation to stakeholders

    1.3

    A screenshot is displayed. It advises that 72% of stakeholders do <strong data-verified= understand how decisions around IT services are made (quality, availability, etc.). Two graphs are included in the screenshot. One of the bar graphs shows the satisfaction with the quality of decisions and transparency around IT services. The other bar graph displays IT decisions around service delivery and quality that involve the right people.">

    OVERALL PRIORITIES

    You get:

    • A clear breakdown of stakeholders’ level of understanding on how IT decisions are made in the five governance areas
    • Stakeholder perceptions on the level of IT and business involvement in decision making
    • Identification of priority areas

    So you can:

    • Get an overall pulse check for understanding
    • Make the case for changes in decision-making accountability
    • Identify which areas the IT steering committee should focus on
    A screenshot is displayed. It advises that 80% of stakeholders do <strong data-verified=not understand how decisions around IT investments or project and service resourcing are made. Two bar graphs are displayed. One of the bar graphs shows the satisfaction with the quality of decisions made around IT investments. The other graph display IT decisions around spending priorities involving the right people.">

    GOVERNANCE AREA REPORTS

    You get:

    • Satisfaction score for decision quality in each governance area
    • Breakdown of decision-making accountability effectiveness
    • Identified level of understanding around decision making
    • Open-ended comments

    So you can:

    • Identify the highest priority areas to change.
    • To validate changes in decision-making accountability
    • To understand business perspectives on decision making.

    Conduct a SWOT analysis of the five governance areas

    1.4

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on each of the five governance areas. Start by printing off the following five slides to provide participants with examples of the role of governance and the symptoms of poor governance in each area.
    2. In groups of 1-2 people, have each group complete a SWOT analysis for one of the governance areas. For each consider:
    • Strengths: What is currently working well in this area?
    • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
    • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses that could create opportunities?
    • Threats: What are some key obstacles across people, process, and technology?
  • Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
  • As a group rank each of the five areas in terms of importance for a phase one IT steering committee implementation, and highlight the top 10 challenges, and the top 10 opportunities you see for improvement.
  • Document the top 10 lists for use in the stakeholder presentation.
  • INPUT

    • Survey outcomes
    • Governance overview handouts

    OUTPUT

    • SWOT analysis
    • Ranked 5 areas
    • Top 10 challenges and opportunities identified.

    Materials

    • Governance handouts
    • Flip chart paper, pens

    Participants

    • IT leadership team

    Governance of RISK

    Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.

    Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.

    GOVERNANCE ROLES:

    1. Defines responsibility and accountability for IT risk identification and mitigation.
    2. Ensures the consideration of all elements of IT risk, including value, change, availability, security, project, and recovery
    3. Enables senior management to make better IT decisions based on the evaluation of the risks involved
    4. Facilitates the identification and analysis of IT risk and ensures the organization’s informed response to that risk.

    Symptoms of poor governance of risk

    • Opportunities for value creation are missed by not considering or assessing IT risk, or by completely avoiding all risk.
    • No formal risk management process or accountabilities exist.
    • There is no business continuity strategy.
    • Frequent security breaches occur.
    • System downtime occurs due to failed IT changes.

    Governance of PPM

    Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.

    PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.

    GOVERNANCE ROLES:

    1. Ensures that the projects that deliver greater business value get a higher priority.
    2. Provides adequate funding for the priority projects and ensures adequate resourcing and funding balanced across the entire portfolio of projects.
    3. Makes the business and IT jointly accountable for setting project priorities.
    4. Evaluate, direct, and monitor IT value metrics and endorse the IT strategy and monitor progress.

    Symptoms of poor governance of PPM/investments

    • The IT investment mix is determined solely by Finance and IT.
    • It is difficult to get important projects approved.
    • Projects are started then halted, and resources are moved to other projects.
    • Senior management has no idea what projects are in the backlog.
    • Projects are approved without a valid business case.

    Governance of PROJECTS

    Governance of projects improves the quality and speed of decision making for project issues.

    Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.

    Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.

    GOVERNANCE ROLES:

    1. Monitors and evaluates the project management process and critical project methodology metrics.
    2. Ensures review and mitigation of project issue and that management is aware of projects in crisis.
    3. Ensures that projects beginning to show characteristics of failure cannot proceed until issues are resolved.
    4. Endorses the project risk criteria, and monitors major risks to project completion.
    5. Approves the launch and execution of projects.

    Symptoms of poor governance of projects

    • Projects frequently fail or get cancelled.
    • Project risks and issues are not identified or addressed.
    • There is no formal project management process.
    • There is no senior stakeholder responsible for making project decisions.
    • There is no formal project reporting.

    Governance of SERVICES

    Governance of services ensures delivery of a highly reliable set of IT services.

    Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.

    GOVERNANCE ROLES:

    1. Ensures the satisfactory performance of those services critical to achieving business objectives.
    2. Monitors and directs changes in service levels.
    3. Ensures operational and performance objectives for IT services are met.
    4. Approves policy and standards on the service portfolio.

    Symptoms of poor governance of service

    • There is a misalignment of business needs and expectations with IT capability.
    • No metrics are reported for IT services.
    • The business is unaware of the IT services available to them.
    • There is no accountability for service level performance.
    • There is no continuous improvement plan for IT services.
    • IT services or systems are frequently unavailable.
    • Business satisfaction with IT scores are low.

    Governance of INFORMATION

    Governance of information ensures the proper handling of data and information.

    Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.

    GOVERNANCE ROLES:

    1. Ensures the information lifecycle owner and process are defined and endorse by business leadership.
    2. Ensures the controlled access to a comprehensive information management system.
    3. Ensures knowledge, information, and data are gathered, analyzed, stored, shared, used, and maintained.
    4. Ensures that external regulations are identified and met.

    Symptoms of poor governance of information

    • There is a lack of clarity around data ownership, and data quality standards.
    • There is insufficient understanding of what knowledge, information, and data are needed by the organization.
    • There is too much effort spent on knowledge capture as opposed to knowledge transfer and re-use.
    • There is too much focus on storing and sharing knowledge and information that is not up to date or relevant.
    • Personnel see information management as interfering with their work.

    Identify the responsibilities of the IT steering committee

    1.5

    1. With your IT leadership team, review the typical responsibilities of the IT steering committee on the following slide.
    2. Print off the following slide, and in your teams of 1-2 have each group identify which responsibilities they believe the IT steering committee should have, brainstorm any additional responsibilities, and document their reasoning.
    3. Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.

    4. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of responsibilities.
    5. Complete a sanity check – review your swot analysis and survey results. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    6. As a group, consider the responsibilities and consider whether you can reasonably implement those in one year, or if there are any that will need to wait until year two of the IT steering committee.
    7. Modify the list of responsibilities in Info-Tech’s IT Steering Committee Charter by deleting the responsibilities you do not need and adding any that you identified in the process.

    INPUT

    • SWOT analysis
    • Survey reports

    OUTPUT

    • Defined ITSC responsibilities documented in the ITSC Charter

    Materials

    • Responsibilities handout
    • Voting dots

    Participants

    • IT leadership team

    Typical IT steering committee and governance responsibilities

    The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.

    INVESTMENTS / PPM

    • Establish the target investment mix
    • Evaluate and select programs/projects to fund
    • Monitor IT value metrics
    • Endorse the IT budget
    • Monitor and report on program/project outcomes
    • Direct the governance optimization
    • Endorse the IT strategy

    PROJECTS

    • Monitor project management metrics
    • Approve launch of projects
    • Review major obstacles to project completion
    • Monitor a standard approach to project management
    • Monitor and direct project risk
    • Monitor requirements gathering process effectiveness
    • Review feasibility studies and formulate alternative solutions for high risk/high investment projects

    SERVICE

    • Monitor stakeholder satisfaction with services
    • Monitor service metrics
    • Approve plans for new or changed service requirements
    • Monitor and direct changes in service levels
    • Endorse the enterprise architecture
    • Approve policy and standards on the service portfolio
    • Monitor performance and capacity

    RISK

    • Monitor risk management metrics
    • Review the prioritized list of risks
    • Monitor changes in external regulations
    • Maintain risk profiles
    • Approve the risk management emergency action process
    • Maintain a mitigation plan to minimize risk impact and likelihood
    • Evaluate risk management
    • Direct risk management

    INFORMATION / DATA

    • Define information lifecycle process ownership
    • Monitor information lifecycle metrics
    • Define and monitor information risk
    • Approve classification categories of information
    • Approve information lifecycle process
    • Set policies on retirement of information

    Determine committee membership based on the committee’s responsibilities

    • One of the biggest benefits to an IT steering committee is it involves key leadership from the various lines of business across the organization.
    • However, in most cases, more people get involved than is required, and all the committee ends up accomplishing is a lot of theorizing. Participants should be selected based on the identified responsibilities of the IT steering committee.
    • If the responsibilities don’t match the participants, this will negatively impact committee effectiveness as leaders become disengaged in the process and don’t feel like it applies to them or accomplishes the desired goals. Once participants begin dissenting, it’s significantly more difficult to get results.
    • Be careful! When you have more than one individual in a specific role, select only the people whose attendance is absolutely critical. Don’t let your governance collapse under committee overload!

    LIKELY PARTICIPANT EXAMPLES:

    MUNICIPALITY

    • City Manager
    • CIO/IT Leader
    • CCO
    • CFO
    • Division Heads

    EDUCATION

    • Provost
    • Vice Provost
    • VP Academic
    • VP Research
    • VP Public Affairs
    • VP Operations
    • VP Development
    • Etc.

    HEALTHCARE

    • President/CEO
    • CAO
    • EVP/ EDOs
    • VPs
    • CIO
    • CMO

    PRIVATE ORGANIZATIONS

    • CEO
    • CFO
    • COO
    • VP Marketing
    • VP Sales
    • VP HR
    • VP Product Development
    • VP Engineering
    • Etc.

    Identify committee participants and responsibility cadence

    1.6

    1. In a meeting with your IT leadership team, review the list of committee responsibilities and document them on a whiteboard.
    2. For each responsibility, identify the individuals whom you would want to be either responsible or accountable for that decision.
    3. Repeat this until you’ve completed the exercise for each responsibility.
    4. Group the responsibilities with the same participants and highlight groupings with less than four participants. Consider the responsibility and determine whether you need to change the wording to make it more applicable or if you should remove the responsibility.
    5. Review the grouping, the responsibilities within them, and their participants, and assess how frequently you would like to meet about them – annually, quarterly, or monthly. (Note: suggested frequency can be found in the IT Steering Committee Charter.)
    6. Subdivide the responsibilities for the groupings to determine your annual, quarterly, and monthly meeting schedule.
    7. Validate that one steering committee is all that is needed, or divide the responsibilities into multiple committees.
    8. Document the committee participants in the IT Steering Committee Charter and remove any unneeded responsibilities identified in the previous exercise.

    INPUT

    • List of responsibilities

    OUTPUT

    • ITSC participants list
    • Meeting schedule

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    Committees can only be effective if they have clear and documented authority

    It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.

    Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.

    An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.

    RESPONSIBLE: The one responsible for getting the job done.

    ACCOUNTABLE: Only one person can be accountable for each task.

    CONSULTED: Involvement through input of knowledge and information.

    INFORMED: Receiving information about process execution and quality.

    A chart is depicted to show an example of the authority matrix using the RACI model.

    Define IT steering committee participant RACI for each of the responsibilities

    1.7

    1. Use the table provided in the IT Steering Committee Charter and edit he list of responsibilities to reflect the chosen responsibilities of your ITSC.
    2. Along the top of the chart list the participant names, and in the right hand column of the table document the agreed upon timing from the previous exercise.
    3. For each of the responsibilities identify whether participants are Responsible, Accountable, Consulted, or Informed by denoting an R, A, C, I, or N/A in the table. Use N/A if this is a responsibility that the participant has no involvement in.
    4. Review your finalized RACI chart. If there are participants who are only consulted or informed about the majority of responsibilities, consider removing them from the IT steering committee. You only want the decision makers on the committee.

    INPUT

    • Responsibilities
    • Participants

    OUTPUT

    • RACI documented in the ITSC Charter

    Materials

    • ITSC RACI template
    • Projector

    Participants

    • IT leadership

    Building the agenda may seem trivial, but it is key for running effective meetings

    49% of people consider unfocused meetings as the biggest workplace time waster.*

    63% of the time meetings do not have prepared agendas.*

    80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*

    *(Source: http://visual.ly/fail-plan-plan-fail).

    EFFECTIVE MEETING AGENDAS:

    1. Have clearly defined meeting objectives.
    2. Effectively time-boxed based on priority items.
    3. Defined at least two weeks prior to the meetings.
    4. Evaluated regularly – are not static.
    5. Leave time at the end for new business, thus minimizing interruptions.

    BUILDING A CONSENT AGENDA

    A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.

    Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.

    Define the IT steering committee meeting agendas and procedures

    1.8

    Agendas

    1. Review the listed responsibilities, participants, and timing as identified in a previous exercise.
    2. Annual meeting: Identify if all of the responsibilities will be included in the annual meeting agenda (likely all governance responsibilities).
    3. Quarterly Meeting Agenda: Remove the meeting responsibilities from the annual meeting agenda that are not required and create a list of responsibilities for the quarterly meetings.
    4. Monthly Meeting Agenda: Remove all responsibilities from the list that are only annual or quarterly and compile a list of monthly meeting responsibilities.
    5. Review each responsibility, and estimate the amount of time each task will take within the meeting. We recommend giving yourself at least an extra 10-20% more time for each agenda item for your first meeting. It’s better to have more time than to run out.
    6. Complete the Agenda Template in the IT Steering Committee Charter.

    Procedures:

    1. Review the list of IT steering committee procedures, and replace the grey text with the information appropriate for your organization.

    INPUT

    • Responsibility cadence

    OUTPUT

    • ITSC annual, quarterly, monthly meeting agendas & procedures

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    Draft your IT steering committee purpose statement and goals

    1.9

    1. In a meeting with your IT leadership team – and considering the defined responsibilities, participants, and opportunities and threats identified – review the example goal statement in the IT Steering Committee Charter, and first identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      1. What three things would you realistically list for the ITSC to achieve.
      2. If you were to accomplish three things in the next year, what would those be?
    3. Document those goals in the IT Steering Committee Charter.
    4. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why it does it, and the goals.
    5. Have each individual review the example purpose statement, and draft what they think a good purpose statement would be.
    6. Present each statement, and work together to determine a best of breed statement.
    7. Document this in the IT Steering Committee Charter.

    INPUT

    • Responsibilities, participants, top 10 lists of challenges and opportunities.

    OUTPUT

    • ITSC goals and purpose statement

    Materials

    • ITSC Charter

    Participants

    • IT leadership team

    CASE STUDY

    "Clearly defined Committee Charter allows CIO to escape the bad reputation of previous committee."

    Industry: Consumer Goods

    Source: Interview

    CHALLENGE

    The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.

    In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.

    SOLUTION

    The new CIO decided to build the new steering committee from the ground up in a systematic way.

    She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.

    Using this info she outlined the new steering committee charter and included in it the:

    1. Purpose
    2. Responsibilities
    3. RACI Chart
    4. Procedures

    OUTCOME

    The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is displayed. 1.1 is about surveying your ITSC stakeholders.

    Survey your ITSC stakeholders

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.

    1.7

    A screenshot of activity 1.7 is displayed. 1.7 is about defining a participant RACI for each of the responsibilities.

    Define a participant RACI for each of the responsibilities

    The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.

    Phase 2

    Build the IT Steering Committee Process

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Define your ITSC Processes
    Proposed Time to Completion: 2 weeks

    Review SIPOCs and Process Creation

    Start with an analyst kick-off call:

    • Review the purpose of the SIPOC and how to build one

    Then complete these activities…

    • Build a draft SIPOC for your organization

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize the SIPOC

    Review Draft SIPOC:

    • Review and make changes to the SIPOC
    • Discuss potential metrics

    Then complete these activities…

    • Test survey link
    • Info-Tech launches survey

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Finalize Metrics

    Finalize phase deliverable:

    • Finalize metrics

    Then complete these activities…

    • Establish ITSC metric triggers

    With these tools & templates:

    Phase 2 of the Establish an Effective IT Steering Committee blueprint

    Build the IT Steering Committee Process

    This step will walk you through the following activities:

    • Define high-level steering committee processes using SIPOC
    • Select steering committee metrics

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.

    Build your high-level IT steering committee processes to enable committee functionality

    The IT steering committee is only valuable if members are able to successfully execute on responsibilities.

    One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.

    The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.

    Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    Define the high-level process for each of the IT steering committee responsibilities

    Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.

    Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.

    By doing so you’ll ensure that:

    1. Information and documentation required to complete each responsibility is identified.
    2. That the results of committee meetings are distributed to those customers who need the information.
    3. Inputs and outputs are identified and that there is defined accountability for providing these.

    Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.

    Supplier Input
    Who provides the inputs to the governance responsibility. The documented information, data, or policy required to effectively respond to the responsibility.
    Process
    In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing.
    Output Customer
    The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. Receiver of the outputs from the committee responsibility.

    Define your SIPOC model for each of the IT steering committee responsibilities

    2.1

    1. In a meeting with your IT leadership, draw the SIPOC model on a whiteboard or flip-chart paper. Either review the examples on the following slides or start from scratch.
    2. If you are adjusting the following slides, consider the templates you already have which would be appropriate inputs and make adjustments as needed.

    For atypical responsibilities:

    1. Start with the governance responsibility and identify what specifically it is that the IT steering committee is doing with regards to that responsibility. Write that in the center of the model.
    2. As a group, consider what information or documentation would be required by the participants to effectively execute on the responsibility.
    3. Identify which individual will supply each piece of documentation. This person will be accountable for this moving forward.
    4. Outputs: Once the committee has met about the responsibility, what information or documentation will be produced. List all of those documents.
    5. Identify the individuals who need to receive the outputs of the information.
    6. Repeat this for all of the responsibilities.
    7. Once complete, document the SIPOC models in the IT Steering Committee Charter.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities.

    Materials

    • Whiteboard
    • Markers
    • ITSC Charter

    Participants

    • IT leadership team

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Establish the target investment mix
    Supplier Input
    CIO
    • Target investment mix and rationale
    Process
    Responsibility: The IT steering committee shall review and approve the target investment mix.
    Output Customer
    • Approval of target investment mix
    • Rejection of target investment mix
    • Request for additional information
    • CFO
    • CIO
    • IT leadership
    SIPOC: Endorse the IT budget
    Supplier Input
    CIO
    • Recommendations

    See Info-Tech’s blueprint IT Budget Presentation

    Process

    Responsibility: Review the proposed IT budget as defined by the CIO and CFO.

    Output Customer
    • Signed endorsement of the IT budget
    • Request for additional information
    • Recommendation for changes to the IT budget.
    • CFO
    • CIO
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor IT value metrics
    Supplier Input
    CIO
    • IT value dashboard
    • Key metric takeaways
    • Recommendations
    CIO Business Vision
    Process

    Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics.

    Output Customer
    • Launch corrective task force
    • Accept recommendations
    • Define target metrics
    • CEO
    • CFO
    • Business executives
    • CIO
    • IT leadership
    SIPOC: Evaluate and select programs/projects to fund
    Supplier Input
    PMO
    • Recommended project list
    • Project intake documents
    • Prioritization criteria
    • Capacity metrics
    • IT budget

    See Info-Tech’s blueprint

    Grow Your Own PPM Solution
    Process

    Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget.

    It is also responsible for identifying the prioritization criteria in line with organizational priorities.

    Output Customer
    • Approved project list
    • Request for additional information
    • Recommendation for increased resources
    • PMO
    • CIO
    • Project sponsors

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Endorse the IT strategy
    Supplier Input
    CIO
    • IT strategy presentation

    See Info-Tech’s blueprint

    IT Strategy and Roadmap
    Process

    Responsibility: Review, understand, and endorse the IT strategy.

    Output Customer
    • Signed endorsement of the IT strategy
    • Recommendations for adjustments
    • CEO
    • CFO
    • Business executives
    • IT leadership
    SIPOC: Monitor project management metrics
    Supplier Input
    PMO
    • Project metrics report with recommendations
    Process

    Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept project metrics performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • PMO
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve launch of planned and unplanned project
    Supplier Input
    CIO
    • Project list and recommendations
    • Resourcing report
    • Project intake document

    See Info-Tech’s Blueprint:

    Grow Your Own PPM Solution
    Process

    Responsibility: Review the list of projects and approve the launch or reprioritization of projects.

    Output Customer
    • Approved launch of projects
    • Recommendations for changes to project list
    • CFO
    • CIO
    • IT leadership
    SIPOC: Monitor stakeholder satisfaction with services and other service metrics
    Supplier Input
    Service Manager
    • Service metrics report with recommendations
    Info-Tech End User Satisfaction Report
    Process

    Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept service level performance
    • Accept recommendations
    • Launch corrective task force
    • Define target metrics
    • Service manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Approve plans for new or changed service requirements
    Supplier Input
    Service Manager
    • Service change request
    • Project request and change plan
    Process

    Responsibility: Review IT recommendations, approve changes, and communicate those to staff.

    Output Customer
    • Approved service changes
    • Rejected service changes
    • Service manager
    • Organizational staff
    SIPOC: Monitor risk management metrics
    Supplier Input
    CIO
    • Risk metrics report with recommendations
    Process

    Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • Business executives
    • IT leadership

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Review the prioritized list of risks
    Supplier Input
    Risk Manager
    • Risk register
    • Mitigation strategies
    See Info-Tech’s risk management research to build a holistic risk strategy.
    Process

    Responsibility: Accept the risk registrar and define any additional action required.

    Output Customer
    • Accept risk register and mitigation strategy
    • Launch corrective task force to address risks
    • Risk manager
    • IT leadership
    • CRO
    SIPOC: Define information lifecycle process ownership
    Supplier Input
    CIO
    • List of risk owner options with recommendations
    See Info-Tech’s related blueprint: Information Lifecycle Management
    Process

    Responsibility: Define responsibility and accountability for information lifecycle ownership.

    Output Customer
    • Defined information lifecycle owner
    • Organization wide.

    SIPOC examples for typical ITSC responsibilities

    SIPOC: Monitor information lifecycle metrics
    Supplier Input
    Information lifecycle owner
    • Information metrics report with recommendations
    Process

    Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action.

    Output Customer
    • Accept information management performance
    • Accept recommendations
    • Launch corrective task force to address challenges
    • Define target metrics
    • IT leadership

    Define which metrics you will report to the IT steering committee

    2.2

    1. Consider your IT steering committee goals and the five IT governance areas.
    2. For each governance area, identify which metrics you are currently tracking and determine whether these metrics are valuable to IT, to the business, or both. For metrics that are valuable to business stakeholders determine whether you have an identified target metric.

    New Metrics:

    1. For each of the five IT governance areas review your SWOT analysis and document your key opportunities and weaknesses.
    2. For each, brainstorm hypotheses around why the opportunity was weak or was a success. For each hypothesis identify if there are any clear ways to measure and test the hypothesis.
    3. Review the list of metrics and select 5-7 metrics to track for each prioritized governance area.

    INPUT

    • List of responsibilities
    • Example SIPOCs

    OUTPUT

    • SIPOC model for all responsibilities

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership team

    IT steering committee metric triggers to consider

    RISK

    • Risk profile % increase
    • # of actionable risks outstanding
    • # of issues arising not identified prior
    • # of security breaches

    SERVICE

    • Number of business disruptions due to IT service incidents
    • Number of service requests by department
    • Number of service requests that are actually projects
    • Causes of tickets overall and by department
    • Percentage of duration attributed to waiting for client response

    PROJECTS

    • Projects completed within budget
    • Percentage of projects delivered on time
    • Project completion rate
    • IT completed assigned portion to scope
    • Project status and trend dashboard

    INFORMATION / DATA

    • % of data properly classified
    • # of incidents locating data
    • # of report requests by complexity
    • # of open data sets

    PPM /INVESTMENTS

    • CIO Business Vision (an Info-Tech diagnostic survey that helps align IT strategy with business goals)
    • Level of stakeholder satisfaction and perceived value
    • Percentage of ON vs. OFF cycle projects by area/silo
    • Realized benefit to business units based on investment mix
    • Percent of enterprise strategic goals and requirements supported by strategic goals
    • Target vs. actual budget
    • Reasons for off-cycle projects causing delays to planned projects

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "IT steering committee’s reputation greatly improved by clearly defining its process."

    CHALLENGE

    One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.

    This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.

    SOLUTION

    The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.

    She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.

    OUTCOME

    The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    An image of an Info-Tech analyst is depicted.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is depicted. Activity 2.1 is about defining a SIPOC for each of the ITSC responsibilities.

    Define a SIPOC for each of the ITSC responsibilities

    Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.

    2.2

    A screenshot of activity 2.2 is depicted. Activity 2.2 is about establishing the reporting metrics for the ITSC.

    Establish the reporting metrics for the ITSC

    The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.

    Phase 3

    Build the Stakeholder Presentation

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Build the Stakeholder Presentation
    Proposed Time to Completion: 1 week

    Customize the Presentation

    Start with an analyst kick-off call:

    • Review the IT Steering Committee Stakeholder Presentation with an analyst

    Then complete these activities…

    • Schedule the first meeting and invite the ITSC members
    • Customize the presentation template

    With these tools & templates:

    IT Steering Committee Stakeholder Presentation


    Review and Practice the Presentation

    Review findings with analyst:

    • Review the changes made to the template
    • Practice the presentation and create a script

    Then complete these activities…

    • Hold the ITSC meeting

    With these tools & templates:

    • IT Steering Committee Stakeholder Presentation
    Review the First ITSC Meeting

    Finalize phase deliverable:

    • Review the outcomes of the first ITSC meeting and plan out the next steps

    Then complete these activities…

    • Review the discussion and plan next steps

    With these tools & templates:

    Establish an Effective IT Steering Committee blueprint

    Build the Stakeholder Presentation

    This step will walk you through the following activities:

    • Organizing the first ITSC meeting
    • Customizing an ITSC stakeholder presentation
    • Determine ITSC responsibilities and participants
    • Determine ITSC procedures

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.

    Hold a kick-off meeting with your IT steering committee members to explain the process, responsibilities, and goals

    3.1

    Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.

    Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.

    Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.

    At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.

    A screenshot of IT Steering Committee: Meeting 1 is depicted. A screenshot of the IT Steering Committee Challenges and Opportunities for the organization.

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 1-5

    3.2 Estimated Time: 10 minutes

    Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.

    Customization Options

    Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.

    Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.

    Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)

    Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Tailor the IT Steering Committee Stakeholder Presentation template: slides 6-10

    3.2 Estimated Time: 10 minutes

    Customization Options

    Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.

    Slides 7-9:

    • Review the agenda items as listed in your IT Steering Committee Charter. Document the annual, quarterly, and monthly meeting responsibilities on the left-hand side of slides 7-9.
    • Meeting Participants: For each slide, list the members who are required for that meeting.
    • Document the key required reading materials as identified in the SIPOC charts under “inputs.”
    • Document the key meeting outcomes as identified in the SIPOC chart under “outputs.”

    Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.

    INPUT

    • Top 10 list
    • Survey report
    • ITSC Charter

    OUTPUT

    • Ready-to-present presentation for defined stakeholders

    Materials

    • IT Steering Committee Stakeholder Presentation

    Participants

    • IT Steering Committee Chair/CIO

    Present the information to the IT leadership team to increase your comfort with the material

    3.3 Estimated Time: 1-2 hours

    1. Once you have finished customizing the IT Steering Committee Stakeholder Presentation, practice presenting the material by meeting with your IT leadership team. This will help you become more comfortable with the dialog and anticipate any questions that might arise.
    2. The ITSC chair will present the meeting deck, and all parties should discuss what they think went well and opportunities for improvement.
    3. Each business relationship manager should document the needed changes in preparation for their first meeting.

    INPUT

    • IT Steering Committee Stakeholder Presentation - Meeting 1

    Participants

    • IT leadership team

    Schedule your first meeting of the IT steering committee

    3.4

    By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.

    The meeting should be one hour in duration and completed in person.

    Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.

    Customize this calendar invite script to invite business partners to participate in the meeting.

    Hello [Name],

    As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.

    The goals of the meeting are:

    1. Discuss the benefits of an IT steering committee
    2. Review the results of the organizational survey
    3. Introduce you to our new IT steering committee

    I look forward to starting this discussion with you and working with you more closely in the future.

    Warm regards,

    CASE STUDY

    Industry:Consumer Goods

    Source: Interview

    "CIO gains buy-in from the company by presenting the new committee to its stakeholders."

    CHALLENGE

    Communication was one of the biggest steering committee challenges that the new CIO inherited.

    Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.

    She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.

    SOLUTION

    The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.

    She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.

    OUTCOME

    Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of Activity 3.1 is depicted. Activity 3.1 is about creating a presentation for ITSC stakeholders to be presented at the first ITSC meeting.

    Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting

    Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.

    Phase 4

    Define the Prioritization Criteria

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation : Define the Prioritization Criteria
    Proposed Time to Completion: 4 weeks

    Discuss Prioritization Criteria

    Start with an analyst kick-off call:

    • Review sample project prioritization criteria and discuss criteria unique to your organization

    Then complete these activities...

    • Select the criteria that would be most effective for your organization
    • Input these into the tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Customize the IT Steering Committee Project Prioritization Tool

    Review findings with analyst:

    • Review changes made to the tool
    • Finalize criteria weighting

    Then complete these activities…

    • Pilot test the tool using projects from the previous year

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Review Results of the Pilot Test

    Finalize phase deliverable:

    • Review the results of the pilot test
    • Make changes to the tool

    Then complete these activities…

    • Input your current project portfolio into the prioritization tool

    With these tools & templates:

    IT Steering Committee Project Prioritization Tool

    Define the Project Prioritization Criteria

    This step will walk you through the following activities:

    • Selecting the appropriate project prioritization criteria for your organization
    • Developing weightings for the prioritization criteria
    • Filling in Info-Tech’s IT Steering Committee Project Prioritization Tool

    This step involves the following participants:

    • CIO
    • IT Steering Committee
    • IT Leadership Team
    • PMO

    Key Insight:

    The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.

    Understand the role of the IT steering committee in project prioritization

    One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.

    What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.

    What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.

    Info-Tech’s Sample Criteria

    Value

    Strategic Alignment: How much a project supports the strategic goals of the organization.

    Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers.

    Operational Alignment: Whether the project will address operational issues or compliance.

    Execution

    Financial: Predicted ROI and cost containment strategies.

    Risk: Involved with not completing projects and strategies to mitigate it.

    Feasibility: How easy the project is to complete and whether staffing resources exist.

    Use Info-Tech’s IT Steering Committee Project Prioritization Tool to catalog and prioritize your project portfolio

    4.1

    • Use Info-Tech’s IT Steering Committee Project Prioritization Tool in conjunction with the following activities to catalog and prioritize all of the current IT projects in your portfolio.
    • Assign weightings to your selected criteria to prioritize projects based on objective scores assigned during the intake process and adjust these weightings on an annual basis to align with changing organizational priorities and goals.
    • Use this tool at steering committee meetings to streamline the prioritization process and create alignment with the PMO and project managers.
    • Monitor ongoing project status and build a communication channel between the PMO and project managers and the IT steering committee.
    • Adjusting the titles in the Settings tab will automatically adjust the titles in the Project Data tab.
    • Note: To customize titles in the document you must unprotect the content under the View tab. Be sure to change the content back to protected after making the changes.
    A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The first page of the tool is shown. A screenshot of Info-Tech's IT Steering Committee Project Prioritization Tool is depicted. The page depicted is on the Intake and Prioritization Tool Settings.

    Establish project prioritization criteria and build the matrix

    4.2 Estimated Time: 1 hour

    1. During the second steering committee meeting, discuss the criteria you will be basing your project prioritization scoring on.
    2. Review Info-Tech’s prioritization criteria matrix, located in the Prioritization Criteria List tab of the IT Steering Committee Project Prioritization Tool, to gain ideas for what criteria would best suit your organization.
    3. Write these main criteria on the whiteboard and brainstorm criteria that are more specific for your organization; include these on the list as well.
    4. Discuss the criteria. Eliminate criteria that won’t contribute strongly to the prioritization process and vote on the remaining. Select four main criteria from the list.
    5. After selecting the four main criteria, write these on the whiteboard and brainstorm the dimensions that fall under the criteria. These should be more specific/measurable aspects of the criteria. These will be the statements that values are assigned to for prioritizing projects so they should be clear. Use the Prioritization Criteria List in the tool to help generate ideas.
    6. After creating the dimensions, determine what the scoring statements will be. These are the statements that will be used to determine the score out of 10 that the different dimensions will receive.
    7. Adjust the Settings and Project Data tabs in the IT Steering Committee Project Prioritization Tool to reflect your selections.
    8. Edit Info-Tech’s IT Project Intake Form or the intake form that you currently use to contain these criteria and scoring parameters.

    INPUT

    • Group input
    • IT Steering Committee Project Prioritization Tool

    OUTPUT

    • Project prioritization criteria to be used for current and future projects

    Materials

    • Whiteboard and markers

    Participants

    • IT steering committee
    • CIO
    • IT leadership

    Adjust prioritization criteria weightings to reflect organizational needs

    4.3 Estimated Time: 1 hour

    1. In the second steering committee meeting, after deciding what the project prioritization criteria will be, you need to determine how much weight (the importance) each criteria will receive.
    2. Use the four agreed upon criteria with two dimensions each, determined in the previous activity.
    3. Perform a $100 test to assign proportions to each of the criteria dimensions.
      1. Divide the committee into pairs.
      2. Tell each pair that they have $100 divide among the 4 major criteria based on how important they feel the criteria is.
      3. After dividing the initial $100, ask them to divide the amount they allocated to each criteria into the two sub-dimensions.
      4. Next, ask them to present their reasoning for the allocations to the rest of the committee.
      5. Discuss the weighting allotments and vote on the best one (or combination).
      6. Input the weightings in the Settings tab of the IT Steering Committee Project Prioritization Tool and document the discussion.
    4. After customizing the chart establish the owner of the document. This person should be a member of the PMO or the most suitable IT leader if a PMO doesn’t exist.
    5. Only perform this adjustment annually or if a major strategic change happens within the organization.

    INPUT

    • Group discussion

    OUTPUT

    • Agreed upon criteria weighting
    • Complete prioritization tool

    Materials

    • IT Steering Committee Project Prioritization Tool
    • Whiteboard and sticky notes

    Participants

    • IT steering committee
    • IT leadership

    Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.

    Configure the prioritization tool to align your portfolio with business strategy

    4.4 Estimated Time: 60 minutes

    Download Info-Tech’s Project Intake and Prioritization Tool.

    A screenshot of Info-Tech's Project Intake and Prioritization Tool.

    Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.

    Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.

    The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).

    Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.

    Validate your new prioritization criteria using previous projects

    4.5 Estimated Time: 2 hours

    1. After deciding on the prioritization criteria, you need to test their validity.
    2. Look at the portfolio of projects that were completed in the previous year.
    3. Go through each project and score it according to the criteria that were determined in the previous exercise.
    4. Enter the scores and appropriate weighting (according to goals/strategy of the previous year) into the IT Steering Committee Project Prioritization Tool.
    5. Look at the prioritization given to the projects in reference to how they were previously prioritized.
    6. Adjust the criteria and weighting to either align the new prioritization criteria with previous criteria or to align with desired outcomes.
    7. After scoring the old projects, pilot test the tool with upcoming projects.

    INPUT

    • Information on previous year’s projects
    • Group discussion

    OUTPUT

    • Pilot tested project prioritization criteria

    Materials

    • IT Steering Committee Project Prioritization Tool

    Participants

    • IT steering committee
    • IT leadership
    • PMO

    Pilot the scorecard to validate criteria and weightings

    4.6 Estimated Time: 60 minutes

    1. Pilot your criteria and weightings in the IT Steering Committee Project Prioritization Tool using project data from one or two projects currently going through approval process.
    2. For most projects, you will be able to determine strategic and operational alignment early in the scoring process, while the feasibility and financial requirements will come later during business case development. Score each column as you can. The tool will automatically track your progress in the Scoring Progress column on the Project Data tab.

    Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:

    • Assumptions in business case have changed.
    • Organizational change – e.g. a new CEO or a change in strategic objectives.
    • Major emergencies or disruptions – e.g. a security breach.

    Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool

    A screenshot of Info-Tech's <em data-verified=IT Steering Committee Project Prioritization Tool is depicted. The Data Tab is shown.">

    Use Info-Tech’s IT Project Intake Form to streamline the project prioritization and approval process

    4.7

    • Use Info-Tech’s IT Project Intake Form template to streamline the project intake and prioritization process.
    • Customize the chart on page 2 to include the prioritization criteria that were selected during this phase of the blueprint.
    • Including the prioritization criteria at the project intake phase will free up a lot of time for the steering committee. It will be their job to verify that the criteria scores are accurate.
    A screenshot of Info-Tech's IT Project Intake Form is depicted.

    After prioritizing and selecting your projects, determine how they will be resourced

    Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.

    A Screenshot of Info-Tech's Create Project Management Success Blueprint is depicted. Create Project Management Success A Screenshot of Info-Tech's Develop a Project Portfolio Management Strategy Blueprint is depicted. Develop a Project Portfolio Management Strategy

    CASE STUDY

    Industry: Consumer Goods

    Source: Interview

    "Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."

    CHALLENGE

    One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.

    The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.

    SOLUTION

    The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.

    All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.

    The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.

    OUTCOME

    This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.

    The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is depicted. Activity 4.1 was about defining your prioritization criteria and customize our <em data-verified=IT Steering Committee Project Prioritization Tool.">

    Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool

    With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.

    Research contributors and experts

    • Andy Lomasky, Manager, Technology & Management Consulting, McGladrey LLP
    • Angie Embree, CIO, Best Friends Animal Society
    • Corinne Bell, CTO and Director of IT Services, Landmark College
    • John Hanskenecht, Director of Technology, University of Detroit Jesuit High School and Academy
    • Lori Baker, CIO, Village of Northbrook
    • Lynne Allard, IT Supervisor, Nipissing Parry Sound Catholic School Board
    • Norman Allen, Senior IT Manager, Baker Tilly
    • Paul Martinello, VP, IT Services, Cambridge and North Dumfries Hydro Inc.
    • Renee Martinez, IT Director/CIO, City of Santa Fe
    • Sam Wong, Director, IT, Seneca College
    • Suzanne Barnes, Director, Information Systems, Pathfinder International
    • Walt Joyce, CTO, Peoples Bank

    Appendices

    GOVERNANCE & ITSC & IT Management

    Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.

    The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.

    Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.

    These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.

    IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.

    Strategic IT Steering Committee
    Tactical

    Project Governance Service Governance

    Risk Governance Information Governance

    IT Management
    Operational Risk Task Force

    This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.

    IT steering committees play an important role in IT governance

    By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.

    The five governance areas are:

    Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.

    Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.

    Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.

    Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.

    Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.

    A survey of stakeholders identified a need for increased stakeholder involvement and transparency in decision making

    A bar graph is depicted. The title is: I understand how decisions are made in the following areas. The areas include risk, services, projects, portfolio, and information. A circle graph is depicted. The title is: Do IT decisions involve the right people?

    Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.

    Satisfaction with decision quality around investments and PPM are uneven and largely not well understood

    72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Overall, services were ranked #1 in importance of the 5 areas

    62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. Title of the graph: IT decisions around service delivery and quality involve the right people?

    Projects ranked as one of the areas with which participants are most satisfied with the quality of decisions

    70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions and transparency around IT services? A bar graph is depicted. The title is: IT decisions around project changes, delays, and metrics involve the right people?

    Stakeholders are largely unaware of how decisions around risk are made and believe business participation needs to increase

    78% of stakeholders do not understand how decisions around risk are made

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions made around risk? A bar graph is depicted. The title is: IT decisions around acceptable risk involve the right people?

    The majority of stakeholders believe that they are aware of how decisions around information are made

    67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.

    A bar graph is depicted. The title is: How satisfied are you with the quality of decisions around information governance? A bar graph is depicted. The title is: IT decisions around information retention and classification involve the right people?

    Create an Agile-Friendly Project Gating and Governance Approach

    • Buy Link or Shortcode: {j2store}162|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 57 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
    • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

    Our Advice

    Critical Insight

    Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

    Impact and Result

    • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
    • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
    • Define a revised set of project gating artifacts that support Agile delivery methods.
    • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

    Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

    This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

    • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

    2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

    Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

    • Gates 3 and 3A Checklists

    3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

    Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

    • Agilometer

    4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

    Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

    • Agile Project Status Report

    5. Project Burndown Chart – A tool to let you monitor project burndown over time.

    Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

    • Project Burndown Chart

    6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

    Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

    • Traditional to Agile Gating Artifact Mapping
    [infographic]

    Further reading

    Create an Agile-Friendly Project Gating and Governance Approach

    Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

    Table of Contents

    Analyst Perspective

    Executive Summary

    Phase 1: Establish Your Gating and Governance Purpose

    Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

    Phase 3: Complete Your Agile Gating Framework

    Where Do I Go Next?

    Bibliography

    Facilitator Slides

    Analyst Perspective

    Make your gating and governance process Agile friendly by following a “trust but verify” approach

    Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

    Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

    If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
    Principal Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
    • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
    Common Obstacles
    • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
    • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
    • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
    Info-Tech’s Approach
    • Begin by understanding the fundamental purpose of project gating and governance.
    • Next, understand the major differences between Agile and Waterfall delivery methods.
    • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
    Info-Tech Insight

    Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

    Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

    1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
    Phase Steps

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like and Why

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create an Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    Phase Outcomes
    1. Your gating/governance purpose statement
    2. A fundamental understanding of the difference between traditional and Agile delivery methods.
    1. An understanding of Info-Tech’s Agile Gating Framework
    2. Your Gates 3 and 3A checklists
    3. Your Agilometer tool
    4. Your Agile project status report template
    5. Your Agile health check tool
    1. Artifact map for your Agile gating framework
    2. Roadmap for Agile gating implementation

    Key Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

    Agilometer Tool

    Create your customized Agilometer tool to determine project support and oversight needs.
    Sample of the 'Agilometer Tool' deliverable.

    Gates 3 and 3A Checklists

    Create your customized checklists for projects at Gates 3 and 3A.
    Sample of the 'Gates 3 and 3A Checklists' deliverable.

    Agile-Friendly Project Status Report

    Create your Agile-friendly project status report to monitor progress.
    Sample of the 'Agile-Friendly Project Status Report' deliverable.

    Artifact Mapping Tool

    Map your traditional gating artifacts to their Agile replacements.
    Sample of the 'Artifact Mapping Tool' deliverable.

    Create an Agile-Friendly Project Gating and Governance Approach

    Phase 1

    Establish your gating and governance purpose

    Phase 1

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like And Why

    Phase 2

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create Your Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    Phase 3

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    This phase will walk you through the following activities:

    • Understand why gating and governance are so important to your organization.
    • Compare and contrast traditional to Agile delivery.
    • Identify what form traditional gating takes in your organization.

    This phase involves the following participants:

    • PMO/Gating Body
    • Delivery Managers
    • Delivery Teams
    • Other Interested Parties

    Agile gating–related facts and figures

    73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

    71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

    Moving to an Agile-friendly gating approach has many benefits:
    • Faster response to change
    • Improved productivity
    • Higher team morale
    • Better product quality
    • Faster releases
    (Journal of Product Innovation Management)

    Traditional gating approaches can undermine an Agile project

    • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
    • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
    • The same can be said for other common phase-gate requirements including:
      • Imposing a formal (and onerous) change control process on project requirements.
      • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
      • Asking the project to produce a detailed project plan.
    (DZone)
    Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

    Before reworking your gating approach, you need to consider two important questions

    Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

    1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
    2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

    Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

    Build a Strong Technology Foundation for Customer Experience Management

    • Buy Link or Shortcode: {j2store}526|cart{/j2store}
    • member rating overall impact (scale of 10): 8.6/10 Overall Impact
    • member rating average dollars saved: $340,152 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Technology is a fundamental enabler of an organization’s customer experience management (CXM) strategy. However, many IT departments fail to take a systematic approach when building a portfolio of applications for supporting marketing, sales, and customer service functions.
    • The result is a costly, ineffective, and piecemeal approach to CXM application deployment (including high-profile applications like CRM).

    Our Advice

    Critical Insight

    • IT must work in lockstep with their counterparts in marketing, sales, and customer service to define a unified vision and strategic requirements for enabling a strong CXM program.
    • To deploy applications that specifically align with the needs of the organization’s customers, IT leaders must work with the business to define and understand customer personas and common interaction scenarios. CXM applications are mission critical and failing to link them to customer needs can have a detrimental effect on customer satisfaction and ultimately, revenue.
    • IT must act as a valued partner to the business in creating a portfolio of CXM applications that are cost effective.
    • Organizations should create a repeatable framework for CXM application deployment that addresses critical issues, including the integration ecosystem, customer data quality, dashboards and analytics, and end-user adoption.

    Impact and Result

    • Establish strong application alignment to strategic requirements for CXM that is based on concrete customer personas.
    • Improve underlying business metrics across marketing, sales, and service, including customer acquisition, retention, and satisfaction metrics.
    • Better align IT with customer experience needs.

    Build a Strong Technology Foundation for Customer Experience Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong technology foundation for CXM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive value with CXM

    Understand the benefits of a robust CXM strategy.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 1: Drive Value with CXM
    • CXM Strategy Stakeholder Presentation Template
    • CXM Strategy Project Charter Template

    2. Create the framework

    Identify drivers and objectives for CXM using a persona-driven approach and deploy the right applications to meet those objectives.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 2: Create the Framework
    • CXM Business Process Shortlisting Tool
    • CXM Portfolio Designer

    3. Finalize the framework

    Complete the initiatives roadmap for CXM.

    • Build a Strong Technology Foundation for Customer Experience Management – Phase 3: Finalize the Framework
    [infographic]

    Workshop: Build a Strong Technology Foundation for Customer Experience Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Vision for CXM Technology Enablement

    The Purpose

    Establish a consistent vision across IT, marketing, sales, and customer service for CXM technology enablement.

    Key Benefits Achieved

    A clear understanding of key business and technology drivers for CXM.

    Activities

    1.1 CXM fireside chat

    1.2 CXM business drivers

    1.3 CXM vision statement

    1.4 Project structure

    Outputs

    CXM vision statement

    CXM project charter

    2 Conduct the Environmental Scan and Internal Review

    The Purpose

    Create a set of strategic requirements for CXM based on a thorough external market scan and internal capabilities assessment.

    Key Benefits Achieved

    Well-defined technology requirements based on rigorous, multi-faceted analysis.

    Activities

    2.1 PEST analysis

    2.2 Competitive analysis

    2.3 Market and trend analysis

    2.4 SWOT analysis

    2.5 VRIO analysis

    2.6 Channel map

    Outputs

    Completed external analysis

    Strategic requirements (from external analysis)

    Completed internal review

    Channel interaction map

    3 Build Customer Personas and Scenarios

    The Purpose

    Augment strategic requirements through customer persona and scenario development.

    Key Benefits Achieved

    Functional requirements aligned to supporting steps in customer interaction scenarios.

    Activities

    3.1 Persona development

    3.2 Scenario development

    3.3 Requirements definition for CXM

    Outputs

    Personas and scenarios

    Strategic requirements (based on personas)

    4 Create the CXM Application Portfolio

    The Purpose

    Using the requirements identified in the preceding modules, build a future-state application inventory for CXM.

    Key Benefits Achieved

    A cohesive, rationalized portfolio of customer interaction applications that aligns with identified requirements and allows investment (or rationalization) decisions to be made.

    Activities

    4.1 Build business process maps

    4.2 Review application satisfaction

    4.3 Create the CXM application portfolio

    4.4 Prioritize applications

    Outputs

    Business process maps

    Application satisfaction diagnostic

    Prioritized CXM application portfolio

    5 Review Best Practices and Confirm Initiatives

    The Purpose

    Establish repeatable best practices for CXM applications in areas such as data management and end-user adoption.

    Key Benefits Achieved

    Best practices for rollout of new CXM applications.

    A prioritized initiatives roadmap.

    Activities

    5.1 Create data integration map

    5.2 Define adoption best practices

    5.3 Build initiatives roadmap

    5.4 Confirm initiatives roadmap

    Outputs

    Integration map for CXM

    End-user adoption plan

    Initiatives roadmap

    Further reading

    Build a Strong Technology Foundation for Customer Experience Management

    Design an end-to-end technology strategy to enhance marketing effectiveness, drive sales, and create compelling customer service experiences.

    ANALYST PERSPECTIVE

    Technology is the catalyst to create – and keep! – your customers.

    "Customers want to interact with your organization on their own terms, and in the channels of their choice (including social media, mobile applications, and connected devices). Regardless of your industry, your customers expect a frictionless experience across the customer lifecycle. They desire personalized and well-targeted marketing messages, straightforward transactions, and effortless service. Research shows that customers value – and will pay more for! – well-designed experiences.

    Strong technology enablement is critical for creating customer experiences that drive revenue. However, most organizations struggle with creating a cohesive technology strategy for customer experience management (CXM). IT leaders need to take a proactive approach to developing a strong portfolio of customer interaction applications that are in lockstep with the needs of their marketing, sales, and customer service teams. It is critical to incorporate the voice of the customer into this strategy.

    When developing a technology strategy for CXM, don’t just “pave the cow path,” but instead move the needle forward by providing capabilities for customer intelligence, omnichannel interactions, and predictive analytics. This blueprint will help you build an integrated CXM technology roadmap that drives top-line revenue while rationalizing application spend."

    Ben Dickie

    Research Director, Customer Experience Strategy

    Info-Tech Research Group

    Framing the CXM project

    This Research Is Designed For:

    • IT leaders who are responsible for crafting a technology strategy for customer experience management (CXM).
    • Applications managers who are involved with the selection and implementation of critical customer-centric applications, such as CRM platforms, marketing automation tools, customer intelligence suites, and customer service solutions.

    This Research Will Help You:

    • Clearly link your technology-enablement strategy for CXM to strategic business requirements and customer personas.
    • Build a rationalized portfolio of enterprise applications that will support customer interaction objectives.
    • Adopt standard operating procedures for CXM application deployment that address issues such as end-user adoption and data quality.

    This Research Will Also Assist:

    • Business leaders in marketing, sales, and customer service who want to deepen their understanding of CXM technologies, and apply best practices for using these technologies to drive competitive advantage.
    • Marketing, sales, and customer service managers involved with defining requirements and rolling out CXM applications.

    This Research Will Help Them:

    • Work hand-in-hand with counterparts in IT to deploy high-value business applications that will improve core customer-facing metrics.
    • Understand the changing CXM landscape and use the art of the possible to transform the internal technology ecosystem and drive meaningful customer experiences.

    Executive summary

    Situation

    • Customer expectations for personalization, channel preferences, and speed-to-resolution are at an all-time high.
    • Your customers are willing to pay more for high-value experiences, and having a strong customer CXM strategy is a proven path to creating sustainable value for the organization.

    Complication

    • Technology is a fundamental enabler of an organization’s CXM strategy. However, many IT departments fail to take a systematic approach to building a portfolio of applications to support Marketing, Sales, and Customer Service.
    • The result is a costly, ineffective, and piecemeal approach to CXM application deployment (including high profile applications like CRM).

    Resolution

    • IT must work in lockstep with their counterparts in marketing, sales, and customer service to define a unified vision, strategic requirements and roadmap for enabling strong customer experience capabilities.
    • In order to deploy applications that don’t simply follow previously established patterns but are aligned with the specific needs of the organization’s customers, IT leaders must work with the business to define and understand customer personas and common interaction scenarios. CXM applications are mission critical and failing to link them to customer needs can have a detrimental effect on customer satisfaction – and ultimately revenue.
    • IT must act as a valued partner to the business in creating a portfolio of CXM applications that are cost effective.
    • Organizations should create a repeatable framework for CXM application deployment that addresses critical issues, including the integration ecosystem, customer data quality, dashboards and analytics, and end-user adoption.

    Info-Tech Insight

    1. IT can’t hide behind the firewall. IT must understand the organization’s customers to properly support marketing, sales, and service efforts.
    2. IT – or Marketing – must not build the CXM strategy in a vacuum if they want to achieve a holistic, consistent, and seamless customer experience.
    3. IT must get ahead of shadow IT. To be seen as an innovator within the business, IT must be a leading enabler in building a rationalized and integrated CXM application portfolio.

    Guide to frequently used acronyms

    CXM - Customer Experience Management

    CX - Customer Experience

    CRM - Customer Relationship Management

    CSM - Customer Service Management

    MMS - Marketing Management System

    SMMP - Social Media Management Platform

    RFP - Request for Proposal

    SaaS - Software as a Service

    Customers’ expectations are on the rise: meet them!

    Today’s consumers expect speed, convenience, and tailored experiences at every stage of the customer lifecycle. Successful organizations strive to support these expectations.

    67% of end consumers will pay more for a world-class customer experience. 74% of business buyers will pay more for strong B2B experiences. (Salesforce, 2018)

    5 CORE CUSTOMER EXPECTATIONS

    1. More personalization
    2. More product options
    3. Constant contact
    4. Listen closely, respond quickly
    5. Give front-liners more control

    (Customer Experience Insight, 2016)

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    Realize measurable value by enabling CXM

    Providing a seamless customer experience increases the likelihood of cross-sell and up-sell opportunities and boosts customer loyalty and retention. IT can contribute to driving revenue and decreasing costs by providing the business with the right set of tools, applications, and technical support.

    Contribute to the bottom line

    Cross-sell, up-sell, and drive customer acquisition.

    67% of consumers are willing to pay more for an upgraded experience. (Salesforce, 2018)

    80%: The margin by which CX leaders outperformer laggards in the S&P 500.(Qualtrics, 2017)

    59% of customers say tailored engagement based on past interactions is very important to winning their business. (Salesforce, 2018)

    Enable cost savings

    Focus on customer retention as well as acquisition.

    It is 6-7x more costly to attract a new customer than it is to retain an existing customer. (Salesforce Blog, 2019)

    A 5% increase in customer retention has been found to increase profits by 25% to 95%. (Bain & Company, n.d.)

    Strategic CXM is gaining traction with your competition

    Organizations are prioritizing CXM capabilities (and associated technologies) as a strategic investment. Keep pace with the competition and gain a competitive advantage by creating a cohesive strategy that uses best practices to integrate marketing, sales, and customer support functions.

    87% of customers share great experiences they’ve had with a company. (Zendesk, n.d.)

    61% of organizations are investing in CXM. (CX Network, 2015)

    53% of organizations believe CXM provides a competitive advantage. (Harvard Business Review, 2014)

    Top Investment Priorities for Customer Experience

    1. Voice of the Customer
    2. Customer Insight Generation
    3. Customer Experience Governance
    4. Customer Journey Mapping
    5. Online Customer Experience
    6. Experience Personalization
    7. Emotional Engagement
    8. Multi-Channel Integration/Omnichannel
    9. Quality & Customer Satisfaction Management
    10. Customer/Channel Loyalty & Rewards Programs

    (CX Network 2015)

    Omnichannel is the way of the future: don’t be left behind

    Get ahead of the competition by doing omnichannel right. Devise a CXM strategy that allows you to create and maintain a consistent, seamless customer experience by optimizing operations within an omnichannel framework. Customers want to interact with you on their own terms, and it falls to IT to ensure that applications are in place to support and manage a wide range of interaction channels.

    Omnichannel is a “multi-channel approach to sales that seeks to provide the customer with a seamless transactional experience whether the customer is shopping online from a desktop or mobile device, by telephone, or in a bricks and mortar store.” (TechTarget, 2014)

    97% of companies say that they are investing in omnichannel. (Huffington Post, 2015)

    23% of companies are doing omnichannel well.

    CXM applications drive effective multi-channel customer interactions across marketing, sales, and customer service

    The success of your CXM strategy depends on the effective interaction of various marketing, sales, and customer support functions. To deliver on customer experience, organizations need to take a customer-centric approach to operations.

    From an application perspective, a CRM platform generally serves as the unifying repository of customer information, supported by adjacent solutions as warranted by your CXM objectives.

    CXM ECOSYSTEM

    Customer Relationship Management Platform

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Application spotlight: Customer experience platforms

    Description

    CXM solutions are a broad range of tools that provide comprehensive feature sets for supporting customer interaction processes. These suites supplant more basic applications for customer interaction management. Popular solutions that fall under the umbrella of CXM include CRM suites, marketing automation tools, and customer service applications.

    Features and Capabilities

    • Manage sales pipelines, provide quotes, and track client deliverables.
    • View all opportunities organized by their current stage in the sales process.
    • View all interactions that have occurred between employees and the customer, including purchase order history.
    • Manage outbound marketing campaigns via multiple channels (email, phone, social, mobile).
    • Build visual workflows with automated trigger points and business rules engine.
    • Generate in-depth customer insights, audience segmentation, predictive analytics, and contextual analytics.
    • Provide case management, ticketing, and escalation capabilities for customer service.

    Highlighted Vendors

    Microsoft Dynamics

    Adobe

    Marketo

    sprinklr

    Salesforce

    SugarCRM

    Application spotlight: Customer experience platforms

    Key Trends

    • CXM applications have decreased their focus on departmental silos to make it easier to share information across the organization as departments demand more data.
    • Vendors are developing deeper support of newer channels for customer interaction. This includes providing support for social media channels, native mobile applications, and SMS or text-based services like WhatsApp and Facebook Messenger.
    • Predictive campaigns and channel blending are becoming more feasible as vendors integrate machine learning and artificial intelligence into their applications.
    • Content blocks are being placed on top of scripting languages to allow for user-friendly interfaces. There is a focus on alleviating bottlenecks where content would have previously needed to go through a specialist.
    • Many vendors of CXM applications are placing increased emphasis on strong application integration both within and beyond their portfolios, with systems like ERP and order fulfillment.

    Link to Digital Strategy

    • For many organizations that are building out a digital strategy, improving customer experience is often a driving factor: CXM apps enable this goal.
    • As part of a digital strategy, create a comprehensive CXM application portfolio by leveraging both core CRM suites and point solutions.
    • Ensure that a point solution aligns with the digital strategy’s technology drivers and user personas.

    CXM KPIs

    Strong CXM applications can improve:

    • Lead Intake Volume
    • Lead Conversion Rate
    • Average Time to Resolution
    • First-Contact Resolution Rate
    • Customer Satisfaction Rate
    • Share-of-Mind
    • Share-of-Wallet
    • Customer Lifetime Value
    • Aggregate Reach/Impressions

    IT is critical to the success of your CXM strategy

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder-to-shoulder with the business to develop a technology framework for CXM.

    Top 5 Challenges with CXM for Marketing

    1. Maximizing customer experience ROI
    2. Achieving a single view of the customer
    3. Building new customer experiences
    4. Cultivating a customer-focused culture
    5. Measuring CX investments to business outcomes

    Top 5 Obstacles to Enabling CXM for IT

    1. Systems integration
    2. Multichannel complexity
    3. Organizational structure
    4. Data-related issues
    5. Lack of strategy

    (Harvard Business Review, 2014)

    Only 19% of organizations have a customer experience team tasked with bridging gaps between departments. (Genesys, 2018)

    IT and Marketing can only tackle CXM with the full support of each other. The cooperation of the departments is crucial when trying to improve CXM technology capabilities and customer interaction and drive a strong revenue mandate.

    CXM failure: Blockbuster

    CASE STUDY

    Industry Entertainment

    Source Forbes, 2014

    Blockbuster

    As the leader of the video retail industry, Blockbuster had thousands of retail locations internationally and millions of customers. Blockbuster’s massive marketing budget and efficient operations allowed it to dominate the competition for years.

    Situation

    Trends in Blockbuster’s consumer market changed in terms of distribution channels and customer experience. As the digital age emerged and developed, consumers were looking for immediacy and convenience. This threatened Blockbuster’s traditional, brick-and-mortar B2C operating model.

    The Competition

    Netflix entered the video retail market, making itself accessible through non-traditional channels (direct mail, and eventually, the internet).

    Results

    Despite long-term relationships with customers and competitive standing in the market, Blockbuster’s inability to understand and respond to changing technology trends and customer demands led to its demise. The organization did not effectively leverage internal or external networks or technology to adapt to customer demands. Blockbuster went bankrupt in 2010.

    Customer Relationship Management

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management
    • Customer Intelligence
    • Customer Service
    • Marketing Management

    Blockbuster did not leverage emerging technologies to effectively respond to trends in its consumer network. It did not optimize organizational effectiveness around customer experience.

    CXM success: Netflix

    CASE STUDY

    Industry Entertainment

    Source Forbes, 2014

    Netflix

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    The Situation

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    The Competition

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great CXM. Netflix is now a $28 billion company, which is tenfold what Blockbuster was worth.

    Customer Relationship Management Platform

    • Web Experience Management Platform
    • E-Commerce & Point of Sale Solutions
    • Social Media Management Platform
    • Customer Intelligence Platform
    • Customer Service Management Tools
    • Marketing Management Suite

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.

    Leverage Info-Tech’s approach to succeed with CXM

    Creating an end-to-end technology-enablement strategy for CXM requires a concerted, dedicated effort: Info-Tech can help with our proven approach.

    Build the CXM Project Charter

    Conduct a Thorough Environmental Scan

    Build Customer Personas and Scenarios

    Draft Strategic CXM Requirements

    Build the CXM Application Portfolio

    Implement Operational Best Practices

    Why Info-Tech’s Approach?

    Info-Tech draws on best-practice research and the experiences of our global member base to develop a methodology for CXM that is driven by rigorous customer-centric analysis.

    Our approach uses a unique combination of techniques to ensure that your team has done its due diligence in crafting a forward-thinking technology-enablement strategy for CXM that creates measurable value.

    A global professional services firm drives measurable value for CXM by using persona design and scenario development

    CASE STUDY

    Industry Professionals Services

    Source Info-Tech Workshop

    The Situation

    A global professional services firm in the B2B space was experiencing a fragmented approach to customer engagement, particularly in the pre-sales funnel. Legacy applications weren’t keeping pace with an increased demand for lead evaluation and routing technology. Web experience management was also an area of significant concern, with a lack of ongoing customer engagement through the existing web portal.

    The Approach

    Working with a team of Info-Tech facilitators, the company was able to develop several internal and external customer personas. These personas formed the basis of strategic requirements for a new CXM application stack, which involved dedicated platforms for core CRM, lead automation, web content management, and site analytics.

    Results

    Customer “stickiness” metrics increased, and Sales reported significantly higher turnaround times in lead evaluations, resulting in improved rep productivity and faster cycle times.

    Components of a persona
    Name Name personas to reflect a key attribute such as the persona’s primary role or motivation.
    Demographic Include basic descriptors of the persona (e.g. age, geographic location, preferred language, education, job, employer, household income, etc.)
    Wants, needs, pain points Identify surface-level motivations for buying habits.
    Psychographic/behavioral traits Observe persona traits that are representative of the customers’ behaviors (e.g. attitudes, buying patterns, etc.).

    Follow Info-Tech’s approach to build your CXM foundation

    Create the Project Vision

    • Identify business and IT drivers
    • Outputs:
      • CXM Strategy Guiding Principles

    Structure the Project

    • Identify goals and objectives for CXM project
    • Form Project Team
    • Establish timeline
    • Obtain project sponsorship
    • Outputs:
      • CXM Strategy Project Charter

    Scan the External Environment

    • Create CXM operating model
    • Conduct external analysis
    • Create customer personas
    • Outputs:
      • CXM Operating Model
    • Conduct PEST analysis
    • Create persona scenarios
    • Outputs:
      • CXM Strategic Requirements

    Assess the Current State of CXM

    • Conduct SWOT analysis
    • Assess application usage and satisfaction
    • Conduct VRIO analysis
    • Outputs:
      • CXM Strategic Requirements

    Create an Application Portfolio

    • Map current processes
    • Assign business process owners
    • Create channel map
    • Build CXM application portfolio
    • Outputs:
      • CXM Application Portfolio Map

    Develop Deployment Best Practices

    • Develop CXM integration map
    • Create mitigation plan for poor data quality
    • Outputs:
      • Data Quality Preservation Map

    Create an Initiative Rollout Plan

    • Create risk management plan
    • Identify work initiative dependencies
    • Create roadmap
    • Outputs:
      • CXM Initiative Roadmap

    Confirm and Finalize the CXM Blueprint

    • Identify success metrics
    • Create stakeholder communication plan
    • Present CXM strategy to stakeholders
    • Outputs:
      • Stakeholder Presentation

    Info-Tech offers various levels of support to suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Strong Technology Foundation for CXM – project overview

    1. Drive Value With CXM 2. Create the Framework 3. Finalize the Framework
    Best-Practice Toolkit

    1.1 Create the Project Vision

    1.2 Structure the CXM Project

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Guided Implementations
    • Determine project vision for CXM.
    • Review CXM project charter.
    • Review environmental scan.
    • Review application portfolio for CXM.
    • Confirm deployment best practices.
    • Review initiatives rollout plan.
    • Confirm CXM roadmap.
    Onsite Workshop Module 1: Drive Measurable Value with a World-Class CXM Program Module 2: Create the Strategic Framework for CXM Module 3: Finalize the CXM Framework

    Phase 1 Outcome:

    • Completed drivers
    • Completed project charter

    Phase 2 Outcome:

    • Completed personas and scenarios
    • CXM application portfolio

    Phase 3 Outcome:

    • Strategic summary blueprint

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Create the Vision for CXM Enablement

    1.1 CXM Fireside Chat

    1.2 CXM Business Drivers

    1.3 CXM Vision Statement

    1.4 Project Structure

    Conduct the Environmental Scan and Internal Review

    2.1 PEST Analysis

    2.2 Competitive Analysis

    2.3 Market and Trend Analysis

    2.4 SWOT Analysis

    2.5 VRIO Analysis

    2.6 Channel Mapping

    Build Personas and Scenarios

    3.1 Persona Development

    3.2 Scenario Development

    3.3 Requirements Definition for CXM

    Create the CXM Application Portfolio

    4.1 Build Business Process Maps

    4.2 Review Application Satisfaction

    4.3 Create the CXM Application Portfolio

    4.4 Prioritize Applications

    Review Best Practices and Confirm Initiatives

    5.1 Create Data Integration Map

    5.2 Define Adoption Best Practices

    5.3 Build Initiatives Roadmap

    5.4 Confirm Initiatives Roadmap

    Deliverables
    1. CXM Vision Statement
    2. CXM Project Charter
    1. Completed External Analysis
    2. Completed Internal Review
    3. Channel Interaction Map
    4. Strategic Requirements (from External Analysis)
    1. Personas and Scenarios
    2. Strategic Requirements (based on personas)
    1. Business Process Maps
    2. Application Satisfaction Diagnostic
    3. Prioritized CXM Application Portfolio
    1. Integration Map for CXM
    2. End-User Adoption Plan
    3. Initiatives Roadmap

    Phase 1

    Drive Measurable Value With a World-Class CXM Program

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Drive Measurable Value With a World-Class CXM Program

    Proposed Time to Completion: 2 weeks

    Step 1.1: Create the Project Vision

    Start with an analyst kick-off call:

    • Review key drivers from a technology and business perspective for CXM
    • Discuss benefits of strong technology enablement for CXM

    Then complete these activities…

    • CXM Fireside Chat
    • CXM Business and Technology Driver Assessment
    • CXM Vision Statement

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Step 1.2: Structure the Project

    Review findings with analyst:

    • Assess the CXM vision statement for competitive differentiators
    • Determine current alignment disposition of IT with different business units

    Then complete these activities…

    • Team Composition and Responsibilities
    • Metrics Definition

    With these tools & templates:

    • CXM Strategy Project Charter Template

    Phase 1 Results & Insights:

    • Defined value of strong technology enablement for CXM
    • Completed CXM project charter

    Step 1.1: Create the Project Vision

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Fireside Chat: Discuss past challenges and successes with CXM
    • Identify business and IT drivers to establish guiding principles for CXM

    Outcomes:

    • Business benefits of a rationalized technology strategy to support CXM
    • Shared lessons learned
    • Guiding principles for providing technology enablement for CXM

    Building a technology strategy to support customer experience isn’t an option – it’s a mission-critical activity

    • Customer-facing departments supply the lifeblood of a company: revenue. In today’s fast-paced and interconnected world, it’s becoming increasingly imperative to enable customer experience processes with a wide range of technologies, from lead automation to social relationship management. CXM is the holistic management of customer interaction processes across marketing, sales, and customer service to create valuable, mutually beneficial customer experiences. Technology is a critical building block for enabling CXM.
    • The parallel progress of technology and process improvement is essential to an efficient and effective CXM program. While many executives prefer to remain at the status quo, new technologies have caused major shifts in the CXM environment. If you stay with the status quo, you will fall behind the competition.
    • However, many IT departments are struggling to keep up with the pace of change and find themselves more of a firefighter than a strategic partner to marketing, sales, and service teams. This not only hurts the business, but it also tarnishes IT’s reputation.

    An aligned, optimized CX strategy is:

    Rapid: to intentionally and strategically respond to quickly-changing opportunities and issues.

    Outcome-based: to make key decisions based on strong business cases, data, and analytics in addition to intuition and judgment.

    Rigorous: to bring discipline and science to bear; to improve operations and results.

    Collaborative: to conduct activities in a broader ecosystem of partners, suppliers, vendors, co-developers, and even competitors.

    (The Wall Street Journal, 2013)

    Info-Tech Insight

    If IT fails to adequately support marketing, sales, and customer service teams, the organization’s revenue will be in direct jeopardy. As a result, CIOs and Applications Directors must work with their counterparts in these departments to craft a cohesive and comprehensive strategy for using technology to create meaningful (and profitable) customer experiences.

    Fireside Chat, Part 1: When was technology an impediment to customer experience at your organization?

    1.1.1 30 minutes

    Input

    • Past experiences of the team

    Output

    • Lessons learned

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Think about a time when technology was an impediment to a positive customer experience at your organization. Reflect on the following:
      • What frustrations did the application or the technology cause to your customers? What was their reaction?
      • How did IT (and the business) identify the challenge in the first place?
      • What steps were taken to mitigate the impact of the problem? Were these steps successful?
      • What were the key lessons learned as part of the challenge?

    Fireside Chat, Part 2: What customer success stories has your organization created by using new technologies?

    1.1.2 30 minutes

    Input

    • Past experiences of the team

    Output

    • Lessons learned

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Think about a time when your organization successfully leveraged a new application or new technology to enhance the experience it provided to customers. Reflect on this experience and consider:
      • What were the organizational drivers for rolling out the new application or solution?
      • What obstacles had to be overcome in order to successfully deploy the solution?
      • How did the application positively impact the customer experience? What metrics improved?
      • What were the key lessons learned as part of the deployment? If you had to do it all over again, what would you do differently?

    Develop a cohesive, consistent, and forward-looking roadmap that supports each stage of the customer lifecycle

    When creating your roadmap, consider the pitfalls you’ll likely encounter in building the IT strategy to provide technology enablement for customer experience.

    There’s no silver bullet for developing a strategy. You can encounter pitfalls at a myriad of different points including not involving the right stakeholders from the business, not staying abreast of recent trends in the external environment, and not aligning sales, marketing, and support initiatives with a focus on the delivery of value to prospects and customers.

    Common Pitfalls When Creating a Technology-Enablement Strategy for CXM

    Senior management is not involved in strategy development.

    Not paying attention to the “art of the possible.”

    “Paving the cow path” rather than focusing on revising core processes.

    Misalignment between objectives and financial/personnel resources.

    Inexperienced team on either the business or IT side.

    Not paying attention to the actions of competitors.

    Entrenched management preferences for legacy systems.

    Sales culture that downplays the potential value of technology or new applications.

    IT is only one or two degrees of separation from the end customer: so take a customer-centric approach

    IT →Marketing, Sales, and Service →External Customers

    Internal-Facing Applications

    • IT enables, supports, and maintains the applications used by the organization to market to, sell to, and service customers. IT provides the infrastructural and technical foundation to operate the function.

    Customer-Facing Applications

    • IT supports customer-facing interfaces and channels for customer interaction.
    • Channel examples include web pages, mobile device applications and optimization, and interactive voice response for callers.

    Info-Tech Insight

    IT often overlooks direct customer considerations when devising a technology strategy for CXM. Instead, IT leaders rely on other business stakeholders to simply pass on requirements. By sitting down with their counterparts in marketing and sales, and fully understanding business drivers and customer personas, IT will be much better positioned to roll out supporting applications that drive customer engagement.

    A well-aligned CXM strategy recognizes a clear delineation of responsibilities between IT, sales, marketing, and service

    • When thinking about CXM, IT must recognize that it is responsible for being a trusted partner for technology enablement. This means that IT has a duty to:
      • Develop an in-depth understanding of strategic business requirements for CXM. Base your understanding of these business requirements on a clear conception of the internal and external environment, customer personas, and business processes in marketing, sales, and customer service.
      • Assist with shortlisting and supporting different channels for customer interaction (including email, telephony, web presence, and social media).
      • Create a rationalized, cohesive application portfolio for CXM that blends different enabling technologies together to support strategic business requirements.
      • Provide support for vendor shortlisting, selection, and implementation of CXM applications.
      • Assist with end-user adoption of CXM applications (i.e. training and ongoing support).
      • Provide initiatives that assist with technical excellence for CXM (such as data quality, integration, analytics, and application maintenance).
    • The business (marketing, sales, customer service) owns the business requirements and must be responsible for setting top-level objectives for customer interaction (e.g. product and pricing decisions, marketing collateral, territory management, etc.). IT should not take over decisions on customer experience strategy. However, IT should be working in lockstep with its counterparts in the business to assist with understanding business requirements through a customer-facing lens. For example, persona development is best done in cross-functional teams between IT and Marketing.

    Activity: Identify the business drivers for CXM to establish the strategy’s guiding principles

    1.1.3 30 minutes

    Input

    • Business drivers for CXM

    Output

    • Guiding principles for CXM strategy

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Define the assumptions and business drivers that have an impact on technology enablement for CXM. What is driving the current marketing, sales, and service strategy on the business side?
    Business Driver Name Driver Assumptions, Capabilities, and Constraints Impact on CXM Strategy
    High degree of customer-centric solution selling A technically complex product means that solution selling approaches are employed – sales cycles are long. There is a strong need for applications and data quality processes that support longer-term customer relationships rather than transactional selling.
    High desire to increase scalability of sales processes Although sales cycles are long, the organization wishes to increase the effectiveness of rep time via marketing automation where possible. Sales is always looking for new ways to leverage their reps for face-to-face solution selling while leaving low-level tasks to automation. Marketing wants to support these tasks.
    Highly remote sales team and unusual hours are the norm Not based around core hours – significant overtime or remote working occurs frequently. Misalignment between IT working only core hours and after-hours teams leads to lag times that can delay work. Scheduling of preventative sales maintenance must typically be done on weekends rather than weekday evenings.

    Activity: Identify the IT drivers for CXM to establish the strategy’s guiding principles

    1.1.4 30 minutes

    Input

    • IT drivers for CXM

    Output

    • Guiding principles for CXM strategy

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Define the assumptions and IT drivers that have an impact on technology enablement for CXM. What is driving the current IT strategy for supporting marketing, sales, and service initiatives?
    IT Driver Name Driver Assumptions, Capabilities, and Constraints Impact on CXM Strategy
    Sales Application Procurement Methodology Strong preference for on-premise COTS deployments over homebrewed applications. IT may not be able to support cloud-based sales applications due to security requirements for on premise.
    Vendor Relations Minimal vendor relationships; SLAs not drafted internally but used as part of standard agreement. IT may want to investigate tightening up SLAs with vendors to ensure more timely support is available for their sales teams.
    Development Methodology Agile methodology employed, some pockets of Waterfall employed for large-scale deployments. Agile development means more perfective maintenance requests come in, but it leads to greater responsiveness for making urgent corrective changes to non-COTS products.
    Data Quality Approach IT sees as Sales’ responsibility IT is not standing as a strategic partner for helping to keep data clean, causing dissatisfaction from customer-facing departments.
    Staffing Availability Limited to 9–5 Execution of sales support takes place during core hours only, limiting response times and access for on-the-road sales personnel.

    Activity: Use IT and business drivers to create guiding principles for your CXM technology-enablement project

    1.1.5 30 minutes

    Input

    • Business drivers and IT drivers from 1.1.3 and 1.1.4

    Output

    • CXM mission statement

    Materials

    • Whiteboard
    • Markers

    Participants

    • Core Team

    Instructions

    1. Based on the IT and business drivers identified, craft guiding principles for CXM technology enablement. Keep guiding principles in mind throughout the project and ensure they support (or reconcile) the business and IT drivers.

    Guiding Principle Description
    Sales processes must be scalable. Our sales processes must be able to reach a high number of target customers in a short time without straining systems or personnel.
    Marketing processes must be high touch. Processes must be oriented to support technically sophisticated, solution-selling methodologies.

    2. Summarize the guiding principles above by creating a CXM mission statement. See below for an example.

    Example: CXM Mission Statement

    To ensure our marketing, sales and service team is equipped with tools that will allow them to reach out to a large volume of contacts while still providing a solution-selling approach. This will be done with secure, on-premise systems to safeguard customer data.

    Ensure that now is the right time to take a step back and develop the CXM strategy

    Determine if now is the right time to move forward with building (or overhauling) your technology-enablement strategy for CXM.

    Not all organizations will be able to proceed immediately to optimize their CXM technology enablement. Determine if the organizational willingness, backbone, and resources are present to commit to overhauling the existing strategy. If you’re not ready to proceed, consider waiting to begin this project until you can procure the right resources.

    Do not proceed if:

    • Your current strategy for supporting marketing, sales, and service is working well and IT is already viewed as a strategic partner by these groups. Your current strategy is well aligned with customer preferences.
    • The current strategy is not working well, but there is no consensus or support from senior management for improving it.
    • You cannot secure the resources or time to devote to thoroughly examining the current state and selecting improvement initiatives.
    • The strategy has been approved, but there is no budget in place to support it at this time.

    Proceed if:

    • Senior management has agreed that technology support for CXM should be improved.
    • Sub-divisions within IT, sales, marketing, and service are on the same page about the need to improve alignment.
    • You have an approximate budget to work with for the project and believe you can secure additional funding to execute at least some improvement initiatives.
    • You understand how improving CXM alignment will fit into the broader customer interaction ecosystem in your organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.3; 1.1.4; 1.1.5 - Identify business and IT drivers to create CXM guiding principles

    The facilitator will work with stakeholders from both the business and IT to identify implicit or explicit strategic drivers that will support (or pose constraints on) the technology-enablement framework for the CXM strategy. In doing so, guiding principles will be established for the project.

    Step 1.2: Structure the Project

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Define the project purpose, objectives, and business metrics
    • Define the scope of the CXM strategy
    • Create the project team
    • Build a RACI chart
    • Develop a timeline with project milestones
    • Identify risks and create mitigation strategies
    • Complete the strategy project charter and obtain approval

    Outcomes:

    CXM Strategy Project Charter Template

    • Purpose, objectives, metrics
    • Scope
    • Project team & RACI
    • Timeline
    • Risks & mitigation strategies
    • Project sponsorship

    Use Info-Tech’s CXM Strategy Project Charter Template to outline critical components of the CXM project

    1.2.1 CXM Strategy Project Charter Template

    Having a project charter is the first step for any project: it specifies how the project will be resourced from a people, process, and technology perspective, and it clearly outlines major project milestones and timelines for strategy development. CXM technology enablement crosses many organizational boundaries, so a project charter is a very useful tool for ensuring everyone is on the same page.

    Sections of the document:

    1. Project Drivers, Rationale, and Context
    2. Project Objectives, Metrics, and Purpose
    3. Project Scope Definition
    4. Project Team Roles and Responsibilities (RACI)
    5. Project Timeline
    6. Risk Mitigation Strategy
    7. Project Metrics
    8. Project Review & Approvals

    INFO-TECH DELIVERABLE

    CXM Strategy Project Charter Template

    Populate the relevant sections of your project charter as you complete activities 1.2.2-1.2.8.

    Understand the roles necessary to complete your CXM technology-enablement strategy

    Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.

    Title Role Within Project Structure
    Project Sponsor
    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CIO, CMO, VP of Sales, VP of Customer Care, or similar
    Project Manager
    • The IT individual(s) that will oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications or other IT Manager, Business Analyst, Business Process Owner, or similar
    Business Lead
    • Works alongside the IT PM to ensure that the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar
    Project Team
    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions. Can assist with persona and scenario development for CXM.
    • Project Manager, Business Lead, CRM Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs
    Steering Committee
    • Comprised of C-suite/management level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs and similar

    Info-Tech Insight

    Do not limit project input or participation to the aforementioned roles. Include subject matter experts and internal stakeholders at particular stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CXM technology-enablement strategy.

    Activity: Kick-off the CXM project by defining the project purpose, project objectives, and business metrics

    1.2.2 30 minutes

    Input

    • Activities 1.1.1 to 1.1.5

    Output

    • Drivers & rationale
    • Purpose statement
    • Business goals
    • Business metrics
    • CXM Strategy Project Charter Template, sections 1.0, 2.0, and 2.1

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Sponsor
    • Project Manager
    • Business Lead
    • Steering Committee

    Instructions

    Hold a meeting with IT, Marketing, Sales, Service, Operations, and any other impacted business stakeholders that have input into CXM to accomplish the following:

    1. Discuss the drivers and rationale behind embarking on a CXM strategy.
    2. Develop and concede on objectives for the CXM project, metrics that will gauge its success, and goals for each metric.
    3. Create a project purpose statement that is informed by decided-upon objectives and metrics from the steps above. When establishing a project purpose, ask the question, “what are we trying to accomplish?”
    • Example: Project Purpose Statement
      • The organization is creating a CXM strategy to gather high-level requirements from the business, IT, and Marketing, Sales, and Service, to ensure that the selection and deployment of the CXM meets the needs of the broader organization and provides the greatest return on investment.
  • Document your project drivers and rationale, purpose statement, project objectives, and business metrics in Info-Tech’s CXM Strategy Project Charter Template in sections 1.0 and 2.0.
  • Info-Tech Insight

    Going forward, set up a quarterly review process to understand changing needs. It is rare that organizations never change their marketing and sales strategy. This will change the way the CXM will be utilized.

    Establish baseline metrics for customer engagement

    In order to gauge the effectiveness of CXM technology enablement, establish core metrics:

    1. Marketing Metrics: pertaining to share of voice, share of wallet, market share, lead generation, etc.
    2. Sales Metrics: pertaining to overall revenue, average deal size, number of accounts, MCV, lead warmth, etc.
    3. Customer Service Metrics: pertaining to call volumes, average time to resolution, first contact resolution, customer satisfaction, etc.
    4. IT Metrics: pertaining to end-user satisfaction with CXM applications, number of tickets, contract value, etc.
    Metric Description Current Metric Future Goal
    Market Share 25% 35%
    Share of Voice (All Channels) 40% 50%
    Average Deal Size $10,500 $12,000
    Account Volume 1,400 1,800
    Average Time to Resolution 32 min 25 min
    First Contact Resolution 15% 35%
    Web Traffic per Month (Unique Visitors) 10,000 15,000
    End-User Satisfaction 62% 85%+
    Other metric
    Other metric
    Other metric

    Understand the importance of setting project expectations with a scope statement

    Be sure to understand what is in scope for a CXM strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling ERP or BI under CXM.

    In Scope

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of CXM will be based on the scope statement.

    Scope Creep

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. CRM, MMS, SMMP, etc.), rather than granular requirements that would lead to vendor application selection (e.g. Salesforce, Marketo, Hootsuite, etc.).

    Out of Scope

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration. For example, fulfilment and logistics management is out of scope as it pertains to CXM.

    In Scope
    Strategy
    High-Level CXM Application Requirements CXM Strategic Direction Category Level Application Solutions (e.g. CRM, MMS, etc.)
    Out of Scope
    Software Selection
    Vendor Application Review Vendor Application Selection Granular Application System Requirements

    Activity: Define the scope of the CXM strategy

    1.2.3 30 minutes

    Input

    • N/A

    Output

    • Project scope and parameters
    • CXM Strategy Project Charter Template, section 3.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Sponsor
    • Project Manager
    • Business Lead

    Instructions

    1. Formulate a scope statement. Decide which people, processes, and functions the CXM strategy will address. Generally, the aim of this project is to develop strategic requirements for the CXM application portfolio – not to select individual vendors.
    2. Document your scope statement in Info-Tech’s CXM Strategy Project Charter Template in section 3.0.

    To form your scope statement, ask the following questions:

    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    Identify the right stakeholders to include on your project team

    Consider the core team functions when composing the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CXM strategy.

    Required Skills/Knowledge Suggested Project Team Members
    IT
    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • CRM Application Manager
    • Business Process Manager
    • Integration Manager
    • Application Developer
    • Data Stewards
    Business
    • Understanding of the customer
    • Departmental processes
    • Sales Manager
    • Marketing Manager
    • Customer Service Manager
    Other
    • Operations
    • Administrative
    • Change management
    • Operations Manager
    • CFO
    • Change Management Manager

    Info-Tech Insight

    Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as marketing, sales, service, and finance, as well as IT.

    Activity: Create the project team

    1.2.4 45 minutes

    Input

    • Scope Statement (output of Activity 1.2.3).

    Output

    • Project Team
    • CXM Strategy Project Charter Template, section 4.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Review your scope statement. Have a discussion to generate a complete list of key stakeholders that are needed to achieve the scope of work.
    2. Using the previously generated list, identify a candidate for each role and determine their responsibilities and expected time commitment for the CXM strategy project.
    3. Document the project team in Info-Tech’s CXM Strategy Project Charter Template in section 4.0.

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core CXM strategy team members, and then structure a RACI chart with the relevant categories and roles for the overall project.

    Responsible - Conducts work to achieve the task

    Accountable - Answerable for completeness of task

    Consulted - Provides input for the task

    Informed - Receives updates on the task

    Info-Tech Insight

    Avoid missed tasks between inter-functional communications by defining roles and responsibilities for the project as early as possible.

    Benefits of Assigning RACI Early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring that stakeholders are kept informed of project progress, risks, and successes.

    Activity: Build a RACI chart

    1.2.5 30 minutes

    Input

    • Project Team (output of Activity 1.2.4)

    Output

    • RACI chart
    • CXM Strategy Project Charter Template, section 4.2

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Identify the key stakeholder teams that should be involved in the CXM strategy project. You should have a cross-functional team that encompasses both IT (various units) and the business.
    2. Determine whether each stakeholder should be responsible, accountable, consulted, and/or informed with respect to each overarching project step.
    3. Confirm and communicate the results to relevant stakeholders and obtain their approval.
    4. Document the RACI chart in Info-Tech’s CXM Strategy Project Charter Template in section 4.2.
    Example: RACI Chart Project Sponsor (e.g. CMO) Project Manager (e.g. Applications Manager) Business Lead (e.g. Marketing Director) Steering Committee (e.g. PM, CMO, CFO…) Project Team (e.g. PM, BL, SMEs…)
    Assess Project Value I C A R C
    Conduct a Current State Assessment I I A C R
    Design Application Portfolio I C A R I
    Create CXM Roadmap R R A I I
    ... ... ... ... ... ...

    Activity: Develop a timeline in order to specify concrete project milestones

    1.2.6 30 minutes

    Input

    • N/A

    Output

    • Project timeline
    • CXM Strategy Project Charter Template, section 5.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead

    Instructions

    1. Assign responsibilities, accountabilities, and other project involvement to each project team role using a RACI chart. Remember to consider dependencies when creating the schedule and identifying appropriate subtasks.
    2. Document the timeline in Info-Tech’s CXM Strategy Project Charter Template in section 5.0.
    Key Activities Start Date End Date Target Status Resource(s)
    Structure the Project and Build the Project Team
    Articulate Business Objectives and Define Vision for Future State
    Document Current State and Assess Gaps
    Identify CXM Technology Solutions
    Build the Strategy for CXM
    Implement the Strategy

    Assess project-associated risk by understanding common barriers and enablers

    Common Internal Risk Factors

    Management Support Change Management IT Readiness
    Definition The degree of understanding and acceptance of CXM as a concept and necessary portfolio of technologies. The degree to which employees are ready to accept change and the organization is ready to manage it. The degree to which the organization is equipped with IT resources to handle new systems and processes.
    Assessment Outcomes
    • Is CXM enablement recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is there an organizational awareness of the importance of customer experience?
    • Who are the owners of process and content?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    • What are the important integration points throughout the business?
    Risk
    • Low management buy-in
    • Lack of funding
    • Lack of resources
    • Low employee motivation
    • Lack of ownership
    • Low user adoption
    • Poor implementation
    • Reliance on consultants

    Activity: Identify the risks and create mitigation strategies

    1.2.7 45 minutes

    Input

    • N/A

    Output

    • Risk mitigation strategy
    • CXM Strategy Project Charter Template, section 6.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead
    • Project Team

    Instructions

    1. Brainstorm a list of possible risks that may impede the progress of your CXM project.
    2. Classify risks as strategy based (related to planning) or systems based (related to technology).
    3. Brainstorm mitigation strategies to overcome each risk.
    4. On a scale of 1 to 3, determine the impact of each risk on project success and the likelihood of each risk occurring.
    5. Document your findings in Info-Tech’s CXM Strategy Project Charter Template in section 6.0.

    Likelihood:

    1 - High/Needs Focus

    2 - Can Be Mitigated

    3 - Unlikely

    Impact

    1 - High Impact

    2 - Moderate Impact

    3 - Minimal Impact

    Example: Risk Register and Mitigation Tactics

    Risk Impact Likelihood Mitigation Effort
    Cost of time and implementation: designing a robust portfolio of CXM applications can be a time consuming task, representing a heavy investment for the organization 1 1
    • Have a clear strategic plan and a defined time frame
    • Know your end-user requirements
    • Put together an effective and diverse strategy project team
    Availability of resources: lack of in-house resources (e.g. infrastructure, CXM application developers) may result in the need to insource or outsource resources 1 2
    • Prepare a plan to insource talent by hiring or transferring talent from other departments – e.g. marketing and customer service

    Activity: Complete the project charter and obtain approval

    1.2.8 45 minutes

    Input

    • N/A

    Output

    • Project approval
    • CXM Strategy Project Charter Template, section 8.0

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Manager
    • Business Lead
    • Project Team

    Instructions

    Before beginning to develop the CXM strategy, validate the project charter and metrics with senior sponsors or stakeholders and receive their approval to proceed.

    1. Schedule a 30-60 minute meeting with senior stakeholders and conduct a live review of your CXM strategy project charter.
    2. Obtain stakeholder approval to ensure there are no miscommunications or misunderstandings around the scope of the work that needs to be done to reach a successful project outcome. Final sign-off should only take place when mutual consensus has been reached.
      • Obtaining approval should be an iterative process; if senior management has concerns over certain aspects of the plan, revise and review again.

    Info-Tech Insight

    In most circumstances, you should have your CXM strategy project charter validated with the following stakeholders:

    • Chief Information Officer
    • IT Applications Director
    • CFO or Comptroller (for budget approval)
    • Chief Marketing Office or Head of Marketing
    • Chief Revenue Officer or VP of Sales
    • VP Customer Service

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.2 Define project purpose, objectives, and business metrics

    Through an in-depth discussion, an analyst will help you prioritize corporate objectives and organizational drivers to establish a distinct project purpose.

    1.2.3 Define the scope of the CXM strategy

    An analyst will facilitate a discussion to address critical questions to understand your distinct business needs. These questions include: What are the major coverage points? Who will be using the system?

    1.2.4; 1.2.5; 1.2.6 Create the CXM project team, build a RACI chart, and establish a timeline

    Our analysts will guide you through how to create a designated project team to ensure the success of your CXM strategy and suite selection initiative, including project milestones and team composition, as well as designated duties and responsibilities.

    Phase 2

    Create a Strategic Framework for CXM Technology Enablement

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 2 outline: Steps 2.1 and 2.2

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Create a Strategic Framework for CXM Technology Enablement

    Proposed Time to Completion: 4 weeks

    Step 2.1: Scan the External Environment

    Start with an analyst kick-off call:

    • Discuss external drivers
    • Assess competitive environment
    • Review persona development
    • Review scenarios

    Then complete these activities…

    • Build the CXM operating model
    • Conduct a competitive analysis
    • Conduct a PEST analysis
    • Build personas and scenarios

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Step 2.2: Assess the Current State for CRM

    Review findings with analyst:

    • Review SWOT analysis
    • Review VRIO analysis
    • Discuss strategic requirements for CXM

    Then complete these activities…

    • Conduct a SWOT analysis
    • Conduct a VRIO analysis
    • Inventory existing applications

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Phase 2 outline: Steps 2.3 and 2.4

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Create a Strategic Framework for CXM Technology Enablement

    Proposed Time to Completion: 4 weeks

    Step 2.3: Create an Application Portfolio

    Start with an analyst kick-off call:

    • Discuss possible business process maps
    • Discuss strategic requirements
    • Review application portfolio results

    Then complete these activities…

    • Build business maps
    • Execute application mapping

    With these tools & templates:

    CXM Portfolio Designer

    CXM Strategy Stakeholder Presentation Template

    CXM Business Process Shortlisting Tool

    Step 2.4: Develop Deployment Best Practices

    Review findings with analyst:

    • Review possible integration maps
    • Discuss best practices for end-user adoption
    • Discuss best practices for customer data quality

    Then complete these activities…

    • Create CXM integration ecosystem
    • Develop adoption game plan
    • Create data quality standards

    With these tools & templates:

    CXM Strategy Stakeholder Presentation Template

    Phase 2 Results & Insights:

    • Application portfolio for CXM
    • Deployment best practices for areas such as integration, data quality, and end-user adoption

    Step 2.1: Scan the External Environment

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Inventory CXM drivers and organizational objectives
    • Identify CXM challenges and pain points
    • Discuss opportunities and benefits
    • Align corporate and CXM strategies
    • Conduct a competitive analysis
    • Conduct a PEST analysis and extract strategic requirements
    • Build customer personas and extract strategic requirements

    Outcomes:

    • CXM operating model
      • Organizational drivers
      • Environmental factors
      • Barriers
      • Enablers
    • PEST analysis
    • External customer personas
    • Customer journey scenarios
    • Strategic requirements for CXM

    Develop a CXM technology operating model that takes stock of needs, drivers, barriers, and enablers

    Establish the drivers, enablers, and barriers to developing a CXM technology enablement strategy. In doing so, consider needs, environmental factors, organizational drivers, and technology drivers as inputs.

    CXM Strategy

    • Barriers
      • Lack of Resources
      • Cultural Mindset
      • Resistance to Change
      • Poor End-User Adoption
    • Enablers
      • Senior Management Support
      • Customer Data Quality
      • Current Technology Portfolio
    • Business Needs (What are your business drivers? What are current marketing, sales, and customer service pains?)
      • Acquisition Pipeline Management
      • Live Chat for Support
      • Social Media Analytics
      • Etc.
    • Organizational Goals
      • Increase Profitability
      • Enhance Customer Experience Consistency
      • Reduce Time-to-Resolution
      • Increase First Contact Resolution
      • Boost Share of Voice
    • Environmental Factors (What factors that affect your strategy are out of your control?)
      • Customer Buying Habits
      • Changing Technology Trends
      • Competitive Landscape
      • Regulatory Requirements
    • Technology Drivers (Why do you need a new system? What is the purpose for becoming an integrated organization?)
      • System Integration
      • Reporting Capabilities
      • Deployment Model

    Understand your needs, drivers, and organizational objectives for creating a CXM strategy

    Business Needs Organizational Drivers Technology Drivers Environmental Factors
    Definition A business need is a requirement associated with a particular business process (for example, Marketing needs customer insights from the website – the business need would therefore be web analytics capabilities). Organizational drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance. Technology drivers are technological changes that have created the need for a new CXM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business.
    Examples
    • Web analytics
    • Live chat capabilities
    • Mobile self-service
    • Social media listening
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic factors
    • Customer preferences
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    A common organizational driver is to provide adequate technology enablement across multiple channels, resulting in a consistent customer experience. This driver is a result of external considerations. Many industries today are highly competitive and rapidly changing. To succeed under these pressures, you must have a rationalized portfolio of enterprise applications for customer interaction.

    Activity: Inventory and discuss CXM drivers and organizational objectives

    2.1.1 30 minutes

    Input

    • Business needs
    • Exercise 1.1.3
    • Exercise 1.1.4
    • Environmental factors

    Output

    • CXM operating model inputs
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm the business needs, organizational drivers, technology drivers, and environmental factors that will inform the CXM strategy. Draw from exercises 1.1.3-1.1.5.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is a graphic, with a rectangle split into three sections in the centre. The three sections are: Barriers; CXM Strategy; Enablers. Around the centre are 4 more rectangles, labelled: Business Needs; Organizational Drivers; Technology Drivers; Environmental Factors. The outer rectangles are a slightly darker shade of grey than the others, highlighting them.

    Understand challenges and barriers to creating and executing the CXM technology-enablement strategy

    Take stock of internal challenges and barriers to effective CXM strategy execution.

    Example: Internal Challenges & Potential Barriers

    Understanding the Customer Change Management IT Readiness
    Definition The degree to which a holistic understanding of the customer can be created, including customer demographic and psychographics. The degree to which employees are ready to accept operational and cultural changes and the degree to which the organization is ready to manage it. The degree to which IT is ready to support new technologies and processes associated with a portfolio of CXM applications.
    Questions to Ask
    • As an organization, do we have a true understanding of our customers?
    • How might we achieve a complete understanding of the customer throughout different phases of the customer lifecycle?
    • Are employees resistant to change?
    • Are there enough resources to drive an CXM strategy?
    • To what degree is the existing organizational culture customer-centric?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Implications
    • Uninformed creation of CXM strategic requirements
    • Inadequate understanding of customer needs and wants
    • User acceptance
    • Lack of ownership
    • Lack of accountability
    • Lack of sustainability
    • Poor implementation
    • Reliance on expensive external consultants
    • Lack of sustainability

    Activity: Identify CXM challenges and pain points

    2.1.2 30 minutes

    Input

    • Challenges
    • Pain points

    Output

    • CXM operating model barriers
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm the challenges and pain points that may act as barriers to the successful planning and execution of a CXM strategy.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is the same graphic from a previous section. In this instance, the Barriers sections is highlighted.

    Identify opportunities that can enable CXM strategy execution

    Existing internal conditions, capabilities, and resources can create opportunities to enable the CXM strategy. These opportunities are critical to overcoming challenges and barriers.

    Example: Opportunities to Leverage for Strategy Enablement

    Management Buy-In Customer Data Quality Current Technology Portfolio
    Definition The degree to which upper management understands and is willing to enable a CXM project, complete with sponsorship, funding, and resource allocation. The degree to which customer data is accurate, consistent, complete, and reliable. Strong customer data quality is an opportunity – poor data quality is a barrier. The degree to which the existing portfolio of CXM-supporting enterprise applications can be leveraged to enable the CXM strategy.
    Questions to Ask
    • Is management informed of changing technology trends and the subsequent need for CXM?
    • Are adequate funding and resourcing available to support a CXM project, from strategy creation to implementation?
    • Are there any data quality issues?
    • Is there one source of truth for customer data?
    • Are there duplicate or incomplete sets of data?
    • Does a strong CRM backbone exist?
    • What marketing, sales, and customer service applications exist?
    • Are CXM-enabling applications rated highly on usage and performance?
    Implications
    • Need for CXM clearly demonstrated
    • Financial and logistical feasibility
    • Consolidated data quality governance initiatives
    • Informed decision making
    • Foundation for CXM technology enablement largely in place
    • Reduced investment of time and money needed

    Activity: Discuss opportunities and benefits

    2.1.3 30 minutes

    Input

    • Opportunities
    • Benefits

    Output

    • Completed CXM operating model
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm opportunities that should be leveraged or benefits that should be realized to enable the successful planning and execution of a CXM strategy.
    2. Document your findings in the CXM operating model template. This can be found in the CXM Strategy Stakeholder Presentation Template.

    The image is the same graphic from earlier sections, this time with the Enablers section highlighted.

    Ensure that you align your CXM technology strategy to the broader corporate strategy

    A successful CXM strategy requires a comprehensive understanding of an organization’s overall corporate strategy and its effects on the interrelated departments of marketing, sales, and service, including subsequent technology implications. For example, a CXM strategy that emphasizes tools for omnichannel management and is at odds with a corporate strategy that focuses on only one or two channels will fail.

    Corporate Strategy

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.

    CXM Strategy

    • Communicates the company’s budget and spending on CXM applications and initiatives.
    • Identifies IT initiatives that will support the business and key CXM objectives, specific to marketing, sales, and service.
    • Outlines staffing and resourcing for CXM initiatives.

    Unified Strategy

    • The CXM implementation can be linked, with metrics, to the corporate strategy and ultimate business objectives.

    Info-Tech Insight

    Your organization’s corporate strategy is especially important in dictating the direction of the CXM strategy. Corporate strategies are often focused on customer-facing activity and will heavily influence the direction of marketing, sales, customer service, and consequentially, CXM. Corporate strategies will often dictate market targeting, sales tactics, service models, and more.

    Review sample organizational objectives to decipher how CXM technologies can support such objectives

    Identifying organizational objectives of high priority will assist in breaking down CXM objectives to better align with the overall corporate strategy and achieve buy-in from key stakeholders.

    Corporate Objectives Aligned CXM Technology Objectives
    Increase Revenue Enable lead scoring Deploy sales collateral management tools Improve average cost per lead via a marketing automation tool
    Enhance Market Share Enhance targeting effectiveness with a CRM Increase social media presence via an SMMP Architect customer intelligence analysis
    Improve Customer Satisfaction Reduce time-to-resolution via better routing Increase accessibility to customer service with live chat Improve first contact resolution with customer KB
    Increase Customer Retention Use a loyalty management application Improve channel options for existing customers Use customer analytics to drive targeted offers
    Create Customer-Centric Culture Ensure strong training and user adoption programs Use CRM to provide 360-degree view of all customer interaction Incorporate the voice of the customer into product development

    Activity: Review your corporate strategy and validate its alignment with the CXM operating model

    2.1.4 30 minutes

    Input

    • Corporate strategy
    • CXM operating model (completed in Activity 2.1.3)

    Output

    • Strategic alignment between the business and CXM strategies

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Brainstorm and create a list of organizational objectives at the corporate strategy level.
    2. Break down each organizational objective to identify how CXM may support it.
    3. Validate CXM goals and organizational objectives with your CXM operating model. Be sure to address the validity of each with the business needs, organizational drivers, technology drivers, and environmental factors identified as inputs to the operating model.

    Amazon leverages customer data to drive decision making around targeted offers and customer experience

    CASE STUDY

    Industry E-Commerce

    Source Pardot, 2012

    Situation

    Amazon.com, Inc. is an American electronic commerce and cloud computing company. It is the largest e-commerce retailer in the US.

    Amazon originated as an online book store, later diversifying to sell various forms of media, software, games, electronics, apparel, furniture, food, toys, and more.

    By taking a data-driven approach to marketing and sales, Amazon was able to understand its customers’ needs and wants, penetrate different product markets, and create a consistently personalized online-shopping customer experience that keeps customers coming back.

    Technology Strategy

    Use Browsing Data Effectively

    Amazon leverages marketing automation suites to view recent activities of prospects on its website. In doing so, a more complete view of the customer is achieved, including insights into purchasing interests and site navigation behaviors.

    Optimize Based on Interactions

    Using customer intelligence, Amazon surveys and studies standard engagement metrics like open rate, click-through rate, and unsubscribes to ensure the optimal degree of marketing is being targeted to existing and prospective customers, depending on level of engagement.

    Results

    Insights gained from having a complete understanding of the customer (from basic demographic characteristics provided in customer account profiles to observed psychographic behaviors captured by customer intelligence applications) are used to personalize Amazon’s sales and marketing approaches. This is represented through targeted suggestions in the “recommended for you” section of the browsing experience and tailored email marketing.

    It is this capability, partnered with the technological ability to observe and measure customer engagement, that allows Amazon to create individual customer experiences.

    Scan the external environment to understand your customers, competitors, and macroenvironmental trends

    Do not develop your CXM technology strategy in isolation. Work with Marketing to understand your STP strategy (segmentation, targeting, positioning): this will inform persona development and technology requirements downstream.

    Market Segmentation

    • Segment target market by demographic, geographic, psychographic, and behavioral characteristics
    • What does the competitive market look like?
    • Who are the key customer segments?
    • What segments are you going to target?

    Market Targeting

    • Evaluate potential and commercial attractiveness of each segment, considering the dynamics of the competition
    • How do you target your customers?
    • How should you target them in the future?
    • How do your products/services differ from the competition?

    Product Positioning

    • Develop detailed product positioning and marketing mixes for selected segments
    • What is the value of the product/service to each segment of the market?
    • How are you positioning your product/service in the market?

    Info-Tech Insight

    It is at this point that you should consider the need for and viability of an omnichannel approach to CXM. Through which channels do you target your customers? Are your customers present and active on a wide variety of channels? Consider how you can position your products, services, and brand through the use of omnichannel methodologies.

    Activity: Conduct a competitive analysis to understand where your market is going

    2.1.5 1 hour

    Input

    • Scan of competitive market
    • Existing customer STP strategy

    Output

    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team
    • Marketing SME

    Instructions

    1. Scan the market for direct and indirect competitors.
    2. Evaluate current and/or future segmentation, targeting, and positioning strategies by answering the following questions:
    • What does the competitive market look like?
    • Who are the key customer segments?
    • What segments are you going to target?
    • How do you target your customers?
    • How should you target them in the future?
    • How do your products/services differ from the competition?
    • What is the value of the product/service to each segment of the market?
    • How are you positioning your product/service in the market?
    • Other helpful questions include:
      • How formally do you target customers? (e.g. through direct contact vs. through passive brand marketing)
      • Does your organization use the shotgun or rifle approach to marketing?
        • Shotgun marketing: targets a broad segment of people, indirectly
        • Rifle marketing: targets smaller and more niche market segments using customer intelligence
  • For each point, identify CXM requirements.
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Activity: Conduct a competitive analysis (cont’d)

    2.1.5 30 minutes

    Input

    • Scan of competitive market

    Output

    • Competitive analysis
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team
    • Marketing SME (e.g. Market Research Stakeholders)

    Instructions

    1. List recent marketing technology and customer experience-related initiatives that your closest competitors have implemented.
    2. For each identified initiative, elaborate on what the competitive implications are for your organization.
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Competitive Implications

    Competitor Organization Recent Initiative Associated Technology Direction of Impact Competitive Implication
    Organization X Multichannel E-Commerce Integration WEM – hybrid integration Positive
    • Up-to-date e-commerce capabilities
    • Automatic product updates via PCM
    Organization Y Web Social Analytics WEM Positive
    • Real-time analytics and customer insights
    • Allows for more targeted content toward the visitor or customer

    Conduct a PEST analysis to determine salient political, economic, social, and technological impacts for CXM

    A PEST analysis is a structured planning method that identifies external environmental factors that could influence the corporate and IT strategy.

    Political - Examine political factors, such as relevant data protection laws and government regulations.

    Economic - Examine economic factors, such as funding, cost of web access, and labor shortages for maintaining the site(s).

    Technological - Examine technological factors, such as new channels, networks, software and software frameworks, database technologies, wireless capabilities, and availability of software as a service.

    Social - Examine social factors, such as gender, race, age, income, and religion.

    Info-Tech Insight

    When looking at opportunities and threats, PEST analysis can help to ensure that you do not overlook external factors, such as technological changes in your industry. When conducting your PEST analysis specifically for CXM, pay particular attention to the rapid rate of change in the technology bucket. New channels and applications are constantly emerging and evolving, and seeing differential adoption by potential customers.

    Activity: Conduct and review the PEST analysis

    2.1.6 30 minutes

    Input

    • Political, economic, social, and technological factors related to CXM

    Output

    • Completed PEST analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Identify your current strengths and weaknesses in managing the customer experience.
    2. Identify any opportunities to take advantage of and threats to mitigate.

    Example: PEST Analysis

    Political

    • Data privacy for PII
    • ADA legislation for accessible design

    Economic

    • Spending via online increasing
    • Focus on share of wallet

    Technological

    • Rise in mobile
    • Geo-location based services
    • Internet of Things
    • Omnichannel

    Social

    • Increased spending power by millennials
    • Changing channel preferences
    • Self-service models

    Activity: Translate your PEST analysis into a list of strategic CXM technology requirements to be addressed

    2.1.7 30 minutes

    Input

    • PEST Analysis conducted in Activity 2.1.6.

    Output

    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    For each PEST quadrant:

    1. Document the point and relate it to a goal.
    2. For each point, identify CXM requirements.
    3. Sort goals and requirements to eliminate duplicates.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Parsing Requirements from PEST Analysis

    Technological Trend: There has been a sharp increase in popularity of mobile self-service models for buying habits and customer service access.

    Goal: Streamline mobile application to be compatible with all mobile devices. Create consistent branding across all service delivery applications (e.g. website, etc.).

    Strategic Requirement: Develop a native mobile application while also ensuring that resources through our web presence are built with responsive design interface.

    IT must fully understand the voice of the customer: work with Marketing to develop customer personas

    Creating a customer-centric CXM technology strategy requires archetypal customer personas. Creating customer personas will enable you to talk concretely about them as consumers of your customer experience and allow you to build buyer scenarios around them.

    A persona (or archetypal user) is an invented person that represents a type of user in a particular use-case scenario. In this case, personas can be based on real customers.

    Components of a persona Example – Organization: Grocery Store
    Name Name personas to reflect a key attribute such as the persona’s primary role or motivation Brand Loyal Linda: A stay-at-home mother dedicated to maintaining and caring for a household of 5 people
    Demographic Include basic descriptors of the persona (e.g. age, geographic location, preferred language, education, job, employer, household income, etc.) Age: 42 years old Geographic location: London Suburbia Language: English Education: Post-secondary Job: Stay-at-home mother Annual Household Income: $100,000+
    Wants, needs, pain points Identify surface-level motivations for buying habits

    Wants: Local products Needs: Health products; child-safe products

    Pain points: Fragmented shopping experience

    Psychographic/behavioral traits Observe persona traits that are representative of the customers’ behaviors (e.g. attitudes, buying patterns, etc.)

    Psychographic: Detail-oriented, creature of habit

    Behavioral: Shops at large grocery store twice a week, visits farmers market on Saturdays, buys organic products online

    Activity: Build personas for your customers

    2.1.8 2 hours

    Input

    • Customer demographics and psychographics

    Output

    • List of prioritized customer personas
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    Project Team

    Instructions

    1. In 2-4 groups, list all the customer personas that need to be built. In doing so, consider the people who interact with your organization most often.
    2. Build a demographic profile for each customer persona. Include information such as age, geographic location, occupation, annual income, etc.
    3. Augment the persona with a psychographic profile of each customer. Consider the goals and objectives of each customer persona and how these might inform buyer behaviors.
    4. Introduce your group’s personas to the entire group, in a round-robin fashion, as if you are introducing your persona at a party.
    5. Summarize the personas in a persona map. Rank your personas according to importance and remove any duplicates.

    Info-Tech Insight

    For CXM, persona building is typically used for understanding the external customer; however, if you need to gain a better understanding of the organization’s internal customers (those who will be interacting with CXM applications), personas can also be built for this purpose. Examples of useful internal personas are sales managers, brand managers, customer service directors, etc.

    Sample Persona Templates

    Fred, 40

    The Family Man

    Post-secondary educated, white-collar professional, three children

    Goals & Objectives

    • Maintain a stable secure lifestyle
    • Progress his career
    • Obtain a good future for his children

    Behaviors

    • Manages household and finances
    • Stays actively involved in children’s activities and education
    • Seeks potential career development
    • Uses a cellphone and email frequently
    • Sometimes follows friends Facebook pages

    Services of Interest

    • SFA, career counselling, job boards, day care, SHHS
    • Access to information via in-person, phone, online

    Traits

    General Literacy - High

    Digital Literacy - Mid-High

    Detail-Oriented - High

    Willing to Try New Things - Mid-High

    Motivated and Persistent - Mid-High

    Time Flexible - Mid-High

    Familiar With [Red.] - Mid

    Access to [Red.] Offices - High

    Access to Internet - High

    Ashley, 35

    The Tourist

    Single, college educated, planning vacation in [redacted], interested in [redacted] job opportunities

    Goals & Objectives

    • Relax after finishing a stressful job
    • Have adventures and try new things
    • Find a new job somewhere in Canada

    Behaviors

    • Collects information about things to do in [redacted]
    • Collects information about life in [redacted]
    • Investigates and follows up on potential job opportunities
    • Uses multiple social media to keep in touch with friends
    • Shops online frequently

    Services of Interest

    • SFA, job search, road conditions, ferry schedules, hospital, police station, DL requirements, vehicle rental
    • Access to information via in-person, phone, website, SMS, email, social media

    Traits

    General Literacy - Mid

    Digital Literacy - High

    Detail-Oriented - Mid

    Willing to Try New Things - High

    Motivated and Persistent - Mid

    Time Flexible - Mid-High

    Familiar With [Red.] - Low

    Access to [Red.] Offices - Low

    Access to Internet - High

    Bill, 25

    The Single Parent

    15-year resident of [redacted], high school education, waiter, recently divorced, two children

    Goals & Objectives

    • Improve his career options so he can support his family
    • Find an affordable place to live
    • Be a good parent
    • Work through remaining divorce issues

    Behaviors

    • Tries to get training or experience to improve his career
    • Stays actively involved in his children’s activities
    • Looks for resources and supports to resolve divorce issues
    • Has a cellphone and uses the internet occasionally

    Services of Interest

    • Child care, housing authority, legal aid, parenting resources
    • Access to information via in person, word-of mouth, online, phone, email

    Traits

    General Literacy - Mid

    Digital Literacy - Mid-Low

    Detail-Oriented - Mid-Low

    Willing to Try New Things - Mid

    Motivated and Persistent - High

    Time Flexible - Mid

    Familiar With [Red.] - Mid-High

    Access to [Red.] Offices - High

    Access to Internet - High

    Marie, 19

    The Regional Youth

    Single, [redacted] resident, high school graduate

    Goals & Objectives

    • Get a good job
    • Maintain ties to family and community

    Behaviors

    • Looking for work
    • Gathering information about long-term career choices
    • Trying to get the training or experience that can help her develop a career
    • Staying with her parents until she can get established
    • Has a new cellphone and is learning how to use it
    • Plays videogames and uses the internet at least weekly

    Services of Interest

    • Job search, career counselling
    • Access to information via in-person, online, phone, email, web applications

    Traits

    General Literacy - Mid

    Digital Literacy - Mid

    Detail-Oriented - Mid-Low

    Willing to Try New Things - Mid-High

    Motivated and Persistent - Mid-Low

    Time Flexible - High

    Familiar With [Red.] - Mid-Low

    Access to [Red.] Offices - Mid-Low

    Access to Internet - Mid

    Build key scenarios for each persona to extract strategic requirements for your CXM application portfolio

    A scenario is a story or narrative that helps explore the set of interactions that a customer has with an organization. Scenario mapping will help parse requirements used to design the CXM application portfolio.

    A Good Scenario…

    • Describes specific task(s) that need to be accomplished
    • Describes user goals and motivations
    • Describes interactions with a compelling but not overwhelming amount of detail
    • Can be rough, as long as it provokes ideas and discussion

    Scenarios Are Used To…

    • Provide a shared understanding about what a user might want to do, and how they might want to do it
    • Help construct the sequence of events that are necessary to address in your user interface(s)

    To Create Good Scenarios…

    • Keep scenarios high level, not granular in nature
    • Identify as many scenarios as possible. If you’re time constrained, try to develop 2-3 key scenarios per persona
    • Sketch each scenario out so that stakeholders understand the goal of the scenario

    Activity: Build scenarios for each persona and extract strategic requirements for the CXM strategy

    2.1.9 1.5 hours

    Input

    • Customer personas (output of Activity 2.1.5)

    Output

    • CX scenario maps
    • Strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. For each customer persona created in Activity 2.1.5, build a scenario. Choose and differentiate scenarios based on the customer goal of each scenario (e.g. make online purchase, seek customer support, etc.).
    2. Think through the narrative of how a customer interacts with your organization, at all points throughout the scenario. List each step in the interaction in a sequential order to form a scenario journey.
    3. Examine each step in the scenario and brainstorm strategic requirements that will be needed to support the customer’s use of technology throughout the scenario.
    4. Repeat steps 1-3 for each persona. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Scenario Map

    Persona Name: Brand Loyal Linda

    Scenario Goal: File a complaint about in-store customer service

    Look up “[Store Name] customer service” on public web. →Reach customer support landing page. →Receive proactive notification prompt for online chat with CSR. →Initiate conversation: provide order #. →CSR receives order context and information. →Customer articulates problem, CSR consults knowledgebase. →Discount on next purchase offered. →Send email with discount code to Brand Loyal Linda.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1; 2.1.2; 2.1.3; 2.1.4 - Create a CXM operating model

    An analyst will facilitate a discussion to identify what impacts your CXM strategy and how to align it to your corporate strategy. The discussion will take different perspectives into consideration and look at organizational drivers, external environmental factors, as well as internal barriers and enablers.

    2.1.5 Conduct a competitive analysis

    Calling on their depth of expertise in working with a broad spectrum of organizations, our facilitator will help you work through a structured, systematic evaluation of competitors’ actions when it comes to CXM.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.1.6; 2.1.7 - Conduct a PEST analysis

    The facilitator will use guided conversation to target each quadrant of the PEST analysis and help your organization fully enumerate political, economic, social, and technological trends that will influence your CXM strategy. Our analysts are deeply familiar with macroenvironmental trends and can provide expert advice in identifying areas of concern in the PEST and drawing strategic requirements as implications.

    2.1.8; 2.1.9 - Build customer personas and subsequent persona scenarios

    Drawing on the preceding exercises as inputs, the facilitator will help the team create and refine personas, create respective customer interaction scenarios, and parse strategic requirements to support your technology portfolio for CXM.

    Step 2.2: Assess the Current State of CXM

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Conduct a SWOT analysis and extract strategic requirements
    • Inventory existing CXM applications and assess end-user usage and satisfaction
    • Conduct a VRIO analysis and extract strategic requirements

    Outcomes:

    • SWOT analysis
    • VRIO analysis
    • Current state application portfolio
    • Strategic requirements

    Conduct a SWOT analysis to prepare for creating your CXM strategy

    A SWOT analysis is a structured planning method that evaluates the strengths, weaknesses, opportunities, and threats involved in a project.

    Strengths - Strengths describe the positive attributes that are within your control and internal to your organization (i.e. what do you do better than anyone else?)

    Weaknesses - Weaknesses are internal aspects of your business that place you at a competitive disadvantage; think of what you need to enhance to compete with your top competitor.

    Opportunities - Opportunities are external factors the project can capitalize on. Think of them as factors that represent reasons your business is likely to prosper.

    Threats - Threats are external factors that could jeopardize the project. While you may not have control over these, you will benefit from having contingency plans to address them if they occur.

    Info-Tech Insight

    When evaluating weaknesses of your current CXM strategy, ensure that you’re taking into account not just existing applications and business processes, but also potential deficits in your organization’s channel strategy and go-to-market messaging.

    Activity: Conduct a SWOT analysis

    2.2.1 30 minutes

    Input

    • CXM strengths, weaknesses, opportunities, and threats

    Output

    • Completed SWOT analysis

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Identify your current strengths and weaknesses in managing the customer experience. Consider marketing, sales, and customer service aspects of the CX.
    2. Identify any opportunities to take advantage of and threats to mitigate.

    Example: SWOT Analysis

    Strengths

    • Strong customer service model via telephony

    Weaknesses

    • Customer service inaccessible in real-time through website or mobile application

    Opportunities

    • Leverage customer intelligence to measure ongoing customer satisfaction

    Threats

    • Lack of understanding of customer interaction platforms by staff could hinder adoption

    Activity: Translate your SWOT analysis into a list of requirements to be addressed

    2.2.2 30 minutes

    Input

    • SWOT Analysis conducted in Activity 2.2.1.

    Output

    • Strategic CXM requirements
    • CXM Stakeholder Presentation Template

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    For each SWOT quadrant:

    1. Document the point and relate it to a goal.
    2. For each point, identify CXM requirements.
    3. Sort goals and requirements to eliminate duplicates.
    4. Document your outputs in the CXM Stakeholder Presentation Template.

    Example: Parsing Requirements from SWOT Analysis

    Weakness: Customer service inaccessible in real-time through website or mobile application.

    Goal: Increase the ubiquity of access to customer service knowledgebase and agents through a web portal or mobile application.

    Strategic Requirement: Provide a live chat portal that matches the customer with the next available and qualified agent.

    Inventory your current CXM application portfolio

    Applications are the bedrock of technology enablement for CXM. Review your current application portfolio to identify what is working well and what isn’t.

    Understand Your CXM Application Portfolio With a Four-Step Approach

    Build the CXM Application Inventory →Assess Usage and Satisfaction →Map to Business Processes and Determine Dependencies →Determine Grow/Maintain/ Retire for Each Application

    When assessing the CXM applications portfolio, do not cast your net too narrowly; while CRM and MMS applications are often top of mind, applications for digital asset management and social media management are also instrumental for ensuring a well-integrated CX.

    Identify dependencies (either technical or licensing) between applications. This dependency tracing will come into play when deciding which applications should be grown (invested in), which applications should be maintained (held static), and which applications should be retired (divested).

    Info-Tech Insight

    Shadow IT is prominent here! When building your application inventory, ensure you involve Marketing, Sales, and Service to identify any “unofficial” SaaS applications that are being used for CXM. Many organizations fail to take a systematic view of their CXM application portfolio beyond maintaining a rough inventory. To assess the current state of alignment, you must build the application inventory and assess satisfaction metrics.

    Understand which of your organization’s existing enterprise applications enable CXM

    Review the major enterprise applications in your organization that enable CXM and align your requirements to these applications (net-new or existing). Identify points of integration to capture the big picture.

    The image shows a graphic titled Example: Integration of CRM, SMMP, and ERP. It is a flow chart, with icons defined by a legend on the right side of the image

    Info-Tech Insight

    When assessing the current application portfolio that supports CXM, the tendency will be to focus on the applications under the CXM umbrella, relating mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, CRM or similar applications. Examples of these systems are ERP systems, ECM (e.g. SharePoint) applications, and more.

    Assess CXM application usage and satisfaction

    Having a portfolio but no contextual data will not give you a full understanding of the current state. The next step is to thoroughly assess usage patterns as well as IT, management, and end-user satisfaction with each application.

    Example: Application Usage & Satisfaction Assessment

    Application Name Level of Usage IT Satisfaction Management Satisfaction End-User Satisfaction Potential Business Impact
    CRM (e.g. Salesforce) Medium High Medium Medium High
    CRM (e.g. Salesforce) Low Medium Medium High Medium
    ... ... ... ... ... ...

    Info-Tech Insight

    When evaluating satisfaction with any application, be sure to consult all stakeholders who come into contact with the application or depend on its output. Consider criteria such as ease of use, completeness of information, operational efficiency, data accuracy, etc.

    Use Info-Tech’s Application Portfolio Assessment to gather end-user feedback on existing CXM applications

    2.2.3 Application Portfolio Assessment: End-User Feedback

    Info-Tech’s Application Portfolio Assessment: End-User Feedback diagnostic is a low-effort, high-impact program that will give you detailed report cards on end-user satisfaction with an application. Use these insights to identify problems, develop action plans for improvement, and determine key participants.

    Application Portfolio Assessment: End-User Feedback is an 18-question survey that provides valuable insights on user satisfaction with an application by:

    • Performing a general assessment of the application portfolio that provides a full view of the effectiveness, criticality, and prevalence of all relevant applications.
    • Measuring individual application performance with open-ended user feedback surveys about the application, organized by department to simplify problem resolution.
    • Providing targeted department feedback to identify end-user satisfaction and focus improvements on the right group or line of business.

    INFO-TECH DIAGNOSTIC

    Activity: Inventory your CXM applications, and assess application usage and satisfaction

    2.2.4 1 hour

    Input

    • List of CXM applications

    Output

    • Complete inventory of CXM applications
    • CXM Stakeholder Presentation Template

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. List all existing applications that support the creation, management, and delivery of your customer experience.
    2. Identify which processes each application supports (e.g. content deployment, analytics, service delivery, etc.).
    3. Identify technical or licensing dependencies (e.g. data models).
    4. Assess the level of application usage by IT, management, and internal users (high/medium/low).
    5. Assess the satisfaction with and performance of each application according to IT, management, and internal users (high/medium/low). Use the Info-Tech Diagnostic to assist.

    Example: CXM Application Inventory

    Application Name Deployed Date Processes Supported Technical and Licensing Dependencies
    Salesforce June 2018 Customer relationship management XXX
    Hootsuite April 2019 Social media listening XXX
    ... ... ... ...

    Conduct a VRIO analysis to identify core competencies for CXM applications

    A VRIO analysis evaluates the ability of internal resources and capabilities to sustain a competitive advantage by evaluating dimensions of value, rarity, imitability, and organization. For critical applications like your CRM platform, use a VRIO analysis to determine their value.

    Is the resource or capability valuable in exploiting an opportunity or neutralizing a threat? Is the resource or capability rare in the sense that few of your competitors have a similar capability? Is the resource or capability costly to imitate or replicate? Is the organization organized enough to leverage and capture value from the resource or capability?
    NO COMPETITIVE DISADVANTAGE
    YES NO→ COMPETITIVE EQUALITY/PARITY
    YES YES NO→ TEMPORARY COMPETITIVE ADVANTAGE
    YES YES YES NO→ UNUSED COMPETITIVE ADVANTAGE
    YES YES YES YES LONG-TERM COMPETITIVE ADVANTAGE

    (Strategic Management Insight, 2013)

    Activity: Conduct a VRIO analysis on your existing application portfolio

    2.2.5 30 minutes

    Input

    • Inventory of existing CXM applications (output of Activity 2.2.4)

    Output

    • Completed VRIO analysis
    • Strategic CXM requirements
    • CXM Stakeholder Presentation Template

    Materials

    • VRIO Analysis model
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Evaluate each CXM application inventoried in Activity 2.2.4 by answering the four VRIO questions in sequential order. Do not proceed to the following question if “no” is answered at any point.
    2. Record the results. The state of your organization’s competitive advantage, based on each resource/capability, will be determined based on the number of questions with a “yes” answer. For example, if all four questions are answered positively, then your organization is considered to have a long-term competitive advantage.
    3. Document your outputs in the CXM Stakeholder Presentation Template.

    If you want additional support, have our analysts guide your through this phase as part of an Info-Tech workshop

    2.2.1; 2.2.2 Conduct a SWOT Analysis

    Our facilitator will use a small-team approach to delve deeply into each area, identifying enablers (strengths and opportunities) and challenges (weaknesses and threats) relating to the CXM strategy.

    2.2.3; 2.2.4 Inventory your CXM applications, and assess usage and satisfaction

    Working with your core team, the facilitator will assist with building a comprehensive inventory of CXM applications that are currently in use and with identifying adjacent systems that need to be identified for integration purposes. The facilitator will work to identify high and low performing applications and analyze this data with the team during the workshop exercise.

    2.2.5 Conduct a VRIO analysis

    The facilitator will take you through a VRIO analysis to identify which of your internal technological competencies ensure, or can be leveraged to ensure, your competitiveness in the CXM market.

    Step 2.3: Create an Application Portfolio

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities

    • Shortlist and prioritize business processes for improvement and reengineering
    • Map current CXM processes
    • Identify business process owners and assign job responsibilities
    • Identify user interaction channels to extract strategic requirements
    • Aggregate and develop strategic requirements
    • Determine gaps in current and future state processes
    • Build the CXM application portfolio

    Outcomes

    CXM application portfolio map

    • Shortlist of relevant business processes
    • Current state map
    • Business process ownership assignment
    • Channel map
    • Complete list of strategic requirements

    Understand business process mapping to draft strategy requirements for marketing, sales, and customer service

    The interaction between sales, marketing, and customer service is very process-centric. Rethink sales and customer-centric workflows and map the desired workflow, imbedding the improved/reengineered process into the requirements.

    Using BPM to Capture Strategic Requirements

    Business process modeling facilitates the collaboration between the business and IT, recording the sequence of events, tasks performed, who performed them, and the levels of interaction with the various supporting applications.

    By identifying the events and decision points in the process and overlaying the people that perform the functions, the data being interacted with, and the technologies that support them, organizations are better positioned to identify gaps that need to be bridged.

    Encourage the analysis by compiling an inventory of business processes that support customer-facing operations that are relevant to achieving the overall organizational strategies.

    Outcomes

    • Operational effectiveness
    • Identification, implementation, and maintenance of reusable enterprise applications
    • Identification of gaps that can be addressed by acquisition of additional applications or process improvement/ reengineering

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Create a Comprehensive BPM Strategy for Successful Process Automation blueprint for further assistance in taking a BPM approach to your sales-IT alignment.

    Leverage the APQC framework to help define your inventory of sales, marketing, and service processes

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    OPERATING PROCESSES
    1.0 Develop Vision and Strategy 2.0 Develop and Manage Products and Services 3.0 Market and Sell Products and Services 4.0 Deliver Products and Services 5.0 Manage Customer Service
    MANAGEMENT AND SUPPORT SERVICES
    6.0 Develop and Manage Human Capital
    7.0 Manage Information Technology
    8.0 Manage Financial Resources
    9.0 Acquire, Construct, and Manage Assets
    10.0 Manage Enterprise Risk, Compliance, and Resiliency
    11.0 Manage External Relationships
    12.0 Develop and Manage Business Capabilities

    (APQC, 2011)

    MORE ABOUT APQC

    • APQC serves as a high-level, industry-neutral enterprise model that allows organizations to see activities from a cross-industry process perspective.
    • Sales processes have been provided up to Level 3 of the APQC framework.
    • The APQC Framework can be accessed through APQC’s Process Classification Framework.
    • Note: The framework does not list all processes within a specific organization, nor are the processes that are listed in the framework present in every organization.

    Understand APQC’s “Market and Sell Products and Services” framework

    3.0 Market and Sell Products

    3.1 Understand markets, customers, and capabilities

    • 3.1.1 Perform customer and market intelligence analysis
    • 3.1.2 Evaluate and prioritize market opportunities

    3.2 Develop marketing strategy

    • 3.2.1 Define offering and customer value proposition
    • 3.2.2 Define pricing strategy to align to value proposition
    • 3.2.3 Define and manage channel strategy

    3.3 Develop sales strategy

    • 3.3.1 Develop sales forecast
    • 3.3.2 Develop sales partner/alliance relationships
    • 3.3.3 Establish overall sales budgets
    • 3.3.4 Establish sales goals and measures
    • 3.3.5 Establish customer management measures

    3.4 Develop and manage marketing plans

    • 3.4.1 Establish goals, objectives, and metrics by products by channels/segments
    • 3.4.2 Establish marketing budgets
    • 3.4.3 Develop and manage media
    • 3.4.4 Develop and manage pricing
    • 3.4.5 Develop and manage promotional activities
    • 3.4.6 Track customer management measures
    • 3.4.7 Develop and manage packaging strategy

    3.5 Develop and manage sales plans

    • 3.5.1 Generate leads
    • 3.5.2 Manage customers and accounts
    • 3.5.3 Manage customer sales
    • 3.5.4 Manage sales orders
    • 3.5.5 Manage sales force
    • 3.5.6 Manage sales partners and alliances

    Understand APQC’s “Manage Customer Service” framework

    5.0 Manage Customer Service

    5.1 Develop customer care/customer service strategy

    • 5.1.1 Develop customer service segmentation
      • 5.1.1.1 Analyze existing customers
      • 5.1.1.2 Analyze feedback of customer needs
    • 5.1.2 Define customer service policies and procedures
    • 5.1.3 Establish service levels for customers

    5.2 Plan and manage customer service operations

    • 5.2.1 Plan and manage customer service work force
      • 5.2.1.1 Forecast volume of customer service contacts
      • 5.2.1.2 Schedule customer service work force
      • 5.2.1.3 Track work force utilization
      • 5.2.1.4 Monitor and evaluate quality of customer interactions with customer service representatives

    5.2 Plan and 5.2.3.1 Receive customer complaints 5.2.3.2 Route customer complaints 5.2.3.3 Resolve customer complaints 5.2.3.4 Respond to customer complaints manage customer service operations

    • 5.2.2 Manage customer service requests/inquiries
      • 5.2.2.1 Receive customer requests/inquiries
      • 5.2.2.2 Route customer requests/inquiries
      • 5.2.2.3 Respond to customer requests/inquiries
    • 5.2.3 Manage customer complaints
      • 5.2.3.1 Receive customer complaints
      • 5.2.3.2 Route customer complaints
      • 5.2.3.3 Resolve customer complaints
      • 5.2.3.4 Respond to customer complaints

    Leverage the APQC framework to inventory processes

    The APQC framework provides levels 1 through 3 for the “Market and Sell Products and Services” framework. Level 4 processes and beyond will need to be defined by your organization as they are more granular (represent the task level) and are often industry-specific.

    Level 1 – Category - 1.0 Develop vision and strategy (10002)

    Represents the highest level of process in the enterprise, such as manage customer service, supply chain, financial organization, and human resources.

    Level 2 – Process Group - 1.1 Define the business concept and long-term vision (10014)

    Indicates the next level of processes and represents a group of processes. Examples include perform after sales repairs, procurement, accounts payable, recruit/source, and develop sales strategy.

    Level 3 – Process - 1.1.1 Assess the external environment (10017)

    A series of interrelated activities that convert input into results (outputs); processes consume resources and require standards for repeatable performance; and processes respond to control systems that direct quality, rate, and cost of performance.

    Level 4 – Activity - 1.1.1.1 Analyze and evaluate competition (10021)

    Indicates key events performed when executing a process. Examples of activities include receive customer requests, resolve customer complaints, and negotiate purchasing contracts.

    Level 5 – Task - 12.2.3.1.1 Identify project requirements and objectives (11117)

    Tasks represent the next level of hierarchical decomposition after activities. Tasks are generally much more fine grained and may vary widely across industries. Examples include create business case and obtain funding, and design recognition and reward approaches.

    Info-Tech Insight

    Define the Level 3 processes in the context of your organization. When creating a CXM strategy, concern yourself with the interrelatedness of processes across existing departmental silos (e.g. marketing, sales, customer service). Reserve the analysis of activities (Level 4) and tasks (Level 3) for granular work initiatives involved in the implementation of applications.

    Use Info-Tech’s CXM Business Process Shortlisting Tool to prioritize processes for improvement

    2.3.1 CXM Business Process Shortlisting Tool

    The CXM Business Process Shortlisting Tool can help you define which marketing, sales, and service processes you should focus on.

    Working in concert with stakeholders from the appropriate departments, complete the short questionnaire.

    Based on validated responses, the tool will highlight processes of strategic importance to your organization.

    These processes can then be mapped, with requirements extracted and used to build the CXM application portfolio.

    INFO-TECH DELIVERABLE

    The image shows a screenshot of the Prioritize Your Business Processes for Customer Experience Management document, with sample information filled in.

    Activity: Define your organization’s top-level processes for reengineering and improvement

    2.3.2 1 hour

    Input

    • Shortlist business processes relating to customer experience (output of Tool 2.3.1)

    Output

    • Prioritized list of top-level business processes by department

    Materials

    • APQC Framework
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory all business processes relating to customer experience.
    2. Customize the impacted business units and factor weightings on the scorecard below to reflect the structure and priorities of your organization.
    3. Using the scorecard, identify all processes essential to your customer experience. The scorecard is designed to determine which processes to focus on and to help you understand the impact of the scrutinized process on the different customer-centric groups across the organization.

    The image shows a chart with the headings Factor, Check If Yes, repeated. The chart lists various factors, and the Check if Yes columns are left blank.

    This image shows a chart with the headings Factor, Weights, and Scores. It lists factors, and the rest of the chart is blank.

    Current legend for Weights and Scores

    F – Finance

    H – Human Resources

    I – IT

    L – Legal

    M – Marketing

    BU1 – Business Unit 1

    BU2 – Business Unit 2

    Activity: Map top-level business processes to extract strategic requirements for the CXM application portfolio

    2.3.3 45 minutes

    Input

    • Prioritized list of top-level business processes (output of Activity 2.3.2)

    Output

    • Current state process maps
    • CXM Strategy Stakeholder Presentation

    Materials

    • APQC Framework
    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Project Team

    Instructions

    1. List all prioritized business processes, as identified in Activity 2.3.2. Map your processes in enough detail to capture all relevant activities and system touchpoints, using the legend included in the example. Focus on Level 3 processes, as explained in the APQC framework.
    2. Record all of the major process steps on sticky notes. Arrange the sticky notes in sequential order.
    3. On a set of different colored sticky notes, record all of the systems that enable the process. Map these system touchpoints to the process steps.
    4. Draw arrows in between the steps to represent manual entry or automation.
    5. Identify effectiveness and gaps in existing processes to determine process technology requirements.
    6. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Create a Comprehensive BPM Strategy for Successful Process Automation blueprint for further assistance in taking a BPM approach to your sales-IT alignment.

    Info-Tech Insight

    Analysis of the current state is important in the context of gap analysis. It aids in understanding the discrepancies between your baseline and the future state vision, and ensures that these gaps are documented as part of the overall requirements.

    Example: map your current CXM processes to parse strategic requirements (customer acquisition)

    The image shows an example of a CXM process map, which is formatted as a flow chart, with a legend at the bottom.

    Activity: Extract requirements from your top-level business processes

    2.3.4 30 minutes

    Input

    • Current state process maps (output of Activity 2.3.3)

    Output

    • Requirements for future state mapping

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Discuss the current state of priority business processes, as mapped in Activity 2.3.3.
    2. Extract process requirements for business process improvement by asking the following questions:
    • What is the input?
    • What is the output?
    • What are the underlying risks and how can they be mitigated?
    • What conditions should be met to mitigate or eliminate each risk?
    • What are the improvement opportunities?
    • What conditions should be met to enable these opportunities?
    1. Break business requirements into functional and non-functional requirements, as outlined on this slide.

    Info-Tech Insight

    The business and IT should work together to evaluate the current state of business processes and the business requirements necessary to support these processes. Develop a full view of organizational needs while still obtaining the level of detail required to make informed decisions about technology.

    Establish process owners for each top-level process

    Identify the owners of the business processes being evaluated to extract requirements. Process owners will be able to inform business process improvement and assume accountability for reengineered or net-new processes going forward.

    Process Owner Responsibilities

    Process ownership ensures support, accountability, and governance for CXM and its supporting processes. Process owners must be able to negotiate with business users and other key stakeholders to drive efficiencies within their own process. The process owner must execute tactical process changes and continually optimize the process.

    Responsibilities include the following:

    • Inform business process improvement
    • Introduce KPIs and metrics
    • Monitor the success of the process
    • Present process findings to key stakeholders within the organization
    • Develop policies and procedures for the process
    • Implement new methods to manage the process

    Info-Tech Insight

    Identify the owners of existing processes early so you understand who needs to be involved in process improvement and reengineering. Once implemented, CXM applications are likely to undergo a series of changes. Unstructured data will multiply, the number of users may increase, administrators may change, and functionality could become obsolete. Should business processes be merged or drastically changed, process ownership can be reallocated during CXM implementation. Make sure you have the right roles in place to avoid inefficient processes and poor data quality.

    Use Info-Tech’s Process Owner Assignment Guide to aid you in choosing the right candidates

    2.3.5 Process Owner Assignment Guide

    The Process Owner Assignment Guide will ensure you are taking the appropriate steps to identify process owners for existing and net-new processes created within the scope of the CXM strategy.

    The steps in the document will help with important considerations such as key requirements and responsibilities.

    Sections of the document:

    1. Define responsibilities and level of commitment
    2. Define job requirements
    3. Receive referrals
    4. Hold formal interviews
    5. Determine performance metrics

    INFO-TECH DELIVERABLE

    Activity: Assign business process owners and identify job responsibilities

    2.3.6 30 minutes

    Input

    • Current state map (output of Activity 2.3.3)

    Output

    • Process owners assigned
    • CXM Strategy Stakeholder Presentation

    Materials

    Participants

    • Project Team

    Instructions

    1. Using Info-Tech’s Process Owner Assignment Guide, assign process owners for each process mapped out in Activity 2.3.3. To assist in doing so, answer the following questions
    • What is the level of commitment expected from each process owner?
    • How will the process owner role be tied to a formal performance appraisal?
    • What metrics can be assigned?
    • How much work will be required to train process owners?
    • Is there support staff available to assist process owners?
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Choose the channels that will make your target customers happy – and ensure they’re supported by CXM applications

    Traditional Channels

    Face-to-Face is efficient and has a positive personalized aspect that many customers desire, be it for sales or customer service.

    Telephony (or IVR) has been a mainstay of customer interaction for decades. While not fading, it must be used alongside newer channels.

    Postal used to be employed extensively for all domains, but is now used predominantly for e-commerce order fulfillment.

    Web 1.0 Channels

    Email is an asynchronous interaction channel still preferred by many customers. Email gives organizations flexibility with queuing.

    Live Chat is a way for clients to avoid long call center wait times and receive a solution from a quick chat with a service rep.

    Web Portals permit transactions for sales and customer service from a central interface. They are a must-have for any large company.

    Web 2.0 Channels

    Social Media consists of many individual services (like Facebook or Twitter). Social channels are exploding in consumer popularity.

    HTML5 Mobile Access allows customers to access resources from their personal device through its integrated web browser.

    Dedicated Mobile Apps allow customers to access resources through a dedicated mobile application (e.g. iOS, Android).

    Info-Tech Insight

    Your channel selections should be driven by customer personas and scenarios. For example, social media may be extensively employed by some persona types (i.e. Millennials) but see limited adoption in other demographics or use cases (i.e. B2B).

    Activity: Extract requirements from your channel map

    2.3.7 30 minutes

    Input

    • Current state process maps (output of Activity 2.3.3)

    Output

    • Channel map
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech examples
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory which customer channels are currently used by each department.
    2. Speak with the department heads for Marketing, Sales, and Customer Service and discuss future channel usage. Identify any channels that will be eliminated or added.
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Business Unit Channel Use Survey

    Marketing Sales Customer Service
    Current Used? Future Use? Current Used? Future Use? Current Used? Future Use?
    Email Yes Yes No No No No
    Direct Mail Yes No No No No No
    Phone No No Yes Yes Yes Yes
    In-Person No No Yes Yes Yes No
    Website Yes Yes Yes Yes Yes Yes
    Social Channels No Yes Yes Yes No Yes

    Bring it together: amalgamate your strategic requirements for CXM technology enablement

    Discovering your organizational requirements is vital for choosing the right business-enabling initiative, technology, and success metrics. Sorting the requirements by marketing, sales, and service is a prudent mechanism for clarification.

    Strategic Requirements: Marketing

    Definition: High-level requirements that will support marketing functions within CXM.

    Examples

    • Develop a native mobile application while also ensuring that resources for your web presence are built with responsive design interface.
    • Consolidate workflows related to content creation to publish all brand marketing from one source of truth.
    • Augment traditional web content delivery by providing additional functionality such as omnichannel engagement, e-commerce, dynamic personalization, and social media functionality.

    Strategic Requirements: Sales

    Definition: High-level requirements that will support sales functions within CXM.

    Examples

    • Implement a system that reduces data errors and increases sales force efficiency by automating lead management workflows.
    • Achieve end-to-end visibility of the sales process by integrating the CRM, inventory, and order processing and shipping system.
    • Track sales force success by incorporating sales KPIs with real-time business intelligence feeds.

    Strategic Requirements: Customer Service

    Definition: High-level requirements that will support customer service functions within CXM.

    Examples

    • Provide a live chat portal that connects the customer, in real time, with the next available and qualified agent.
    • Bridge the gap between the source of truth for sales with customer service suites to ensure a consistent, end-to-end customer experience from acquisition to customer engagement and retention.
    • Use customer intelligence to track customer journeys in order to best understand and resolve customer complaints.

    Activity: Consolidate your strategic requirements for the CXM application portfolio

    2.3.8 30 minutes

    Input

    • Strategic CXM requirements (outputs of Activities 2.1.5, 2.1.6, and 2.2.2)

    Output

    • Aggregated strategic CXM requirements
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Aggregate strategic CXM requirements that have been gathered thus far in Activities 2.1.5, 2.1.6, and 2.2.2, 2.3.5, and 2.3.7.
    2. Identify and rectify any obvious gaps in the existing set of strategic CXM requirements. To do so, consider the overall corporate and CXM strategy: are there any objectives that have not been addressed in the requirements gathering process?
    3. De-duplicate the list. Prioritize the aggregated/augmented list of CXM requirements as “high/critical,” “medium/important,” or “low/desirable.” This will help manage the relative importance and urgency of different requirements to itemize respective initiatives, resources, and the time in which they need to be addressed. In completing the prioritization of requirements, consider the following:
    • Requirements prioritization must be completed in collaboration with all key stakeholders (across the business and IT). Stakeholders must ask themselves:
      • What are the consequences to the business objectives if this requirement is omitted?
      • Is there an existing system or manual process/workaround that could compensate for it?
      • What business risk is being introduced if a particular requirement cannot be implemented right away?
  • Document your outputs in the CXM Strategic Stakeholder Presentation Template.
  • Info-Tech Insight

    Strategic CXM requirements will be used to prioritize specific initiatives for CXM technology enablement and application rollout. Ensure that IT, the business, and executive management are all aligned on a consistent and agreed upon set of initiatives.

    Burberry digitizes the retail CX with real-time computing to bring consumers back to the physical storefront

    CASE STUDY

    Industry Consumer Goods, Clothing

    Source Retail Congress, 2017

    Burberry London

    Situation

    Internally, Burberry invested in organizational alignment and sales force brand engagement. The more the sales associate knew about the brand engagement and technology-enabled strategy, the better the store’s performance. Before the efforts went to building relationships with customers, Burberry built engagement with employees.

    Burberry embraced “omnichannel,” the hottest buzzword in retailing to provide consumers the most immersive and intuitive brand experience within the store.

    Technology Strategy

    RFID tags were attached to products to trigger interactive videos on the store’s screens in the common areas or in a fitting room. Consumers are to have instant access to relevant product combinations, ranging from craftsmanship information to catwalk looks. This is equivalent to the rich, immediate information consumers have grown to expect from the online shopping experience.

    Another layer of Burberry’s added capabilities includes in-memory-based analytics to gather and analyze data in real-time to better understand customers’ desires. Burberry builds customer profiles based on what items the shoppers try on from the RFID-tagged garments. Although this requires customer privacy consent, customers are willing to provide personal information to trusted brands.

    This program, called “Customer 360,” assisted sales associates in providing data-driven shopping experiences that invite customers to digitally share their buying history and preferences via their tablet devices. As the data is stored in Burberry’s customer data warehouse and accessed through an application such as CRM, it is able to arm sales associates with personal fashion advice on the spot.

    Lastly, the customer data warehouse/CRM application is linked to Burberry’s ERP system and other custom applications in a cloud environment to achieve real-time inventory visibility and fulfillment.

    Burberry digitizes the retail CX with real-time computing to bring consumers back to the physical storefront (cont'd)

    CASE STUDY

    Industry Consumer Goods, Clothing

    Source Retail Congress, 2017

    Burberry London

    Situation

    Internally, Burberry invested in organizational alignment and sales force brand engagement. The more the sales associate knew about the brand engagement and technology-enabled strategy, the better the store’s performance. Before the efforts went to building relationships with customers, Burberry built engagement with employees.

    Burberry embraced “omnichannel,” the hottest buzzword in retailing to provide consumers the most immersive and intuitive brand experience within the store.

    The Results

    Burberry achieved one of the most personalized retail shopping experiences. Immediate personal fashion advice using customer data is only one component of the experience. Not only are historic purchases and preference data analyzed, a customer’s social media posts and fashion industry trend data is proactively incorporated into the interactions between the sales associate and the customer.

    Burberry achieved CEO Angela Ahrendts’ vision of “Burberry World,” in which the brand experience is seamlessly integrated across channels, devices, retail locations, products, and services.

    The organizational alignment between Sales, Marketing, and IT empowered employees to bring the Burberry brand to life in unique ways that customers appreciated and were willing to advocate.

    Burberry is now one of the most beloved and valuable luxury brands in the world. The brand tripled sales in five years, became one of the leading voices on trends, fashion, music, and beauty while redefining what top-tier customer experience should be both digitally and physically.

    Leverage both core CRM suites and point solutions to create a comprehensive CXM application portfolio

    The debate between best-of-breed point solutions versus comprehensive CRM suites is ongoing. There is no single best answer. In most cases, an effective portfolio will include both types of solutions.

    • When the CRM market first evolved, vendors took a heavy “module-centric” approach – offering basic suites with the option to add a number of individual modules. Over time, vendors began to offer suites with a high degree of out-of-the-box functionality. The market has now witnessed the rise of powerful point solutions for the individual business domains.
    • Point solutions augment, rather than supplant, the functionality of a CRM suite in the mid-market to large enterprise context. Point solutions do not offer the necessary spectrum of functionality to take the place of a unified CRM suite.
    • Point solutions enhance aspects of CRM. For example, most CRM vendors have yet to provide truly impressive social media capabilities. An organization seeking to dominate the social space should consider purchasing a social media management platform to address this deficit in their CRM ecosystem.

    Customer Relationship Management (CRM)

    Social Media Management Platform (SMMP)

    Field Sales/Service Automation (FSA)

    Marketing Management Suites

    Sales Force Automation

    Email Marketing Tools

    Lead Management Automation (LMA)

    Customer Service Management Suites

    Customer Intelligence Systems

    Don’t adopt multiple point solutions without a genuine need: choose domains most in need of more functionality

    Some may find that the capabilities of a CRM suite are not enough to meet their specific requirements: supplementing a CRM suite with a targeted point solution can get the job done. A variety of CXM point solutions are designed to enhance your business processes and improve productivity.

    Sales

    Sales Force Automation: Automatically generates, qualifies, tracks, and contacts leads for sales representatives, minimizing time wasted on administrative duties.

    Field Sales: Allows field reps to go through the entire sales cycle (from quote to invoice) while offsite.

    Sales Compensation Management: Models, analyzes, and dispenses payouts to sales representatives.

    Marketing

    Social Media Management Platforms (SMMP): Manage and track multiple social media services, with extensive social data analysis and insight capabilities.

    Email Marketing Bureaus: Conduct email marketing campaigns and mine results to effectively target customers.

    Marketing Intelligence Systems: Perform in-depth searches on various data sources to create predictive models.

    Service

    Customer Service Management (CSM): Manages the customer support lifecycle with a comprehensive array of tools, usually above and beyond what’s in a CRM suite.

    Customer Service Knowledge Management (CSKM): Advanced knowledgebase and resolution tools.

    Field Service Automation (FSA): Manages customer support tickets, schedules work orders, tracks inventory and fleets, all on the go.

    Info-Tech Insight

    CRM and point solution integration is critical. A best-of-breed product that poorly integrates with your CRM suite compromises the value generated by the combined solution, such as a 360-degree customer view. Challenge point solution vendors to demonstrate integration capabilities with CRM packages.

    Refer to your use cases to decide whether to add a dedicated point solution alongside your CRM suite

    Know your end state and what kind of tool will get you there. Refer to your strategic requirements to evaluate CRM and point solution feature sets.

    Standalone CRM Suite

    Sales Conditions: Need selling and lead management capabilities for agents to perform the sales process, along with sales dashboards and statistics.

    Marketing or Communication Conditions: Need basic campaign management and ability to refresh contact records with information from social networks.

    Member Service Conditions: Need to keep basic customer records with multiple fields per record and basic channels such as email and telephony.

    Add a Best-of-Breed or Point Solution

    Environmental Conditions: An extensive customer base with many different interactions per customer along with industry specific or “niche” needs. Point solutions will benefit firms with deep needs in specific feature areas (e.g. social media or field service).

    Sales Conditions: Lengthy sales process and account management requirements for assessing and managing opportunities – in a technically complex sales process.

    Marketing Conditions: Need social media functionality for monitoring and social property management.

    Customer Service Conditions: Need complex multi-channel service processes and/or need for best-of-breed knowledgebase and service content management.

    Info-Tech Insight

    The volume and complexity of both customers and interactions have a direct effect on when to employ just a CRM suite and when to supplement with a point solution. Check to see if your CRM suite can perform a specific business requirement before deciding to evaluate potential point solutions.

    Use Info-Tech’s CXM Portfolio Designer to create an inventory of high-value customer interaction applications

    2.3.9 CXM Portfolio Designer

    The CXM Portfolio Designer features a set of questions geared toward understanding your needs for marketing, sales, and customer service enablement.

    These results are scored and used to suggest a comprehensive solution-level set of enterprise applications for CXM that can drive your application portfolio and help you make investment decisions in different areas such as CRM, marketing management, and customer intelligence.

    Sections of the tool:

    1. Introduction
    2. Customer Experience Management Questionnaire
    3. Business Unit Recommendations
    4. Enterprise-Level Recommendations

    INFO-TECH DELIVERABLE

    Understand the art of the possible and how emerging trends will affect your application portfolio (1)

    Cloud

    • The emergence and maturation of cloud technologies has broken down the barriers of software adoption.
    • Cloud has enabled easy-to-implement distributed sales centers for enterprises with global or highly fragmented workforces.
    • Cloud offers the agility, scalability, and flexibility needed to accommodate dynamic, evolving customer requirements while minimizing resourcing strain on IT and sales organizations.
    • It is now easier for small to medium enterprises to acquire and implement advanced sales capabilities to compete against larger competitors in a business environment where the need for business agility is key.
    • Although cost and resource reduction is a prominent view of the impact of cloud computing, it is also seen as an agile way to innovate and deliver a product/service experience that customers are looking for – the key to competitive differentiation.

    Mobile

    • Smartphones and other mobile devices were adopted faster than the worldwide web in the late 1990s, and the business and sales implications of widespread adoption cannot be ignored – mobile is changing how businesses operate.
      • Accenture’s Mobility Research Report states that 87% of companies in the study have been guided by a formal mobility strategy – either one that spans the enterprise or for specific business functions.
    • Mobile is now the first point of interaction with businesses. With this trend, gaining visibility into customer insights with mobile analytics is a top priority for organizations.
    • Enterprises need to develop and optimize mobile experiences for internal salespeople and customers alike as part of their sales strategy – use mobile to enable a competitive, differentiated sales force.
    • The use of mobile platforms by sales managers is becoming a norm. Sales enablement suites should support real-time performance metrics on mobile dashboards.

    Understand the art of the possible and how emerging trends will affect your application portfolio (2)

    Social

    • The rise of social networking brought customers together. Customers are now conversing with each other over a wide range of community channels that businesses neither own nor control.
      • The Power Shift: The use of social channels empowered customers to engage in real-time, unstructured conversations for the purpose of product/service evaluations. Those who are active in social environments come to wield considerable influence over the buying decisions of other prospects and customers.
    • Organizations need to identify the influencers and strategically engage them as well as developing an active presence in social communities that lead to sales.
    • Social media does have an impact on sales, both B2C and B2B. A study conducted in 2012 by Social Centered Selling states that 72.6% of sales people using social media as part of their sales process outperformed their peers and exceeded their quota 23% more often (see charts at right).

    The image shows two bar graphs, the one on top titled Achieving Quota: 2010-2012 and the one below titled Exceeding Quota: 2010-2012.

    (Social Centered Learning, n.d.)

    Understand the art of the possible and how emerging trends will affect your application portfolio (3)

    Internet of Things

    • Definition: The Internet of Things (IoT) is the network of physical objects accessed through the internet. These objects contain embedded technology to interact with internal states or the external environment.
    • Why is this interesting?
      • IoT will make it possible for everybody and everything to be connected at all times, processing information in real time. The result will be new ways of making business and sales decisions supported by the availability of information.
      • With ubiquitous connectivity, the current product design-centric view of consumers is changing to one of experience design that aims to characterize the customer relationship with a series of integrated interaction touchpoints.
      • The above change contributes to the shift in focus from experience and will mean further acceleration of the convergence of customer-centric business functions. IoT will blur the lines between marketing, sales, and customer service.
      • Products or systems linked to products are capable of self-operating, learning, updating, and correcting by analyzing real-time data.
      • Take for example, an inventory scale in a large warehouse connected to the company’s supply chain management (SCM) system. When a certain inventory weight threshold is reached due to outgoing shipments, the scale automatically sends out a purchase requisition to restock inventory levels to meet upcoming demand.
    • The IoT will eventually begin to transform existing business processes and force organizations to fundamentally rethink how they produce, operate, and service their customers.

    The image shows a graphic titled The Connected Life by 2020, and shows a number of statistics on use of connected devices over time.

    For categories covered by existing applications, determine the disposition for each app: grow it or cut it loose

    Use the two-by-two matrix below to structure your optimal CXM application portfolio. For more help, refer to Info-Tech’s blueprint, Use Agile Application Rationalization Instead of Going Big Bang.

    1

    0

    Richness of Functionality

    INTEGRATE RETAIN
    1
    REPLACE REPLACE OR ENHANCE

    0

    Degree of Integration

    Integrate: The application is functionally rich, so spend time and effort integrating it with other modules by building or enhancing interfaces.

    Retain: The application satisfies both functionality and integration requirements, so it should be considered for retention.

    Replace/Enhance: The module offers poor functionality but is well integrated with other modules. If enhancing for functionality is easy (e.g. through configuration or custom development), consider enhancement or replace it.

    Replace: The application neither offers the functionality sought nor is it integrated with other modules, and thus should be considered for replacement.

    Activity: Brainstorm the art of the possible, and build and finalize the CXM application portfolio

    2.3.10 1-2 hours

    Input

    • Process gaps identified (output of Activity 2.3.9)

    Output

    • CXM application portfolio
    • CXM Strategy Stakeholder Presentation

    Materials

    Participants

    • Project Team

    Instructions

    1. Review the complete list of strategic requirements identified in the preceding exercises, as well as business process maps.
    2. Identify which application would link to which process (e.g. customer acquisition, customer service resolution, etc.).
    3. Use Info-Tech’s CXM Portfolio Designer to create an inventory of high-value customer interaction applications.
    4. Define rationalization and investment areas.
    5. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Brainstorming the Art of the Possible

    Application Gap Satisfied Related Process Number of Linked Requirements Do we have the system? Priority
    LMA
    • Lead Generation
    • Social Lead Management
    • CRM Integration
    Sales 8 No Business Critical
    Customer Intelligence
    • Web Analytics
    • Customer Journey Tracking
    Customer Service 6 Yes Business Enabling
    ... ... ... ... ... ...

    Use Info-Tech’s comprehensive reports to make granular vendor selection decisions

    Now that you have developed the CXM application portfolio and identified areas of new investment, you’re well positioned to execute specific vendor selection projects. After you have built out your initiatives roadmap in phase 3, the following reports provide in-depth vendor reviews, feature guides, and tools and templates to assist with selection and implementation.

    Info-Tech Insight

    Not all applications are created equally well for each use case. The vendor reports help you make informed procurement decisions by segmenting vendor capabilities among major use cases. The strategic requirements identified as part of this project should be used to select the use case that best fits your needs.

    If you want additional support, have our analyst guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2; 2.3.3 Shortlist and map the key top-level business processes

    Based on experience working with organizations in similar verticals, the facilitator will help your team map out key sample workflows for marketing, sales, and customer service.

    2.3.6 Create your strategic requirements for CXM

    Drawing on the preceding exercises, the facilitator will work with the team to create a comprehensive list of strategic requirements that will be used to drive technology decisions and roadmap initiatives.

    2.3.10 Create and finalize the CXM application portfolio

    Using the strategic requirements gathered through internal, external, and technology analysis up to this point, a facilitator will assist you in assembling a categorical technology application portfolio to support CXM.

    Step 2.4: Develop Deployment Best Practices

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Develop a CXM integration map
    • Develop a mitigation plan for poor quality customer data
    • Create a framework for end-user adoption of CXM applications

    Outcomes:

    • CXM application portfolio integration map
    • Data quality preservation plan
    • End-user adoption plan

    Develop an integration map to specify which applications will interface with each other

    Integration is paramount: your CXM application portfolio must work as a unified face to the customer. Create an integration map to reflect a system of record and the exchange of data.

    • CRM
      • ERP
      • Telephony Systems (IVR, CTI)
      • Directory Services
      • Email
      • Content Management
      • Point Solutions (SMMP, MMS)

    The points of integration that you’ll need to establish must be based on the objectives and requirements that have informed the creation of the CXM application portfolio. For instance, achieving improved customer insights would necessitate a well-integrated portfolio with customer interaction point solutions, business intelligence tools, and customer data warehouses in order to draw the information necessary to build insight. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).

    Info-Tech Insight

    If the CXM application portfolio is fragmented, it will be nearly impossible to build a cohesive view of the customer and deliver a consistent customer experience. Points of integration (POIs) are the junctions between the applications that make up the CXM portfolio. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments. Be sure to include enterprise applications that are not included in the CXM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    After identifying points of integration, profile them by business significance, complexity, and investment required

    • After enumerating points of integration between the CRM platform and other CXM applications and data sources, profile them by business significance and complexity required to determine a rank-ordering of priorities.
    • Points of integration that are of high business significance with low complexity are your must do’s – these are your quick wins that deliver maximum value without too much cost. This is typically the case when integrating a vendor-to-vendor solution with available native connectors.
    • On the opposite end of the spectrum are your POIs that will require extensive work to deliver but offer negligible value. These are your should not do’s – typically, these are niche requests for integration that will only benefit the workflows of a small (and low priority) group of end users. Only accommodate them if you have slack time and budget built into your implementation timeline.

    The image shows a square matrix with Point of Integration Value Matrix in the centre. On the X-axis is Business Significance, and on the Y-axis is POI complexity. In the upper left quadrant is Should Not Do, upper right is Should Do, lower left is Could Do, and lower right is Must do.

    "Find the absolute minimum number of ‘quick wins’ – the POIs you need from day one that are necessary to keep end users happy and deliver value." – Maria Cindric, Australian Catholic University Source: Interview

    Activity: Develop a CXM application integration map

    2.4.1 1 hour

    Input

    • CXM application portfolio (output of Activity 2.3.10)

    Output

    • CXM application portfolio integration map
    • CXM Strategy Stakeholder Presentation

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. On sticky notes, record the list of applications that comprise the CXM application portfolio (built in Activity 2.3.10) and all other relevant applications. Post the sticky notes on a whiteboard so you can visualize the portfolio.
    2. Discuss the key objectives and requirements that will drive the integration design of the CXM application portfolio.
    3. As deemed necessary by step 2, rearrange the sticky notes and draw connecting arrows between applications to reflect their integration. Allow the point of the arrow to indicate direction of data exchanges.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Mapping the Integration of CXM Applications

    The image shows several yellow rectangles with text in them, connected by arrows.

    Plug the hole and bail the boat – plan to be preventative and corrective with customer data quality initiatives

    Data quality is king: if your customer data is garbage in, it will be garbage out. Enable strategic CXM decision making with effective planning of data quality initiatives.

    Identify and Eliminate Dead Weight

    Poor data can originate in the firm’s system of record, which is typically the CRM system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas.

    Loose rules in the CRM system lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system.

    • Conduct a data flow analysis: map the path that data takes through the organization.
    • Use a mass cleanup to identify and destroy dead weight data. Merge duplicates either manually or with the aid of software tools. Delete incomplete data, taking care to reassign related data.
    • COTS packages typically allow power users to merge records without creating orphaned records in related tables, but custom-built applications typically require IT expertise.

    Create and Enforce Standards & Policies

    Now that the data has been cleaned, protect the system from relapsing.

    Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases.

    • Truncated data is usually caused by mismatches in data structures during either one-time data loads or ongoing data integrations.
    • Don’t go overboard on assigning required fields – users will just put key data in note fields.
    • Discourage the use of unstructured note fields: the data is effectively lost unless it gets subpoenaed.
    • To specify policies, use Info-Tech’s Master Data Record Tool.

    Profile your customer and sales-related data

    Applications are a critical component of how IT supports Sales, but IT also needs to help Sales keep its data current and accurate. Conducting a sales data audit is critical to ensure Sales has the right information at the right time.

    Info-Tech Insight

    Data is king. More than ever, having accurate data is essential for your organization to win in hyper-competitive marketplaces. Prudent current state analysis looks at both the overall data model and data architecture, as well as assessing data quality within critical sales-related repositories. As the amount of customer data grows exponentially due to the rise of mobility and the Internet of Things, you must have a forward-looking data model and data marts/customer data warehouse to support sales-relevant decisions.

    • A current state analysis for sales data follows a multi-step process:
      • Determine the location of all sales-relevant and customer data – the sales data inventory. Data can reside in applications, warehouses, and documents (e.g. Excel and Access files) – be sure to take a holistic approach.
    • For each data source, assess data quality across the following categories:
      • Completeness
      • Currency (Relevancy)
      • Correctness
      • Duplication
    • After assessing data quality, determine which repositories need the most attention by IT and Sales. We will look at opportunities for data consolidation later in the blueprint.

    INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Develop a Master Data Management Strategy and Roadmap blueprint for further reference and assistance in data management for your sales-IT alignment.

    Activity: Develop a mitigation plan for poor quality customer data

    2.4.2 30 minutes

    Input

    • List of departments involved in maintenance of CXM data

    Output

    • Data quality preservation plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Inventory a list of departments that will be interacting directly with CXM data.
    2. Identify data quality cleansing and preservation initiatives, such as those in previous examples.
    3. Assign accountability to an individual in the department as a data steward. When deciding on a data steward, consider the following:
    • Data stewards are designated full-time employees who serve as the go-to resource for all issues pertaining to data quality, including keeping a particular data silo clean and free of errors.
    • Data stewards are typically mid-level managers in the business (not IT), preferably with an interest in improving data quality and a relatively high degree of tech-savviness.
    • Data stewards can sometimes be created as a new role with a dedicated FTE, but this is not usually cost effective for small and mid-sized firms.
    • Instead, diffuse the steward role across several existing positions, including one for CRM and other marketing, sales, and service applications.
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • Example: Data Steward Structure

    Department A

    • Data Steward (CRM)
    • Data Steward (ERP)

    Department B

    • Data Steward (All)

    Department C

    • Data Steward (All)

    Determine if a customer data warehouse will add value to your CXM technology-enablement strategy

    A customer data warehouse (CDW) “is a subject-oriented, integrated, time-variant, non-volatile collection of data used to support the strategic decision-making process across marketing, sales, and service. It is the central point of data integration for customer intelligence and is the source of data for the data marts, delivering a common view of customer data” (Corporate Information Factory, n.d.).

    Analogy

    CDWs are like a buffet. All the food items are in the buffet. Likewise, your corporate data sources are centralized into one repository. There are so many food items in a buffet that you may need to organize them into separate food stations (data marts) for easier access.

    Examples/Use Cases

    • Time series analyses with historical data
    • Enterprise level, common view analyses
    • Integrated, comprehensive customer profiles
    • One-stop repository of all corporate information

    Pros

    • Top-down architectural planning
    • Subject areas are integrated
    • Time-variant, changes to the data are tracked
    • Non-volatile, data is never over-written or deleted

    Cons

    • A massive amount of corporate information
    • Slower delivery
    • Changes are harder to make
    • Data format is not very business friendly

    Activity: Assess the need for a customer data warehouse

    2.4.3. 30 minutes

    Input

    • List of data sources
    • Data inflows and outflows

    Output

    • Data quality preservation plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Create a shortlist of customer data sources.
    2. Profile the integration points that are necessary to support inflows and outflows of customer data.
    3. Ask the following questions around the need for a CDW based on these data sources and points of integration:
    • What is the volume of customer information that needs to be stored? The greater the capacity, the more likely that you should build a dedicated CDW.
    • How complex is the data? The more complex the data, the greater the need for a CDW.
    • How often will data interchange happen between various applications and data sources? The greater and more frequent the interchange, the greater the need for a CDW.
    • What are your organizational capabilities for building a CDW? Do you have the resources in-house to create a CDW at this time?
  • Document your outputs in the CXM Strategy Stakeholder Presentation Template.
  • INFO-TECH OPPORTUNITY

    Refer to Info-Tech’s Build an Agile Data Warehouse blueprint for more information on building a centralized and integrated data warehouse.

    Create a plan for end-user training on new (or refocused) CXM applications and data quality processes

    All training modules will be different, but some will have overlapping areas of interest.

    – Assign Project Evangelists – Analytics Training – Mobile Training

    Application Training

    • Customer Service - Assign Project Evangelists – Analytics Training – Mobile Training
      • Focus training on:
        • What to do with inbound tickets.
        • Routing and escalation features.
        • How to use knowledge management features effectively.
        • Call center capabilities.
    • Sales – Assign Project Evangelists – Analytics Training – Mobile Training
      • Focus training on:
        • Recording of opportunities, leads, and deals.
        • How to maximize sales with sales support decision tree.
    • Marketing - Assign Project Evangelists – Analytics Training
      • Focus training on:
        • Campaign management features.
        • Social media monitoring and engagement capabilities.
    • IT
      • Focus training on:
        • Familiarization with the software.
        • Software integration with other enterprise applications.
        • The technical support needed to maintain the system in the future.

    Info-Tech Insight

    Train customers too. Keep the customer-facing sales portals simple and intuitive, have clear explanations/instructions under important functions (e.g. brief directions on how to initiate service inquiries), and provide examples of proper uses (e.g. effective searches). Make sure customers are aware of escalation options available to them if self-service falls short.

    Ensure adoption with a formal communication process to keep departments apprised of new application rollouts

    The team leading the rollout of new initiatives (be they applications, new governance structures, or data quality procedures) should establish a communication process to ensure management and users are well informed.

    CXM-related department groups or designated trainers should take the lead and implement a process for:

    • Scheduling application platform/process rollout/kick-off meetings.
    • Soliciting preliminary input from the attending groups to develop further training plans.
    • Establishing communication paths and the key communication agents from each department who are responsible for keeping lines open moving forward.

    The overall objective for inter-departmental kick-off meetings is to confirm that all parties agree on certain key points and understand alignment rationale and new sales app or process functionality.

    The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.

    The kick-off meeting(s) should encompass:

    • Target business-user requirements
    • The high-level application overview
    • Tangible business benefits of alignment
    • Special consideration needs
    • Other IT department needs
    • Target quality of service (QoS) metrics

    Info-Tech Insight

    Determine who in each department will send out a message about initiative implementation, the tone of the message, the medium, and the delivery date.

    Construct a formal communication plan to engage stakeholders through structured channels

    Tangible Elements of a Communications Plan

    • Stakeholder Group Name
    • Stakeholder Description
    • Message
    • Concerns Relative to Application Maintenance
    • Communication Medium
    • Role Responsible for Communication
    • Frequency
    • Start and End Date

    Intangible Elements of a Communications Plan

    • Establish biweekly meetings with representatives from sales functional groups, who are tasked with reporting on:
      • Benefits of revised processes
      • Metrics of success
      • Resource restructuring
    • Establish a monthly interdepartmental meeting, where all representatives from sales and IT leadership discuss pressing bug fixes and minor process improvements.
    • Create a webinar series, complete with Q&A, so that stakeholders can reference these changes at their leisure.

    Info-Tech Insight

    Every piece of information that you give to a stakeholder that is not directly relevant to their interests is a distraction from your core message. Always remember to tailor the message, medium, and timing accordingly.

    Carry the CXM value forward with linkage and relationships between sales, marketing, service, and IT

    Once the sales-IT alignment committees have been formed, create organizational cadence through a variety of formal and informal gatherings between the two business functions.

    • Organizations typically fall in one of three maturity stages: isolation, collaboration, or synergy. Strive to achieve business-technology synergy at the operational level.
    • Although collaboration cannot be mandated, it can be facilitated. Start with a simple gauge of the two functions’ satisfaction with each other, and determine where and how inter-functional communication and synergy can be constructed.

    Isolation

    The image shows four shapes, with the words IT, Sales, Customer Service, and Marketing in them.

    • Point solutions are implemented on an ad-hoc basis by individual departments for specific projects.
    • Internal IT is rarely involved in these projects from beginning to end.

    Collaboration

    The image features that same four shapes and text from the previous image, but this time they are connected by dotted lines.

    • There is a formal cross-departmental effort to integrate some point solutions.
    • Internal IT gets involved to integrate systems and then support system interactions.

    Synergy

    The image features the same shapes and text from previous instances, except the shapes are now connect by solid lines and the entire image is surrounded by dotted lines.

    • Cross-functional, business technology teams are established to work on IT-enabled revenue generation initiatives.
    • Team members are collocated if possible.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.4.1 Develop a CXM application integration map

    Using the inventory of existing CXM-supporting applications and the newly formed CXM application portfolio as inputs, your facilitator will assist you in creating an integration map of applications to establish a system of record and flow of data.

    2.4.2 Develop a mitigation plan for poor quality customer data

    Our facilitator will educate your stakeholders on the importance of quality data and guide you through the creation of a mitigation plan for data preservation.

    2.4.3 Assess the need for a customer data warehouse

    Addressing important factors such as data volume, complexity, and flow, a facilitator will help you assess whether or not a customer data warehouse for CXM is the right fit for your organization.

    Phase 3

    Finalize the CXM Framework

    Build a Strong Technology Foundation for Customer Experience Management

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Finalize the CXM Framework

    Proposed Time to Completion: 1 week

    Step 3.1: Create an Initiative Rollout Plan

    Start with an analyst kick-off call:

    • Discuss strategic requirements and the associated application portfolio that has been proposed.

    Then complete these activities…

    • Initiatives prioritization

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Step 3.2: Confirm and Finalize the CXM Blueprint

    Review findings with analyst:

    • Discuss roadmap and next steps in terms of rationalizing and implementing specific technology-centric initiatives or rollouts.

    Then complete these activities…

    • Confirm stakeholder strategy presentation

    With these tools & templates:

    • CXM Strategy Stakeholder Presentation Template

    Phase 3 Results & Insights:

    • Initiatives roadmap

    Step 3.1: Create an Initiative Rollout Plan

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Create a risk management plan
    • Brainstorm initiatives for CXM roadmap
    • Identify dependencies and enabling projects for your CXM roadmap
    • Complete the CXM roadmap

    Outcomes:

    • Risk management plan
    • CXM roadmap
      • Quick-win initiatives

    A CXM technology-enablement roadmap will provide smooth and timely implementation of your apps/initiatives

    Creating a comprehensive CXM strategy roadmap reduces the risk of rework, misallocation of resources, and project delays or abandonment.

    • People
    • Processes
    • Technology
    • Timeline
    • Tasks
    • Budget

    Benefits of a Roadmap

    1. Prioritize execution of initiatives in alignment with business, IT, and needs.
    2. Create clearly defined roles and responsibilities for IT and business stakeholders.
    3. Establish clear timelines for rollout of initiatives.
    4. Identify key functional areas and processes.
    5. Highlight dependencies and prerequisites for successful deployment.
    6. Reduce the risk of rework due to poor execution.

    Implement planning and controls for project execution

    Risk Management

    • Track risks associated with your CXM project.
    • Assign owners and create plans for resolving open risks.
    • Identify risks associated with related projects.
    • Create a plan for effectively communicating project risks.

    Change Management

    • Brainstorm a high-level training plan for various users of the CXM.
    • Create a communication plan to notify stakeholders and impacted users about the tool and how it will alter their workday and performance of role activities.
    • Establish a formal change management process that is flexible enough to meet the demands for change.

    Project Management

    • Conduct a post-mortem to evaluate the completion of the CXM strategy.
    • Design the project management process to be adaptive in nature.
    • Communication is key to project success, whether it is to external stakeholders or internal project team members..
    • Review the project’s performance against metrics and expectations.

    INFO-TECH OPPORTUNITIES

    Optimize the Change Management Process

    You need to design a process that is flexible enough to meet demand for change and strict enough to protect the live environment from change-related incidents.

    Create Project Management Success

    Investing time up front to plan the project and implementing best practices during project execution to ensure the project is delivered with the planned outcome and quality is critical to project success.

    Activity: Create a risk management plan

    3.1.1 45 minutes

    Input

    • Inventory of risks

    Output

    • Risk management plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Create a list of possible risks that may hamper the progress of your CXM project.
    2. Classify risks as strategy-based, related to planning, or systems-based, related to technology.
    3. Brainstorm mitigation strategies to overcome each listed risk.
    4. On a score of 1 to 3, determine the impact of each risk on the success of the project.
    5. On a score of 1 to 3, determine the likelihood of the occurrence for each risk.
    6. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Constructing a Risk Management Plan

    Risk Impact Likelihood Mitigation Effort
    Strategy Risks Project over budget
    • Detailed project plan
    • Pricing guarantees
    Inadequate content governance
    System Risks Integration with additional systems
    • Develop integration plan and begin testing integration methods early in the project
    .... ... ... ...

    Likelihood

    1 – High/ Needs Focus

    2 – Can Be Mitigated

    3 - Unlikely

    Impact

    1 - High Risk

    2 - Moderate Risk

    3 - Minimal Risk

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding technical and strategic risks can help you establish contingency measures to reduce the likelihood that risks will occur. Devise mitigation strategies to help offset the impact of risks if contingency measures are not enough.

    Remember

    The biggest sources of risk in a CXM strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Change management
    • Executive sponsorship
    • Sufficient funding
    • Expectation setting
    1. Project Starts
    • Expectations are high
  • Project Workload Increases
    • Expectations are high
  • Pit of Despair
    • Why are we doing this?
  • Project Nears Close
    • Benefits are being realized
  • Implementation is Completed
    • Learning curve dip
  • Standardization & Optimization
    • Benefits are high
  • Identify factors to complete your CXM initiatives roadmap

    Completion of initiatives for your CXM project will be contingent upon multiple variables.

    Defining Dependencies

    Initiative complexity will define the need for enabling projects. Create a process to define dependencies:

    1. Enabling projects: complex prerequisites.
    2. Preceding tasks: direct and simplified assignments.

    Establishing a Timeline

    • Assign realistic timelines for each initiative to ensure smooth progress.
    • Use milestones and stage gates to track the progress of your initiatives and tasks.

    Defining Importance

    • Based on requirements gathering, identify the importance of each initiative to your marketing department.
    • Each initiative can be ranked high, medium, or low.

    Assigning Ownership

    • Owners are responsible for on-time completion of their assigned initiatives.
    • Populate a RACI chart to ensure coverage of all initiatives.

    Complex....Initiative

    • Enabling Project
      • Preceding Task
      • Preceding Task
    • Enabling Project
      • Preceding Task
      • Preceding Task

    Simple....Initiative

    • Preceding Task
    • Preceding Task
    • Preceding Task

    Activity: Brainstorm CXM application initiatives for implementation in alignment with business needs

    3.1.2 45 minutes

    Input

    • Inventory of CXM initiatives

    Output

    • Prioritized and quick-win initiatives
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. As a team, identify and list CXM initiatives that need to be addressed.
    2. Plot the initiatives on the complexity-value matrix to determine priority.
    3. Identify quick wins: initiatives that can realize quick benefits with little effort.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Importance-Capability Matrix

    The image shows a matrix, with Initiative Complexity on the X-axis, and Business Value on the Y-axis. There are circle of different sizes in the matrix.

    Pinpoint quick wins: high importance, low effort initiatives.

    The size of each plotted initiative must indicate the effort or the complexity and time required to complete.
    Top Right Quadrant Strategic Projects
    Top Left Quadrant Quick Wins
    Bottom Right Quadrant Risky Bets
    Bottom Left Quadrant Discretionary Projects

    Activity: Identify any dependencies or enabling projects for your CXM roadmap

    3.1.3 1 hour

    Input

    • Implementation initiatives
    • Dependencies

    Output

    • CXM project dependencies

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Using sticky notes and a whiteboard, have each team member rank the compiled initiatives in terms of priority.
    2. Determine preceding tasks or enabling projects that each initiative is dependent upon.
    3. Determine realistic timelines to complete each quick win, enabling project, and long-term initiative.
    4. Assign an owner for each initiative.

    Example: Project Dependencies

    Initiative: Omnichannel E-Commerce

    Dependency: WEM Suite Deployment; CRM Suite Deployment; Order Fulfillment Capabilities

    Activity: Complete the implementation roadmap

    3.1.4 30 minutes

    Input

    • Implementation initiatives
    • Dependencies

    Output

    • CXM Roadmap
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Establish time frames to highlight enabling projects, quick wins, and long-term initiatives.
    2. Indicate the importance of each initiative as high, medium, or low based on the output in Activity 3.1.2.
    3. Assign each initiative to a member of the project team. Each owner will be responsible for the execution of a given initiative as planned.
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Example: Importance-Capability Matrix

    Importance Initiative Owner Completion Date
    Example Projects High Gather business requirements. Project Manager MM/DD/YYYY
    Quick Wins
    Long Term Medium Implement e-commerce across all sites. CFO & Web Manager MM/DD/YYYY

    Importance

    • High
    • Medium
    • Low

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1 Create a risk management plan

    Based on the workshop exercises, the facilitator will work with the core team to design a priority-based risk mitigation plan that enumerates the most salient risks to the CXM project and addresses them.

    3.1.2; 3.1.3; 3.1.4 Identify initiative dependencies and create the CXM roadmap

    After identifying dependencies, our facilitators will work with your IT SMEs and business stakeholders to create a comprehensive roadmap, outlining the initiatives needed to carry out your CXM strategy roadmap.

    Step 3.2: Confirm and Finalize the CXM Blueprint

    Phase 1

    1.1 Create the Project Vision

    1.2 Structure the Project

    Phase 2

    2.1 Scan the External Environment

    2.2 Assess the Current State of CXM

    2.3 Create an Application Portfolio

    2.4 Develop Deployment Best Practices

    Phase 3

    3.1 Create an Initiative Rollout Plan

    3.2 Confirm and Finalize the CXM Blueprint

    Activities:

    • Identify success metrics
    • Create a stakeholder power map
    • Create a stakeholder communication plan
    • Complete and present CXM strategy stakeholder presentation

    Outcomes:

    • Stakeholder communication plan
    • CXM strategy stakeholder presentation

    Ensure that your CXM applications are improving the performance of targeted processes by establishing metrics

    Key Performance Indicators (KPIs)

    Key performance indicators (KPIs) are quantifiable measures that demonstrate the effectiveness of a process and its ability to meet business objectives.

    Questions to Ask

    1. What outputs of the process can be used to measure success?
    2. How do you measure process efficiency and effectiveness?

    Creating KPIs

    Specific

    Measurable

    Achievable

    Realistic

    Time-bound

    Follow the SMART methodology when developing KPIs for each process.

    Adhering to this methodology is a key component of the Lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    Info-Tech Insight

    Metrics are essential to your ability to measure and communicate the success of the CXM strategy to the business. Speak the same language as the business and choose metrics that relate to marketing, sales, and customer service objectives.

    Activity: Identify metrics to communicate process success

    3.2.1 1 hour

    Input

    • Key organizational objectives

    Output

    • Strategic business metrics
    • CXM Strategy Stakeholder Presentation

    Materials

    • Whiteboard
    • Markers

    Participants

    • Project Team

    Instructions

    1. Recap the major functions that CXM will focus on (e.g. marketing, sales, customer service, web experience management, social media management, etc.)
    2. Identify business metrics that reflect organizational objectives for each function.
    3. Establish goals for each metric (as exemplified below).
    4. Document your outputs in the CXM Strategy Stakeholder Presentation Template.
    5. Communicate the chosen metrics and the respective goals to stakeholders.

    Example: Metrics for Marketing, Sales, and Customer Service Functions

    Metric Example
    Marketing Customer acquisition cost X% decrease in costs relating to advertising spend
    Ratio of lifetime customer value X% decrease in customer churn
    Marketing originated customer % X% increase in % of customer acquisition driven by marketing
    Sales Conversion rate X% increase conversion of lead to sale
    Lead response time X% decrease in response time per lead
    Opportunity-to-win ratio X% increase in monthly/annual opportunity-to-win ratio
    Customer Service First response time X% decreased time it takes for customer to receive first response
    Time-to-resolution X% decrease of average time-to-resolution
    Customer satisfaction X% improvement of customer satisfaction ratings on immediate feedback survey

    Use Info-Tech’s Stakeholder Power Map Template to identify stakeholders crucial to CXM application rollouts

    3.2.2 Stakeholder Power Map Template

    Use this template and its power map to help visualize the importance of various stakeholders and their concerns. Prioritize your time according to the most powerful and most impacted stakeholders.

    Answer questions about each stakeholder:

    • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?

    Focus on key players: relevant stakeholders who have high power, should have high involvement, and are highly impacted.

    INFO-TECH DELIVERABLE

    Stakeholder Power Map Template

    Use Info-Tech’s Stakeholder Communication Planning Template to document initiatives and track communication

    3.2.3 Stakeholder Communication Planning Template

    Use the Stakeholder Communication Planning Template to document your list of initiative stakeholders so you can track them and plan communication throughout the initiative.

    Track the communication methods needed to convey information regarding CXM initiatives. Communicate how a specific initiative will impact the way employees work and the work they do.

    Sections of the document:

    1. Document the Stakeholder Power Map (output of Tool 3.2.2).
    2. Complete the Communicate Management Plan to aid in the planning and tracking of communication and training.

    INFO-TECH DELIVERABLE

    Activity: Create a stakeholder power map and communication plan

    3.2.4 1 hour

    Input

    • Stakeholder power map

    Output

    • Stakeholder communication plan
    • CXM Strategy Stakeholder Presentation

    Materials

    • Info-Tech’s Stakeholder Communication Planning Template
    • Info-Tech’s Stakeholder Power Map Template

    Participants

    • Project Team

    Instructions

    1. Using Info-Tech’s Stakeholder Power Map Template, identify key stakeholders for ensuring the success of the CXM strategy (Tool 3.2.2).
    2. Using Info-Tech’s Stakeholder Communication Plan Template, construct a communication plan to communicate and track CXM initiatives with all CXM stakeholders (Tool 3.2.3).
    3. Document your outputs in the CXM Strategy Stakeholder Presentation Template.

    Use Info-Tech’s CXM Strategy Stakeholder Presentation Template to sell your CXM strategy to the business

    3.2.5 CXM Strategy Stakeholder Presentation Template

    Complete the presentation template as indicated when you see the green icon throughout this deck. Include the outputs of all activities that are marked with this icon.

    Info-Tech has designed the CXM Strategy Stakeholder Presentation Template to capture the most critical aspects of the CXM strategy. Customize it to best convey your message to project stakeholders and to suit your organization.

    The presentation should be no longer than one hour. However, additional slides can be added at the discretion of the presenter. Make sure there is adequate time for a question and answer period.

    INFO-TECH DELIVERABLE

    After the presentation, email the deck to stakeholders to ensure they have it available for their own reference.

    Activity: Determine the measured value received from the project

    3.2.6 30 minutes

    Input

    • Project Metrics

    Output

    • Measured Value Calculation

    Materials

    • Workbook

    Participants

    • Project Team

    Instructions

    1. Review project metrics identified in phase 1 and associated benchmarks.
    2. After executing the CXM project, compare metrics that were identified in the benchmarks with the revised and assess the delta.
    3. Calculate the percentage change and quantify dollar impact (i.e. as a result of increased customer acquisition or retention).

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.4 Create a stakeholder power map and communication plan

    An analyst will walk the project team through the creation of a communication plan, inclusive of project metrics and their respective goals. If you are planning a variety of CXM initiatives, track how the change will be communicated and to whom. Determine the employees who will be impacted by the change.

    Insight breakdown

    Insight 1

    • IT must work in lockstep with Marketing, Sales, and Customer Service to develop a comprehensive technology-enablement strategy for CXM.
    • As IT works with its stakeholders in the business, it must endeavor to capture and use the voice of the customer in driving strategic requirements for CXM portfolio design.
    • IT must consider the external environment, customer personas, and internal processes as it designs strategic requirements to build the CXM application portfolio.

    Insight 2

    • The cloud is bringing significant disruption to the CXM space: to maintain relevancy, IT must become deeply involved in ensuring alignment between vendor capabilities and strategic requirements.
    • IT must serve as a trusted advisor on technical implementation challenges related to CXM, such as data quality, integration, and end-user training and adoption.
    • IT is responsible for technology enablement and is an indispensable partner in this regard; however, the business must ultimately own the objectives and communication strategy for customer engagement.

    Insight 3

    • When crafting a portfolio for CXM, be aware of the art of the possible: capabilities are rapidly merging and evolving to support new interaction channels. Social, mobile, and IoT are disrupting the customer experience landscape.
    • Big data and analytics-driven decision making is another significant area of value. IT must allow for true customer intelligence by providing an integration framework across customer-facing applications.

    Summary of accomplishment

    Knowledge Gained

    • Voice of the Customer for CXM Portfolio Design
    • Understanding of Strategic Requirements for CXM
    • Customer Personas and Scenarios
    • Environmental Scan
    • Deployment Considerations
    • Initiatives Roadmap Considerations

    Processes Optimized

    • CXM Technology Portfolio Design
    • Customer Data Quality Processes
    • CXM Integrations

    Deliverables Completed

    • Strategic Summary for CXM
    • CXM Project Charter
    • Customer Personas
    • External and Competitive Analysis
    • CXM Application Portfolio

    Bibliography

    Accenture Digital. “Growing the Digital Business: Accenture Mobility Research 2015.” Accenture. 2015. Web.

    Afshar, Vala. “50 Important Customer Experience Stats for Business Leaders.” Huffington Post. 15 Oct. 2015. Web.

    APQC. “Marketing and Sales Definitions and Key Measures.” APQC’s Process Classification Framework, Version 1.0.0. APQC. Mar. 2011. Web.

    CX Network. “The Evolution of Customer Experience in 2015.” Customer Experience Network. 2015. Web.

    Genesys. “State of Customer Experience Research”. Genesys. 2018. Web.

    Harvard Business Review and SAS. “Lessons From the Leading Edge of Customer Experience Management.” Harvard Business School Publishing. 2014. Web.

    Help Scout. “75 Customer Service Facts, Quotes & Statistics.” Help Scout. n.d. Web.

    Inmon Consulting Services. “Corporate Information Factory (CIF) Overview.” Corporate Information Factory. n.d. Web

    Jurevicius, Ovidijus. “VRIO Framework.” Strategic Management Insight. 21 Oct. 2013. Web.

    Keenan, Jim, and Barbara Giamanco. “Social Media and Sales Quota.” A Sales Guy Consulting and Social Centered Selling. n.d. Web.

    Malik, Om. “Internet of Things Will Have 24 Billion Devices by 2020.” Gigaom. 13 Oct. 2011. Web.

    McGovern, Michele. “Customers Want More: 5 New Expectations You Must Meet Now.” Customer Experience Insight. 30 July 2015. Web.

    McGinnis, Devon. “40 Customer Service Statistics to Move Your Business Forward.” Salesforce Blog. 1 May 2019. Web.

    Bibliography

    Reichheld, Fred. “Prescription for Cutting Costs”. Bain & Company. n.d. Web.

    Retail Congress Asia Pacific. “SAP – Burberry Makes Shopping Personal.” Retail Congress Asia Pacific. 2017. Web.

    Rouse, Margaret. “Omnichannel Definition.” TechTarget. Feb. 2014. Web.

    Salesforce Research. “Customer Expectations Hit All-Time High.” Salesforce Research. 2018. Web.

    Satell, Greg. “A Look Back at Why Blockbuster Really Failed and Why It Didn’t Have To.” Forbes. 5 Sept. 2014. Web.

    Social Centered Learning. “Social Media and Sales Quota: The Impact of Social Media on Sales Quota and Corporate Review.” Social Centered Learning. n.d. Web.

    Varner, Scott. “Economic Impact of Experience Management”. Qualtrics/Forrester. 16 Aug. 2017. Web.

    Wesson, Matt. “How to Use Your Customer Data Like Amazon.” Salesforce Pardot Blog. 27 Aug. 2012. Web.

    Winterberry Group. “Taking Cues From the Customer: ‘Omnichannel’ and the Drive For Audience Engagement.” Winterberry Group LLC. June 2013. Web.

    Wollan, Robert, and Saideep Raj. “How CIOs Can Support a More Agile Sales Organization.” The Wall Street Journal: The CIO Report. 25 July 2013. Web.

    Zendesk. “The Impact of Customer Service on Customer Lifetime Value 2013.” Z Library. n.d. Web.

    Implement a New IT Organizational Structure

    • Buy Link or Shortcode: {j2store}276|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $30,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Organizational design implementations can be highly disruptive for IT staff and business partners. Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.
    • CIOs walk a tightrope as they manage the operational and emotional turbulence while aiming to improve business satisfaction within IT. Failure to achieve balance could result in irreparable failure.

    Our Advice

    Critical Insight

    • Mismanagement will hurt you. The majority of IT organizations do not manage organizational design implementations effectively, resulting in decreased satisfaction, productivity loss, and increased IT costs.
    • Preventing mismanagement is within your control. 72% of change management issues can be directly improved by managers. IT leaders have a tendency to focus their efforts on operational changes rather than on people.

    Impact and Result

    Leverage Info-Tech’s organizational design implementation process and deliverables to build and implement a detailed transition strategy and to prepare managers to lead through change.

    Follow Info-Tech’s 5-step process to:

    1. Effect change and sustain productivity through real-time employee engagement monitoring.
    2. Kick off the organizational design implementation with effective communication.
    3. Build an integrated departmental transition strategy.
    4. Train managers to effectively lead through change.
    5. Develop personalized transition plans.

    Implement a New IT Organizational Structure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how you should implement a new organizational design, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a change communication strategy

    Create strategies to communicate the changes to staff and maintain their level of engagement.

    • Implement a New Organizational Structure – Phase 1: Build a Change Communication Strategy
    • Organizational Design Implementation FAQ
    • Organizational Design Implementation Kick-Off Presentation

    2. Build the organizational transition plan

    Build a holistic list of projects that will enable the implementation of the organizational structure.

    • Implement a New Organizational Structure – Phase 2: Build the Organizational Transition Plan
    • Organizational Design Implementation Project Planning Tool

    3. Lead staff through the reorganization

    Lead a workshop to train managers to lead their staff through the changes and build transition plans for all staff members.

    • Implement a New Organizational Structure – Phase 3: Lead Staff Through the Reorganization
    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Stakeholder Engagement Plan Template
    • Organizational Design Implementation Transition Plan Template
    [infographic]

    Workshop: Implement a New IT Organizational Structure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Your Change Project Plan

    The Purpose

    Create a holistic change project plan to mitigate the risks of organizational change.

    Key Benefits Achieved

    Building a change project plan that encompasses both the operational changes and minimizes stakeholder and employee resistance to change.

    Activities

    1.1 Review the new organizational structure.

    1.2 Determine the scope of your organizational changes.

    1.3 Review your MLI results.

    1.4 Brainstorm a list of projects to enable the change.

    Outputs

    Project management planning and monitoring tool

    McLean Leadership Index dashboard

    2 Finalize Change Project Plan

    The Purpose

    Finalize the change project plan started on day 1.

    Key Benefits Achieved

    Finalize the tasks that need to be completed as part of the change project.

    Activities

    2.1 Brainstorm the tasks that are contained within the change projects.

    2.2 Determine the resource allocations for the projects.

    2.3 Understand the dependencies of the projects.

    2.4 Create a progress monitoring schedule.

    Outputs

    Completed project management planning and monitoring tool

    3 Enlist Your Implementation Team

    The Purpose

    Enlist key members of your team to drive the implementation of your new organizational design.

    Key Benefits Achieved

    Mitigate the risks of staff resistance to the change and low engagement that can result from major organizational change projects.

    Activities

    3.1 Determine the members that are best suited for the team.

    3.2 Build a RACI to define their roles.

    3.3 Create a change vision.

    3.4 Create your change communication strategy.

    Outputs

    Communication strategy

    4 Train Your Managers to Lead Through Change

    The Purpose

    Train your managers who are more technically focused to handle the people side of the change.

    Key Benefits Achieved

    Leverage your managers to translate how the organizational change will directly impact individuals on their teams.

    Activities

    4.1 Conduct the manager training workshop with managers.

    4.2 Review the stakeholder engagement plans.

    4.3 Review individual transition plan template with managers.

    Outputs

    Conflict style self-assessments

    Stakeholder engagement plans

    Individual transition plan template

    5 Build Your Transition Plans

    The Purpose

    Complete transition plans for individual members of your staff.

    Key Benefits Achieved

    Create individual plans for your staff members to ease the transition into their new roles.

    Activities

    5.1 Bring managers back in to complete transition plans.

    5.2 Revisit the new organizational design as a source of information.

    5.3 Complete aspects of the templates that do not require staff feedback.

    5.4 Discuss strategies for transitioning.

    Outputs

    Individual transition plan template

    Further reading

    Implement a New IT Organizational Structure

    Prioritize quick wins and critical services during IT org changes.

    This blueprint is part 3/3 in Info-Tech’s organizational design program and focuses on implementing a new structure

    Part 1: Design Part 2: Structure Part 3: Implement
    IT Organizational Architecture Organizational Sketch Organizational Structure Organizational Chart Transition Strategy Implement Structure
    1. Define the organizational design objectives.
    2. Develop strategically-aligned capability map.
    3. Create the organizational design framework.
    4. Define the future state work units.
    5. Create future state work unit mandates.
    1. Assign work to work units (accountabilities and responsibilities).
    2. Develop organizational model options (organizational sketches).
    3. Assess options and select go-forward model.
    1. Define roles by work unit.
    2. Create role mandates.
    3. Turn roles into jobs.
    4. Define reporting relationships between jobs.
    5. Define competency requirements.
    1. Determine number of positions per job.
    2. Conduct competency assessment.
    3. Assign staff to jobs.
    1. Form OD implementation team.
    2. Develop change vision.
    3. Build communication presentation.
    4. Identify and plan change projects.
    5. Develop organizational transition plan.
    1. Train managers to lead through change.
    2. Define and implement stakeholder engagement plan.
    3. Develop individual transition plans.
    4. Implement transition plans.
    Risk Management: Create, implement, and monitor risk management plan.
    HR Management: Develop job descriptions, conduct job evaluation, and develop compensation packages.

    Monitor and Sustain Stakeholder Engagement →

    The sections highlighted in green are in scope for this blueprint. Click here for more information on designing or on structuring a new organization.

    Our understanding of the problem

    This Research is Designed For:

    • CIOs

    This Research Will Help You:

    • Effectively implement a new organizational structure.
    • Develop effective communications to minimize turnover and lost productivity during transition.
    • Identify a detailed transition strategy to move to your new structure with minimal interruptions to service quality.
    • Train managers to lead through change and measure ongoing employee engagement.

    This Research Will Also Assist:

    • IT Leaders

    This Research Will Help Them:

    • Effectively lead through the organizational change.
    • Manage difficult conversations with staff and mitigate staff concerns and turnover.
    • Build clear transition plans for their teams.

    Executive summary

    Situation

    • Organizational Design (OD) projects are typically undertaken in order to enable organizational priorities, improve IT performance, or to reduce IT costs. However, due to the highly disruptive nature of the change, only 25% of changes achieve their objectives over the long term. (2013 Towers Watson Change and Communication ROI Survey)

    Complication

    • OD implementations can be highly disruptive for IT staff and business partners. Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.
    • CIOs walk a tightrope as they manage the operational and emotional turbulence while aiming to improve business satisfaction within IT. Failure to achieve balance could result in irreparable failure.

    Resolution

    • Leverage Info-Tech’s organizational design implementation process and deliverables to build and implement a detailed transition strategy and to prepare managers to lead through change. Follow Info-Tech’s 5-step process to:
      1. Effect change and sustain productivity through real-time employee engagement monitoring.
      2. Kick off the organizational design implementation with effective communication.
      3. Build an integrated departmental transition strategy.
      4. Train managers to effectively lead through change.
      5. Develop personalized transition plans.

    Info-Tech Insight

    1. Mismanagement will hurt you. The majority of IT organizations do not manage OD implementations effectively, resulting in decreased satisfaction, productivity loss, and increased IT costs.
    2. Preventing mismanagement is within your control. 72% of change management issues can be directly improved by managers. (Abilla, 2009) IT leaders have a tendency to focus their efforts on operational changes rather than on people. This is a recipe for failure.

    Organizational Design Implementation

    Managing organizational design (OD) changes effectively is critical to maintaining IT service levels and retaining top talent throughout a restructure. Nevertheless, many organizations fail to invest appropriate consideration and resources into effective OD change planning and execution.

    THREE REASONS WHY CIOS NEED TO EFFECTIVELY MANAGE CHANGE:

    1. Failure is the norm; not the exception. According to a study by Towers Watson, only 55% of organizations experience the initial value of a change. Even fewer organizations, a mere 25%, are actually able to sustain change over time to experience the full expected benefits. (2013 Towers Watson Change and Communication ROI Survey)
    2. People are the biggest cause of failure. Organizational design changes are one of the most difficult types of changes to manage as staff are often highly resistant. This leads to decreased productivity and poor results. The most significant people challenge is the loss of momentum through the change process which needs to be actively managed.
    3. Failure costs money. Poor IT OD implementations can result in increased turnover, lost productivity, and decreased satisfaction from the business. Managing the implementation has a clear ROI as the cost of voluntary turnover is estimated to be 150% of an employee’s annual salary. (Inc)

    86% of IT leaders believe organization and leadership processes are critical, yet the majority struggle to be effective

    PERCENTAGE OF IT LEADERS WHO BELIEVE THEIR ORGANIZATION AND LEADERSHIP PROCESSES ARE HIGHLY IMPORTANT AND HIGHLY EFFECTIVE

    A bar graph, with the following organization and leadership processes listed on the Y-axis: Human Resources Management; Leadership, Culture, Values; Organizational Change Management; and Organizational Design. The bar graph shows that over 80% of IT leaders rate these processes as High Importance, but less than 40% rate them as having High Effectiveness.

    GAP BETWEEN IMPORTANCE AND EFFECTIVENESS

    Human Resources Management - 61%

    Leadership, Culture, Values - 48%

    Organizational Change Management - 55%

    Organizational Design - 45%

    Note: Importance and effectiveness were determined by identifying the percentage of individuals who responded with 8-10/10 to the questions…

    • “How important is this process to the organization’s ability to achieve business and IT goals?” and…
    • “How effective is this process at helping the organization to achieve business and IT goals?”

    Source: Info-Tech Research Group, Management and Governance Diagnostic. N=22,800 IT Professionals

    Follow a structured approach to your OD implementation to improve stakeholder satisfaction with IT and minimize risk

    • IT reorganizations are typically undertaken to enable strategic goals, improve efficiency and performance, or because of significant changes to the IT budget. Without a structured approach to manage the organizational change, IT might get the implementation done, but fail to achieve the intended benefits, i.e. the operation succeeds, but the patient has died on the table.
    • When implementing your new organizational design, it’s critical to follow a structured approach to ensure that you can maintain IT service levels and performance and achieve the intended benefits.
    • The impact of organizational structure changes can be emotional and stressful for staff. As such, in order to limit voluntary turnover, and to maintain productivity and performance, IT leaders need to be strategic about how they communicate and respond to resistance to change.

    TOP 3 BENEFITS OF FOLLOWING A STRUCTURED APPROACH TO IMPLEMENTING ORGANIZATIONAL DESIGN

    1. Improved stakeholder satisfaction with IT. A detailed change strategy will allow you to successfully transition staff into new roles with limited service interruptions and with improved stakeholder satisfaction.
    2. Experience minimal voluntary turnover throughout the change. Know how to actively engage and minimize resistance of stakeholders throughout the change.
    3. Execute implementation on time and on budget. Effectively managed implementations are 65–80% more likely to meet initial objectives than those with poor organizational change management. (Boxley Group, LLC)

    Optimize your organizational design implementation results by actively preparing managers to lead through change

    IT leaders have a tendency to make change even more difficult by focusing on operations rather than on people. This is a recipe for failure. People pose the greatest risk to effective implementation and as such, IT managers need to be prepared and trained on how to lead their staff through the change. This includes knowing how to identify and manage resistance, communicating the change, and maintaining positive momentum with staff.

    Staff resistance and momentum are the most challenging part of leading through change (McLean & Company, N=196)

    A bar graph with the following aspects of Change Management listed on the Y-Axis, in increasing order of difficulty: Dealing with Technical Issues; Monitoring metrics to measure progress; Amending policies and processes; Coordinating with stakeholders; Getting buy-in from staff; Maintaining a positive momentum with staff.

    Reasons why change fails: 72% of failures can be directly improved by the manager (shmula)

    A pie chart showing the reasons why change fails: Management behavior not supportive of change = 33%; Employee resistance to change = 39%; Inadequate resources or budget = 14%; and All other obstacles = 14%.

    Leverage organizational change management (OCM) best practices for increased OD implementation success

    Effective change management correlates with project success

    A line graph, with Percent of respondents that met or exceeded project objectives listed on the Y-axis, and Poor, Fair, Good, and Excellent listed on the X-axis. The line represents the overall effectiveness of the change management program, and as the value on the Y-axis increases, so does the value on the X-axis.

    Source: Prosci. From Prosci’s 2012 Best Practices in Change Management benchmarking report.

    95% of projects with excellent change management met or EXCEEDED OBJECTIVES, vs. 15% of those with poor OCM. (Prosci)

    143% ROI on projects with excellent OCM. In other words, for every dollar spent on the project, the company GAINS 43 CENTS. This is in contrast to 35% ROI on projects with poor OCM. (McKinsey)

    Info-Tech’s approach to OD implementation is a practical and tactical adaptation of several successful OCM models

    BUSINESS STRATEGY-ORIENTED OCM MODELS. John Kotter’s 8-Step model, for instance, provides a strong framework for transformational change but doesn’t specifically take into account the unique needs of an IT transformation.

    GENERAL-PURPOSE OCM FRAMEWORKS such as ACMP’s Standard for Change Management, CMI’s CMBoK, and Prosci’s ADKAR model are very comprehensive and need to be configured to organizational design implementation-specific initiatives.

    COBIT MANAGEMENT PRACTICE BAI05: MANAGE ORGANIZATIONAL CHANGE ENABLEMENT follows a structured process for implementing enterprise change quickly. This framework can be adapted to OD implementation; however, it is most effective when augmented with the people and management training elements present in other frameworks.

    References and Further Reading

    Tailoring a comprehensive, general-purpose OCM framework to an OD implementation requires familiarity and experience. Info-Tech’s OD implementation model adapts the best practices from a wide range of proven OCM models and distills it into a step-by-step process that can be applied to an organizational design transformation.

    The following OD implementation symptoms can be avoided through structured planning

    IN PREVIOUS ORGANIZATIONAL CHANGES, I’VE EXPERIENCED…

    “Difficultly motivating my staff to change.”

    “Higher than average voluntary turnover during and following the implementation.”

    “An overall sense of staff frustration or decreased employee engagement.”

    “Decreased staff productivity and an inability to meet SLAs.”

    “Increased overtime caused by being asked to do two jobs at once.”

    “Confusion about the reporting structure during the change.”

    “Difficulty keeping up with the rate of change and change fatigue from staff.”

    “Business partner dissatisfaction about the change and complaints about the lack of effort or care put in by IT employees.”

    “Business partners not wanting to adjust to the change and continuing to follow outdated processes.”

    “Decrease in stakeholder satisfaction with IT.”

    “Increased prevalence of shadow IT during or following the change.”

    “Staff members vocally complaining about the IT organization and leadership team.”

    Follow this blueprint to develop and execute on your OD implementation

    IT leaders often lack the experience and time to effectively execute on organizational changes. Info-Tech’s organizational design implementation program will provide you with the needed tools, templates, and deliverables. Use these insights to drive action plans and initiatives for improvement.

    How we can help

    • Measure the ongoing engagement of your employees using Info-Tech’s MLI diagnostic. The diagnostic comes complete with easily customizable reports to track and act on employee engagement throughout the life of the change.
    • Use Info-Tech’s customizable project management tools to identify all of the critical changes, their impact on stakeholders, and mitigate potential implementation risks.
    • Develop an in-depth action plan and transition plans for individual stakeholders to ensure that productivity remains high and that service levels and project expectations are met.
    • Align communication with real-time staff engagement data to keep stakeholders motivated and focused throughout the change.
    • Use Info-Tech’s detailed facilitation guide to train managers on how to effectively communicate the change, manage difficult stakeholders, and help ensure a smooth transition.

    Leverage Info-Tech’s customizable deliverables to execute your organizational design implementation

    A graphic with 3 sections: 1.BUILD A CHANGE COMMUNICATION STRATEGY; 2.BUILD THE ORGANIZATIONAL TRANSITION PLAN; 3.1 TRAIN MANAGERS TO LEAD THROUGH CHANGE; 3.2 TRANSITION STAFF TO NEW ROLES. An arrow emerges from point one and directs right, over the rest of the steps. Text above the arrow reads: ONGOING ENGAGEMENT MONITORING AND COMMUNICATION. Dotted arrows emerge from points two and three directing back toward point one. Text below the arrow reads: COMMUNICATION STRATEGY ITERATION.

    CUSTOMIZABLE PROJECT DELIVERABLES

    1. BUILD A CHANGE COMMUNICATION STRATEGY

    • McLean Leadership Index: Real-Time Employee Engagement Dashboard
    • Organizational Design
    • Implementation Kick-Off Presentation
    • Organizational Design Implementation FAQ

    2. BUILD THE ORGANIZATIONAL TRANSITION PLAN

    • Organizational Design Implementation Project Planning Tool

    3.1 TRAIN MANAGERS TO LEAD THROUGH CHANGE

    3.2 TRANSITION STAFF TO NEW ROLES

    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Transition Plan Template

    Leverage Info-Tech’s tools and templates to overcome key engagement program implementation challenges

    KEY SECTION INSIGHTS:

    BUILD A CHANGE COMMUNICATION STRATEGY

    Effective organizational design implementations mitigate the risk of turnover and lost productivity through ongoing monitoring and managing of employee engagement levels. Take a data-driven approach to managing engagement with Info-Tech’s real-time MLI engagement dashboard and adjust your communication and implementation strategy before engagement risks become issues.

    BUILD THE ORGANIZATIONAL TRANSITION PLAN

    Your organizational design implementation is made up of a series of projects and needs to be integrated into your larger project schedule. Too often, organizations attempt to fit the organizational design implementation into their existing schedules which results in poor resource planning, long delays in implementation, and overall poor results.

    LEAD STAFF THROUGH THE REORGANIZATION

    The majority of IT managers were promoted because they excelled at the technical aspect of their job rather than in people management. Not providing training is setting your organization up for failure. Train managers to effectively lead through change to see a 72% decrease in change management issues. (Abilla, 2009)

    METRICS:

    1. Voluntary turnover: Conduct an exit interview with all staff members during and after transition. Identify any staff members who cite the change as a reason for departure. For those who do leave, multiply their salary by 1.5% (the cost of a new hire) and track this over time.
    2. Business satisfaction trends: Conduct CIO Business Vision one year prior to the change vs. one year after change kick-off. Prior to the reorganization, set metrics for each category for six months after the reorganization, and one year following.
    3. Saved development costs: Number of hours to develop internal methodology, tools, templates, and process multiplied by the salary of the individual.

    Use this blueprint to save 1–3 months in implementing your new organizational structure

    Time and Effort Using Blueprint Without Blueprint
    Assess Current and Ongoing Engagement 1 person ½ day – 4 weeks 1–2 hours for diagnostic set up (allow extra 4 weeks to launch and review initial results). High Value 4–8 weeks
    Set Up the Departmental Change Workbooks 1–5 people 1 day 4–5 hours (varies based on the scope of the change). Medium Value 1–2 weeks
    Design Transition Strategy 1–2 people 1 day 2–10 hours of implementation team’s time. Medium Value 0–2 weeks
    Train Managers to Lead Through Change 1–5 people 1–2 weeks 1–2 hours to prepare training (allow for 3–4 hours per management team to execute). High Value 3–5 weeks

    These estimates are based on reviews with Info-Tech clients and our experience creating the blueprint.

    Totals:

    Workshop: 1 week

    GI/DIY: 2-6 weeks

    Time and Effort Saved: 8-17 weeks

    CIO uses holistic organizational change management strategies to overcome previous reorganization failures

    CASE STUDY

    Industry: Manufacturing

    Source: Client interview

    Problem

    When the CIO of a large manufacturing company decided to undertake a major reorganization project, he was confronted with the stigma of a previous CIO’s attempt. Senior management at the company were wary of the reorganization since the previous attempt had failed and cost a lot of money. There was major turnover since staff were not happy with their new roles costing $250,000 for new hires. The IT department saw a decline in their satisfaction scores and a 10% increase in help desk tickets. The reorganization also cost the department $400,000 in project rework.

    Solution

    The new CIO used organizational change management strategies in order to thoroughly plan the implementation of the new organizational structure. The changes were communicated to staff in order to improve adoption, every element of the change was mapped out, and the managers were trained to lead their staff through the change.

    Results

    The reorganization was successful and eagerly adopted by the staff. There was no turnover after the new organizational structure was implemented and the engagement levels of the staff remained the same.

    $250,000 - Cost of new hires and salary changes

    10% - Increase in help desk tickets

    $400,000 - Cost of project delays due to the poorly effective implementation of changes

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Implement a New Organizational Structure

    3. Lead Staff Through the Reorganization
    1. Build a Change Communication Strategy 2. Build the Organizational Transition Plan 3.1 Train Managers to Lead Through Change 3.2 Transition Staff to New Roles
    Best-Practice Toolkit

    1.1 Launch the McLean Leadership Index to set a baseline.

    1.2 Establish your implementation team.

    1.3 Build your change communication strategy and change vision.

    2.1 Build a holistic list of change projects.

    2.2 Monitor and track the progress of your change projects.

    3.1.1 Conduct a workshop with managers to prepare them to lead through the change.

    3.1.2 Build stakeholder engagement plans and conduct conflict style self-assessments.

    3.2.1 Build transition plans for each of your staff members.

    3.2.2 Transition your staff to their new roles.

    Guided Implementations
    • Set up your MLI Survey.
    • Determine the members and roles of your implementation team.
    • Review the components of a change communication strategy.
    • Review the change dimensions and how they are used to plan change projects.
    • Review the list of change projects.
    • Review the materials and practice conducting the workshop.
    • Debrief after conducting the workshop.
    • Review the individual transition plan and the process for completing it.
    • Final consultation before transitioning staff to their new roles.
    Onsite Workshop Module 1: Effectively communicate the reorganization to your staff. Module 2: Build the organizational transition plan. Module 3.1: Train your managers to lead through change. Module 3.2: Complete your transition plans

    Phase 1 Results:

    • Plans for effectively communicating with your staff.

    Phase 2 Results:

    • A holistic view of the portfolio of projects required for a successful reorg

    Phase 3.1 Results:

    • A management team that is capable of leading their staff through the reorganization

    Phase 3.2 Results:

    • Completed transition plans for your entire staff.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build Your Change Project Plan

    1.1 Review the new organizational structure.

    1.2 Determine the scope of your organizational changes.

    1.3 Review your MLI results.

    1.4 Brainstorm a list of projects to enable the change.

    Finalize Change Project Plan

    2.1 Brainstorm the tasks that are contained within the change projects.

    2.2 Determine the resource allocation for the projects.

    2.3 Understand the dependencies of the projects.

    2.4 Create a progress monitoring schedule

    Enlist Your Implementation Team

    3.1 Determine the members that are best suited for the team.

    3.2 Build a RACI to define their roles.

    3.3 Create a change vision.

    3.4 Create your change communication strategy.

    Train Your Managers to Lead Through Change

    4.1 Conduct the manager training workshop with managers.

    4.2 Review the stakeholder engagement plans.

    4.3 Review individual transition plan template with managers

    Build Your Transition Plans

    5.1 Bring managers back in to complete transition plans.

    5.2 Revisit new organizational design as a source for information.

    5.3 Complete aspects of the template that do not require feedback.

    5.4 Discuss strategies for transitioning.

    Deliverables
    1. McLean Leadership Index Dashboard
    2. Organizational Design Implementation Project Planning Tool
    1. Completed Organizational Design Implementation Project Planning Tool
    1. Communication Strategy
    1. Stakeholder Engagement Plans
    2. Conflict Style Self-Assessments
    3. Organizational Design Implementation Transition Plan Template
    1. Organizational Design Implementation Transition Plan Template

    Phase 1

    Build a Change Communication Strategy

    Build a change communication strategy

    Outcomes of this Section:

    • Launch the McLean Leadership Index
    • Define your change team
    • Build your reorganization kick-off presentation and FAQ for staff and business stakeholders

    This section involves the following participants:

    • CIO
    • IT leadership team
    • IT staff

    Key Section Insight:

    Effective organizational design implementations mitigate the risk of turnover and lost productivity through ongoing monitoring of employee engagement levels. Take a data-driven approach to managing engagement with Info-Tech’s real-time MLI engagement dashboard and adjust your communication and implementation strategy in real-time before engagement risks become issues.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build a Change Communication Strategy

    Proposed Time to Completion (in weeks): 1-6 weeks

    Step 1.1: Launch Your McLean Leadership Index Survey

    Start with an analyst kick off call:

    • Discuss the benefits and uses of the MLI.
    • Go over the required information (demographics, permissions, etc.).
    • Set up a live demo of the survey.

    Then complete these activities…

    • Launch the survey with your staff.
    • Have a results call with a member of the Info-Tech staff.

    With these tools & templates:

    McLean Leadership Index

    Step 1.2: Establish Your Implementation Team

    Review findings with analyst:

    • Review what members of your department should participate.
    • Build a RACI to determine the roles of your team members.

    Then complete these activities…

    • Hold a kick-off meeting with your new implementation team.
    • Build the RACI for your new team members and their roles.

    Step 1.3: Build Your Change Communication Strategy

    Finalize phase deliverable:

    • Customize your reorganization kick-off presentation.
    • Create your change vision. Review the communication strategy.

    Then complete these activities…

    • Hold your kick-off presentation with staff members.
    • Launch the reorganization communications.

    With these tools & templates:

    • Organizational Design Implementation Kick-Off Presentation
    • Organizational Design Implementation FAQ

    Set the stage for the organizational design implementation by effectively introducing and communicating the change to staff

    Persuading people to change requires a “soft,” empathetic approach to keep them motivated and engaged. But don’t mistake “soft” for easy. Managing the people and communication aspects around the change are amongst the toughest work there is, and require a comfort and competency with uncertainty, ambiguity, and conflict.

    Design Engagement Transition
    Communication

    Communication and engagement are the chains linking your design to transition. If the organizational design initiative is going to be successful it is critical that you manage this effectively. The earlier you begin planning the better. The more open and honest you are about the change the easier it will be to maintain engagement levels, business satisfaction, and overall IT productivity.

    Kick-Off Presentation Inputs

    • LAUNCH THE MCLEAN LEADERSHIP INDEX
    • IDENTIFY YOUR CHANGE TEAM
    • DETERMINE CHANGE TEAM RESPONSIBILITIES
    • DEVELOP THE CHANGE VISION
    • DEFINE KEY MESSAGES AND GOALS
    • IDENTIFY MAJOR CHANGES
    • IDENTIFY KEY MILESTONES
    • BUILD AND MAINTAIN A CHANGE FAQ

    Use the MLI engagement dashboard to measure your current state and the impact of the change in real-time

    The McLean Leadership Index diagnostic is a low-effort, high-impact program that provides real-time metrics on staff engagement levels. Use these insights to understand your employees’ engagement levels throughout the organizational design implementation to measure the impact of the change and to manage turnover and productivity levels throughout the implementation.

    WHY CARE ABOUT ENGAGEMENT DURING THE CHANGE? ENGAGED EMPLOYEES REPORT:

    39% Higher intention to stay at the organization.

    29% Higher performance and increased likelihood to work harder and longer hours. (Source: McLean and Company N=1,308 IT Employees)

    Why the McLean Leadership Index?

    Based on the Net Promoter Score (NPS), the McLean Leadership Index is one question asked monthly to assess engagement at various points in time.

    Individuals responding to the MLI question with a 9 or 10 are your Promoters and are most positive and passionate. Those who answer 7 or 8 are Passives while those who answer 0 to 6 are Detractors.

    Track your engagement distribution using our online dashboard to view MLI data at any time and view results based on teams, locations, manager, tenure, age, and gender. Assess the reactions to events and changes in real-time, analyze trends over time, and course-correct.

    Dashboard reports: Know your staff’s overall engagement and top priorities

    McLean Leadership Index

    OVERALL ENGAGEMENT RESULTS

    You get:

    • A clear breakdown of your detractors, passives, and promotors.
    • To view results by team, location, and individual manager.
    • To dig deeper into results by reviewing results by age, gender, and tenure at the organization to effectively identify areas where engagement is weak.

    TIME SERIES TRENDS

    You get:

    • View of changes in engagement levels for each team, location, and manager.
    • Breakdown of trends weekly, monthly, quarterly, and yearly.
    • To encourage leaders to monitor results to analyze root causes for changes and generate improvement initiatives.

    QUALITATIVE COMMENTS

    You get:

    • To view qualitative comments provided by staff on what is impacting their engagement.
    • To reply directly to comments without impacting the anonymity of the individuals making the comments.
    • To leverage trends in the comments to make changes to communication approaches.

    Launch the McLean Leadership Index in under three weeks

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need To Do:

    1. Contact Info-Tech to launch the program and test the functionality in a live demo.
    2. Identify demographics and set access permissions.
    3. Complete manager training with assistance from Info-Tech Advisors.
    4. Participate in a results call with an Info-Tech Advisor to review results and develop an action plan.

    Info-Tech’s Program Manager Will:

    1. Collect necessary inputs and generate your custom dashboard.
    2. Launch, maintain, and support the online system in the field.
    3. Send out a survey to 25% of the staff each week.
    4. Provide ongoing support over the phone, and the needed tools and templates to communicate and train staff as well as take action on results.

    Explore your initial results in a one-hour call with an Executive Advisor to fully understand the results and draw insights from the data so you can start your action plan.

    Start Your Diagnostic Now

    We'll help you get set up as soon as you're ready.

    Start Now

    Communication has a direct impact on employee engagement; measure communication quality using your MLI results

    A line graph titled: The impact of manager communication on employee engagement. The X-axis is labeled from Strongly Disagree to Strongly Agree, and the Y-axis is labeled: Percent of Engaged Respondents. There are 3 colour-coded lines: dark blue indicates My manager provides me with high-quality feedback; light blue indicates I clearly understand what is expected of me on the job; and green indicates My manager keeps me well informed about decisions that affect me. The line turns upward as it moves to the right of the graph.

    (McLean & Company, 2015 N=17,921)

    A clear relationship exists between how effective a manager’s communication is perceived to be and an employee’s level of engagement. If engagement drops, circle back with employees to understand the root causes.

    Establish an effective implementation team to drive the organizational change

    The implementation team is responsible for developing and disseminating information around the change, developing the transition strategy, and for the ongoing management of the changes.

    The members of the implementation team should include:

    • CIO
    • Current IT leadership team
    • Project manager
    • Business relationship managers
    • Human resources advisor

    Don’t be naïve – building and executing the implementation plan will require a significant time commitment from team members. Too often, organizations attempt to “fit it in” to their existing schedules resulting in poor planning, long delays, and overall poor results. Schedule this work like you would a project.

    TOP 3 TIPS FOR DEFINING YOUR IMPLEMENTATION TEAM

    1. Select a Project Manager. Info-Tech strongly recommends having one individual accountable for key project management activities. They will be responsible for keeping the project on time and maintaining a holistic view of the implementation.
    2. Communication with Business Partners is Critical. If you have Business Relationship Managers (BRMs), involve them in the communication planning or assign someone to play this role. You need your business partners to be informed and bought in to the implementation to maintain satisfaction.
    3. Enlist Your “Volunteer Army.” (Kotter’s 8 Principles) If you have an open culture, Info-Tech encourages you to have an extended implementation team made up of volunteers interested in supporting the change. Their role will be to support the core group, assist in planning, and communicate progress with peers.

    Determine the roles of your implementation team members

    1.1 30 Minutes

    Input

    • Implementation team members

    Output

    • RACI for key transition elements

    Materials

    • RACI chart and pen

    Participants

    • Core implementation committee
    1. Each member should be actively engaged in all elements of the organizational design implementation. However, it’s important to have one individual who is accountable for key activities and ensures they are done effectively and measured.
    2. Review the chart below and as a group, brainstorm any additional key change components.
    3. For each component listed below, identify who is Accountable, Responsible, Consulted, and Informed for each (suggested responsibility below).
    CIO IT Leaders PM BRM HR
    Communication Plan A R R R C
    Employee Engagement A R R R C

    Departmental Transition Plan

    R A R I R
    Organizational Transition Plan R R A I C
    Manager Training A R R I C

    Individual Transition Plans

    R A R I I
    Technology and Logistical Changes R R A I I
    Hiring A R I I R
    Learning and Development R A R R R
    Union Negotiations R I I I A
    Process Development R R A R I

    Fast-track your communication planning with Info-Tech’s Organizational Design Implementation Kick-Off Presentation

    Organizational Design Implementation Kick-Off Presentation

    Communicate what’s important to your staff in a simple, digestible way. The communication message should reflect what is important to your stakeholders and what they want to know at the time.

    • Why is this change happening?
    • What are the goals of the reorganization?
    • What specifically is changing?
    • How will this impact me?
    • When is this changing?
    • How and where can I get more information?

    It’s important that the tone of the meeting suits the circumstances.

    • If the reorganization is going to involve lay-offs: The meeting should maintain a positive feel, but your key messages should stress the services that will be available to staff, when and how people will be communicated with about the change, and who staff can go to with concerns.
    • If the reorganization is to enable growth: Focus on celebrating where the organization is going, previous successes, and stress that the staff are critical in enabling team success.

    Modify the Organizational Design ImplementationKick-Off Presentation with your key messages and goals

    1.2 1 hour

    Input

    • New organizational structure

    Output

    • Organizational design goal statements

    Materials

    • Whiteboard & marker
    • ODI Kick-off Presentation

    Participants

    • OD implementation team
    1. Within your change implementation team, hold a meeting to identify and document the change goals and key messages.
    2. As a group, discuss what the key drivers were for the organizational redesign by asking yourselves what problem you were trying to solve.
    3. Select 3–5 key problem statements and document them on a whiteboard.
    4. For each problem statement, identify how the new organizational design will allow you to solve those problems.
    5. Document these in your Organizational Design Implementation Kick-Off Presentation.

    Modify the presentation with your unique change vision to serve as the center piece of your communication strategy

    1.3 1 hour

    Input

    • Goal statements

    Output

    • Change vision statement

    Materials

    • Sticky notes
    • Pens
    • Voting dots

    Participants

    • Change team
    1. Hold a meeting with the change implementation team to define your change vision. The change vision should provide a picture of what the organization will look like after the organizational design is implemented. It should represent the aspirational goal, and be something that staff can all rally behind.
    2. Hand out sticky notes and ask each member to write down on one note what they believe is the #1 desired outcome from the organizational change and one thing that they are hoping to avoid (you may wish to use your goal statements to drive this).
    3. As a group, review each of the sticky notes and group similar statements in categories. Provide each individual with 3 voting dots and ask them to select their three favorite statements.
    4. Select your winning statements in teams of 2–3. Review each statement and as a team work to strengthen the language to ensure that the statement provides a call to action, that it is short and to the point, and motivational.
    5. Present the statements back to the group and select the best option through a consensus vote.
    6. Document the change vision in your Organizational Design Implementation Kick-Off Presentation.

    Customize the presentation identifying key changes that will be occurring

    1.4 2 hours

    Input

    • Old and new organizational sketch

    Output

    • Identified key changes that are occurring

    Materials

    • Whiteboard
    • Sticky notes & Pens
    • Camera

    Participants

    • OD implementation team
    1. On a whiteboard, draw a high-level picture of your previous organizational sketch and your new organizational sketch.
    2. Using sticky notes, ask individuals to highlight key high-level challenges that exist in the current model (consider people, process, and technology).
    3. Consider each sticky note, and highlight and document how and where your new sketch will overcome those challenges and the key differences between the old structure and the new.
    4. Take a photo of the two sketches and comments, and document these in your Organizational Design Implementation Kick-Off Presentation.

    Modify the presentation by identifying and documenting key milestones

    1.5 1 hour

    Input

    • OD implementation team calendars

    Output

    • OD implementation team timeline

    Materials

    • OD Implementation Kick-Off Presentation

    Participants

    • OD implementation team
    1. Review the timeline in the Organizational Design Implementation Kick-Off Presentation. As a group, discuss the key milestones identified in the presentation:
      • Kick-off presentation
      • Departmental transition strategy built
      • Organizational transition strategy built
      • Manager training
      • One-on-one meetings with staff to discuss changes to roles
      • Individual transition strategy development begins
    2. Review the timeline, and keeping your other commitments in mind, estimate when each of these tasks will be completed and update the timeline.

    Build an OD implementation FAQ to proactively address key questions and concerns about the change

    Organizational Design Implementation FAQ

    Leverage this template as a starting place for building an organizational design implementation FAQ.

    This template is prepopulated with example questions and answers which are likely to arise.

    Info-Tech encourages you to use the list of questions as a basis for your FAQ and to add additional questions based on the changes occurring at your organization.

    It may also be a good idea to store the FAQ on a company intranet portal so that staff has access at all times and to provide users with a unique email address to forward questions to when they have them.

    Build your unique organizational design implementation FAQ to keep staff informed throughout the change

    1.6 1 hour + ongoing

    Input

    • OD implementation team calendars

    Output

    • OD implementation team timeline

    Materials

    • OD Implementation Kick-Off Presentation

    Participants

    • OD implementation team
    1. Download a copy of the Organizational Design Implementation FAQ and as a group, review each of the key questions.
    2. Delete any questions that are not relevant and add any additional questions you either believe you will receive or which you have already been asked.
    3. Divide the questions among team members and have each member provide a response to these questions.
    4. The CIO and the project manager should review the responses for accuracy and ensure they are ready to be shared with staff.
    5. Publish the responses on an IT intranet site and make the location known to your IT staff.

    Dispelling rumors by using a large implementation team

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    When rumors of the impending reorganization reached staff, there was a lot of confusion and some of the more vocal detractors in the department enforced these rumors.

    Staff were worried about changes to their jobs, demotions, and worst of all, losing their jobs. There was no communication from senior management to dispel the gossip and the line managers were also in the dark so they weren’t able to offer support.

    Staff did not feel comfortable reaching out to senior management about the rumors and they didn’t know who the change manager was.

    Solution

    The CIO and change manager put together a large implementation team that included many of the managers in the department. This allowed the managers to handle the gossip through informal conversations with their staff.

    The change manager also built a communication strategy to communicate the stages of the reorganization and used FAQs to address the more common questions.

    Results

    The reorganization was adopted very quickly since there was little confusion surrounding the changes with all staff members. Many of the personnel risks were mitigated by the communication strategy because it dispelled rumors and took some of the power away from the vocal detractors in the department.

    An engagement survey was conducted 3 months after the reorganization and the results showed that the engagement of staff had not changed after the reorganization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1a: Launch the MLI Dashboard (Pre-Work)

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the MLI diagnostic to understand the overall engagement levels of your organization.

    1b: Review Your MLI Results

    The analysts will facilitate several exercises to help you and your team identify your current engagement levels, and the variance across demographics and over time.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1: Define Your Change Team Responsibilities

    Review the key responsibilities of the organizational design implementation team and define the RACI for each individual member.

    1.3: Define Your Change Vision and Goals

    Identify the change vision statement which will serve as the center piece for your change communications as well as the key message you want to deliver to your staff about the change. These messages should be clear, emotionally impactful, and inspirational.

    1.4: Identify Key Changes Which Will Impact Staff

    Collectively brainstorm all of the key changes that are happening as a result of the change, and prioritize the list based on the impact they will have on staff. Document the top 10 biggest changes – and the opportunities the change creates or problems it solves.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.5: Define the High-Level Change Timeline

    Identify and document the key milestones within the change as a group, and determine key dates and change owners for each of the key items. Determine the best way to discuss these timelines with staff, and whether there are any which you feel will have higher levels of resistance.

    1.5: Build the FAQ and Prepare for Objection Handling

    As a group, brainstorm the key questions you believe you will receive about the change and develop a common FAQ to provide to staff members. The advisor will assist you in preparing to manage objections to limit resistance.

    Phase 2

    Build The Organizational Transition Plan

    Build the organizational transition plan

    Outcomes of this section:

    • A holistic list of projects that will enable the implementation of the organizational structure.
    • A schedule to monitor the progress of your change projects.

    This section involves the following participants:

    • CIO
    • Reorganization Implementation Team

    Key Section Insight:

    Be careful to understand the impacts of the change on all groups and departments. For best results, you will need representation from all departments to limit conflict and ensure a smooth transition. For large IT organizations, you will need to have a plan for each department/work unit and create a larger integration project.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Build the Organizational Transition Plan

    Proposed Time to Completion (in weeks): 2-4 weeks

    Step 2.1: Review the Change Dimensions and How They Are Used to Plan Change Projects

    Start with an analyst kick off call:

    • Review the purpose of the kick-off meeting.
    • Review the change project dimensions.
    • Review the Organizational Design Implementation Project Planning Tool.

    Then complete these activities…

    • Conduct your kick-off meeting.
    • Brainstorm a list of reorganization projects and their related tasks.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool

    Step 2.2: Review the List of Change Projects

    Review findings with analyst:

    • Revisit the list of projects and tasks developed in the brainstorming session.
    • Assess the list and determine resourcing and dependencies for the projects.
    • Review the monitoring process.

    Then complete these activities…

    • Complete the Organizational Design Implementation Project Planning Tool.
    • Map out your project dependencies and resourcing.
    • Develop a schedule for monitoring projects.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool

    Use Info-Tech’s Organizational Design Implementation Project Planning Tool to plan and track your reorganization

    • Use Info-Tech’s Organizational Design Implementation Project Planning Tool to document and track all of the changes that are occurring during your reorganization.
    • Automatically build Gantt charts for all of the projects that are being undertaken, track problems in the issue log, and monitor the progress of projects in the reporting tab.
    • Each department/work group will maintain its own version of this tool throughout the reorganization effort and the project manager will maintain a master copy with all of the projects listed.
    • The chart comes pre-populated with example data gathered through the research and interview process to help generate ideas for your own reorganization.
    • Review the instructions at the top of each work sheet for entering and modifying the data within each chart.

    Have a short kick-off meeting to introduce the project planning process to your implementation team

    2.1 30 minutes

    Output

    • Departmental ownership of planning tool

    Materials

    • OD Implementation Project Planning Tool

    Participants

    • Change Project Manager
    • Implementation Team
    • Senior Management (optional)
    1. The purpose of this kick-off meeting is to assign ownership of the project planning process to members of the implementation team and to begin thinking about the portfolio of projects required to successfully complete the reorganization.
    2. Use the email template included on this slide to invite your team members to the meeting.
    3. The topics that need to be covered in the meeting are:
      • Introducing the materials/templates that will be used throughout the process.
      • Assigning ownership of the Organizational Design Implementation Project Planning Tool to members of your team.
        • Ownership will be at the departmental level where each department or working group will manage their own change projects.
      • Prepare your implementation team for the next meeting where they will be brainstorming the list of projects that will need to be completed throughout the reorganization.
    4. Distribute/email the tools and templates to the team so that they may familiarize themselves with the materials before the next meeting.

    Hello [participant],

    We will be holding our kickoff meeting for our reorganization on [date]. We will be discussing the reorganization process at a high level with special attention being payed to the tools and templates that we will be using throughout the process. By the end of the meeting, we will have assigned ownership of the Project Planning Tool to department representatives and we will have scheduled the next meeting where we’ll brainstorm our list of projects for the reorganization.

    Consider Info-Tech’s four organizational change dimensions when identifying change projects

    CHANGE DIMENSIONS

    • TECHNOLOGY AND LOGISTICS
    • COMMUNICATION
    • STAFFING
    • PROCESS

    Technology and Logistics

    • These are all the projects that will impact the technology used and physical logistics of your workspace.
    • These include new devices, access/permissions, new desks, etc.

    Communication

    • All of the required changes after the reorganization to ongoing communications within IT and to the rest of the organization.
    • Also includes communication projects that are occurring during the reorganization.

    Staffing

    • These projects address the changes to your staff’s roles.
    • Includes role changes, job description building, consulting with HR, etc.

    Process

    • Projects that address changes to IT processes that will occur after the reorganization.

    Use these trigger questions to help identify all aspects of your coming changes

    STAFFING

    • Do you need to hire short or long-term staff to fill vacancies?
    • How long does it typically take to hire a new employee?
    • Will there be staff who are new to management positions?
    • Is HR on board with the reorganization?
    • Have they been consulted?
    • Have transition plans been built for all staff members who are transitioning roles/duties?
    • Will gaps in the structure need to be addressed with new hires?

    COMMUNICATION

    • When will the change be communicated to various members of the staff?
    • Will there be disruption to services during the reorganization?
    • Who, outside of IT, needs to know about the reorganization?
    • Do external communications need to be adjusted because of the reorganization? Moving/centralizing service desk, BRMs, etc.?
    • Are there plans/is there a desire to change the way IT communicates with the rest of the organization?
    • Will the reorganization affect the culture of the department? Is the new structure compatible with the current culture?

    Use these trigger questions to help identify all aspects of your coming changes (continued)

    TECHNOLOGY AND LOGISTICS

    • Will employees require new devices in their new roles?
    • Will employees be required to move their workspace?
    • What changes to the workspace are required to facilitate the new organization?
    • Does new furniture have to be purchased to accommodate new spaces/staff?
    • Is the workspace adequate/up to date technologically (telephone network, Wi-Fi coverage, etc.)?
    • Will employees require new permissions/access for their changing roles?
    • Will permissions/access need to be removed?
    • What is your budget for the reorganization?
    • If a large geographical move is occurring, have problems regarding geography, language barriers, and cultural sensitivities been addressed?

    PROCESS

    • What processes need to be developed?
    • What training for processes is required?
    • Is the daily functioning of the IT department predicted to change?
    • Are new processes being implemented during the reorganization?
    • How will the project portfolio be affected by the reorganization?
    • Is new documentation required to accompany new/changing processes?

    Brainstorm the change projects to be carried out during the reorganization for your team/department

    2.2 3 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Before the meeting, distribute the list of trigger questions presented on the two previous slides to prepare your implementation team for the brainstorming session.
    2. Begin the meeting by dividing up your implementation team into the departments/work groups that they represent (and have ownership of the tool over).
    3. Distribute a different color of sticky notes to each team and have them write out each project they can think of for each of the change planning dimensions (Staffing, Communication, Process and Technology/Logistics) using the trigger questions.
    4. After one hour, ask the groups to place the projects that they brainstormed onto the whiteboard divided into the four change dimensions.
    5. Discuss the complete list of projects on the board.
      • Remove projects that are listed more than once since some projects will be universal to some/all departments.
      • Adjust the wording of projects for the sake of clarity.
      • Identify projects that are specific to certain departments.
    6. Document the list of high-level projects on tab 2 “Project Lists” within the OD Implementation Project Planning Tool after the activity is complete.

    Prioritize projects to assist with project planning modeling

    Prioritization is the process of ranking each project based on its importance to implementation success. Hold a meeting for the implementation team and extended team to prioritize the project list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation teams will use these priority levels to ensure efforts are targeted towards the proper projects. A simple way to do this for your implementation is to use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    MUST HAVE - Projects must be implemented for the organizational design to be considered successful.

    SHOULD HAVE - Projects are high priority that should be included in the implementation if possible.

    COULD HAVE - Projects are desirable but not necessary and could be included if resources are available.

    WON'T HAVE - Projects won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Keep the following criteria in mind as you determine your priorities

    Effective Prioritization Criteria

    Criteria Description
    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy or Contract Compliance Unless an internal policy or contract can be altered or an exception can be made, these projects will be considered mandatory.
    Business Value Significance Give a higher priority to high-value projects.
    Business Risk Any project with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Implementation Complexity Give a higher priority to quick wins.
    Alignment with Strategy Give a higher priority to requirements that enable the corporate strategy and IT strategy.
    Urgency Prioritize projects based on time sensitivity.
    Dependencies A project on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.
    Funding Availability Do we have the funding required to make this change?

    Prioritize the change projects within your team/department to be executed during the reorganization

    2.3 3 hours

    Input

    • Organizational Design Implementation Project Planning Tool

    Output

    • Prioritized list of projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • Extended Implementation Team
    1. Divide the group into their department teams. Draw 4 columns on a whiteboard, including the following:
      • Must have
      • Should have
      • Could have
      • Won’t have
    2. As a group, review each project and collaboratively identify which projects fall within each category. You should have a strong balance between each of the categories.
    3. Beginning with the “must have” projects, determine if each has any dependencies. If any of the projects are dependent on another, add the dependency project to the “must have” category. Group and circle the dependent projects.
    4. Continue the same exercise with the “should have” and “could have” options.
    5. Record the results on tab “2. Project List” of the Organizational Design Implementation Project Planning Tool using the drop down option.

    Determine resource availability for completing your change projects

    2.4 2 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Divide the group into their department teams to plan the execution of the high-level list of projects developed in activity 2.2.
    2. Review the list of high-level projects and starting with the “must do” projects, consider each in turn and brainstorm all of the tasks required to complete these projects. Write down each task on a sticky note and place it under the high-level project.
    3. On the same sticky note as the task, estimate how much time would be required to complete each task. Be realistic about time frames since these projects will be on top of all of the regular day-to-day work.
    4. Along with the time frame, document the resources that will be required and who will be responsible for the tasks. If you have a documented Project Portfolio, use this to determine resourcing.
    5. After mapping out the tasks, bring the group back together to present their list of projects, tasks, and required resources.
      • Go through the project task lists to make sure that nothing is missed.
      • Review the timelines to make sure they are feasible.
      • Review the resources to ensure that they are available and realistic based on constraints (time, current workload, etc.).
      • Repeat the process for the Should do and Could do projects.
    1. Document the tasks and resources in tab “3. Task Monitoring” in the OD Implementation Project Planning Tool after the activity is complete.

    Map out the change project dependencies at the departmental level

    2.5 2 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Divide the group into their department teams to map the dependencies of their tasks created in activity 2.3.
    2. Take the project task sticky notes created in the previous activity and lay them out along a timeline from start to finish.
    3. Determine the dependencies of the tasks internal to the department. Map out the types of dependencies.
      • Finish to Start: Preceding task must be completed before the next can start.
      • Start to Start: Preceding task must start before the next task can start.
      • Finish to Finish: Predecessor must finish before successor can finish.
      • Start to Finish: Predecessor must start before successor can finish.
    4. Bring the group back together and review each group’s timeline and dependencies to make sure that nothing has been missed.
    5. As a group, determine whether there are dependencies that span the departmental lists of projects.
    6. Document all of the dependencies within the department and between departmental lists of projects and tasks in the OD Implementation Project Planning Tool.

    Amalgamate all of the departmental change planning tools into a master copy

    2.6 3 hours

    Input

    • Department-specific copies of the OD Implementation Project Planning Tool

    Output

    • Universal list of all of the change projects

    Materials

    • Whiteboard and sticky notes

    Participants

    • Implementation Project Manager
    • Members of the implementation team for support (optional)
    1. Before starting the activity, gather all of the OD Implementation Project Planning Tools completed at the departmental level.
    2. Review each completed tool and write all of the individual projects with their timelines on sticky notes and place them on the whiteboard.
    3. Build timelines using the documented dependencies for each department. Verify that the resources (time, people, physical) are adequate and feasible.
    4. Combine all of the departmental project planning tools into one master tool to be used to monitor the overall status of the reorganization. Separate the projects based on the departments they are specific to.
    5. Finalize the timeline based on resource approval and using the dependencies mapped out in the previous exercise.
    6. Approve the planning tools and store them in a shared drive so they can be accessed by the implementation team members.

    Create a progress monitoring schedule

    2.7 1 hour weekly

    Input

    • OD Implementation Project Planning Tools (departmental & organizational)

    Output

    • Actions to be taken before the next pulse meeting

    Participants

    • Implementation Project Manager
    • Members of the implementation team for support
    • Senior Management
    1. Hold weekly pulse meetings to keep track of project progress.
    2. The agenda of each meeting should include:
      • Resolutions to problems/complications raised at the previous week’s meeting.
      • Updates on each department’s progress.
      • Raising any issues/complications that have appeared that week.
      • A discussion of potential solutions to the issues/complications.
      • Validating the work that will be completed before the next meeting.
      • Raising any general questions or concerns that have been voiced by staff about the reorganization.
    3. Upload notes from the meeting about resolutions and changes to the schedules to the shared drive containing the tools.
    4. Increase the frequency of the meetings towards the end of the project if necessary.

    Building a holistic change plan enables adoption of the new organizational structure

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    The CIO was worried about the impending reorganization due to problems that they had run into during the last reorganization they had conducted. The change management projects were not planned well and they led to a lot of uncertainty before and after the implementation.

    No one on the staff was ready for the reorganization. Change projects were completed four months after implementation since many of them had not been predicted and cataloged. This caused major disruptions to their user services leading to drops in user satisfaction.

    Solution

    Using their large and diverse implementation team, they spent a great deal of time during the early stages of planning devoted to brainstorming and documenting all of the potential change projects.

    Through regular meetings, the implementation team was able to iteratively adjust the portfolio of change projects to fit changing needs.

    Results

    Despite having to undergo a major reorganization that involved centralizing their service desk in a different state, there were no disruptions to their user services.

    Since all of the change projects were documented and completed, they were able to move their service desk staff over a weekend to a workspace that was already set up. There were no changes to the user satisfaction scores over the period of their reorganization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2 Brainstorm Your List of Change Projects

    Review your reorganization plans and facilitate a brainstorming session to identify a complete list of all of the projects needed to implement your new organizational design.

    2.5 Map Out the Dependencies and Resources for Your Change Projects

    Examine your complete list of change projects and determine the dependencies between all of your change projects. Align your project portfolio and resource levels to the projects in order to resource them adequately.

    Phase 3

    Lead Staff Through the Reorganization

    Train managers to lead through change

    Outcomes of this Section:

    • Completed the workshop: Lead Staff Through Organizational Change
    • Managers possess stakeholder engagement plans for each employee
    • Managers are prepared to fulfil their roles in implementing the organizational change

    This section involves the following participants:

    • CIO
    • IT leadership team
    • IT staff

    Key Section Insight:

    The majority of IT managers were promoted because they excelled at the technical aspect of their job rather than in people management. Not providing training is setting your organization up for failure. Train managers to effectively lead through change to see a 72% decrease in change management issues. (Source: Abilla, 2009)

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Train Managers to Lead Through Change

    Proposed Time to Completion (in weeks): 1-2 weeks

    Step 3.1: Train Your Managers to Lead Through the Change

    Start with an analyst kick off call:

    • Go over the manager training workshop section of this deck.
    • Review the deliverables generated from the workshop (stakeholder engagement plan and conflict style self-assessment).

    Then complete these activities…

    • Conduct the workshop with your managers.

    With these tools & templates:

    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Stakeholder Engagement Plan Template

    Step 3.2: Debrief After the Workshop

    Review findings with analyst:

    • Discuss the outcomes of the manager training.
    • Mention any feedback.
    • High-level overview of the workshop deliverables.

    Then complete these activities…

    • Encourage participants to review and revise their stakeholder engagement plans.
    • Review the Organizational Design Implementation Transition Plan Template and next steps.

    Get managers involved to address the majority of obstacles to successful change

    Managers all well-positioned to translate how the organizational change will directly impact individuals on their teams.

    Reasons Why Change Fails

    EMPLOYEE RESISTANCE TO CHANGE - 39%

    MANAGEMENT BEHAVIOR NOT SUPPORTIVE OF CHANGE - 33%

    INADEQUATE RESOURCE OR BUDGET - 14%

    OTHER OBSTACLES - 14%

    72% of change management issues can be directly improved by management.

    (Source: shmula)

    Why are managers crucial to organizational change?

    • Managers are extremely well-connected.
      • They have extensive horizontal and vertical networks spanning the organization.
      • Managers understand the informal networks of the organization.
    • Managers are valuable communicators.
      • Managers have established strong relationships with employees.
      • Managers influence the way staff perceive messaging.

    Conduct a workshop with managers to help them lead their teams through change

    Organizational Design Implementation Manager Training Guide

    Give managers the tools and skills to support their employees and carry out difficult conversations.

    Understand the role of management in communicating the change

    Understand reactions to change

    Resolve conflict

    Respond to FAQs

    Monitor and measure employee engagement

    Prepare managers to effectively execute their role in the organizational change by running a 2-hour training workshop.

    Complete the activities on the following slides to:

    • Plan and prepare for the workshop.
    • Execute the group exercises.
    • Help managers develop stakeholder engagement plans for each of their employees.
    • Initiate the McLean Leadership Index™ survey to measure employee engagement.

    Plan and prepare for the workshop

    3.1 Plan and prepare for the workshop.

    Output

    • Workshop participants
    • Completed workshop prep

    Materials

    • Organizational Design Implementation Manager Training Guide

    Instructions

    1. Create a list of all managers that will be responsible for leading their teams through the change.
    2. Select a date for the workshop.
      • The training session will run approximately 2 hours and should be scheduled within a week of when the implementation plan is communicated organization-wide.
    3. Review the material outlined in the presentation and prepare the Organizational Design Implementation Manager Training Guide for the workshop:
      • Copy and print the “Pre-workshop Facilitator Instructions” and “Facilitator Notes” located in the notes section below each slide.
      • Revise frequently asked questions (FAQs) and responses.
      • Delete instruction slides.

    Invite managers to the workshop

    Workshop Invitation Email Template

    Make necessary modifications to the Workshop Invitation Email Template and send invitations to managers.

    Hi ________,

    As you are aware, we are starting to roll out some of the initiatives associated with our organizational change mandate. A key component of our implementation plan is to ensure that managers are well-prepared to lead their teams through the transition.

    To help you proactively address the questions and concerns of your staff, and to ensure that the changes are implemented effectively, we will be conducting a workshop for managers on .

    While the change team is tasked with most of the duties around planning, implementing, and communicating the change organization-wide, you and other managers are responsible for ensuring that your employees understand how the change will impact them specifically. The workshop will prepare you for your role in implementing the organizational changes in the coming weeks, and help you refine the skills and techniques necessary to engage in challenging conversations, resolve conflicts, and reduce uncertainty.

    Please confirm your attendance for the workshop. We look forward to your participation.

    Kind regards,

    Change team

    Prepare managers for the change by helping them build useful deliverables

    ODI Stakeholder Engagement Plan Template & Conflict Style Self-Assessment

    Help managers create useful deliverables that continue to provide value after the workshop is completed.

    Workshop Deliverables

    Organizational Design Implementation Stakeholder Engagement Plan Template

    • Document the areas of change resistance, detachment, uncertainty, and support for each employee.
    • Document strategies to overcome resistance, increase engagement, reduce uncertainty, and leverage their support.
    • Create action items to execute after the workshop.

    Conflict Style Self-Assessment

    • Determine how you approach conflicts.
    • Analyze the strengths and weaknesses of this approach.
    • Identify ways to adopt different conflict styles depending on the situation.

    Book a follow-up meeting with managers and determine which strategies to Start, Stop, or Continue

    3.2 1 hour

    Output

    • Stakeholder engagement templates

    Materials

    • Sticky notes
    • Pen and paper

    Participants

    • Implementation Team
    • Managers
    1. Schedule a follow-up meeting 2–3 weeks after the workshop.
    2. Facilitate an open conversation on approaches and strategies that have been used or could be used to:
      • Overcome resistance
      • Increase engagement
      • Reduce uncertainty
      • Leverage support
    3. During the discussion, document ideas on the whiteboard.
    4. Have participants vote on whether the approaches and strategies should be started, stopped, or continued.
      • Start: actions that the team would like to begin.
      • Stop: actions that the team would like to stop.
      • Continue: actions that work for the team and should proceed.
    5. Encourage participants to review and revise their stakeholder engagement plans.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1 The Change Maze

    Break the ice with an activity that illustrates the discomfort of unexpected change, and the value of timely and instructive communication.

    3.2 Perform a Change Management Retrospective

    Leverage the collective experience of the group. Share challenges and successes from previous organizational changes and apply those lessons to the current transition.

    3.3 Create a Stakeholder Engagement Plan

    Have managers identify areas of resistance, detachment, uncertainty, and support for each employee and share strategies for overcoming resistance and leveraging support to craft an action plan for each of their employees.

    3.4 Conduct a Conflict Style Self-Assessment

    Give participants an opportunity to better understand how they approach conflicts. Administer the Conflict Style Self-Assessment to identify conflict styles and jumpstart a conversation about how to effectively resolve conflicts.

    Transition your staff to their new roles

    Outcomes of this Section:

    • Identified key responsibilities to transition
    • Identified key relationships to be built
    • Built staff individual transition plans and timing

    This section involves the following participants:

    • All IT staff members

    Key Section Insight

    In order to ensure a smooth transition, you need to identify the transition scheduled for each employee. Knowing when they will retire and assume responsibilities and aligning this with the organizational transition will be crucial.

    Phase 3b outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3b: Transition Staff to New Roles

    Proposed Time to Completion (in weeks): 2-4

    Step 4.1: Build Your Transition Plans

    Start with an analyst kick off call:

    • Review the Organizational Design Implementation Transition Plan Template and its contents.
    • Return to the new org structure and project planning tool for information to fill in the template.

    Then complete these activities…

    • Present the template to your managers.
    • Have them fill in the template with their staff.
    • Approve the completed templates.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool
    • Organizational Design Implementation Transition Plan Template

    Step 4.2: Finalize Your Transition Plans

    Review findings with analyst:

    • Discuss strategies for timing the transition of your employees.
    • Determine the readiness of your departments for transitioning.

    Then complete these activities…

    • Build a transition readiness timeline of your departments.
    • Move your employees to their new roles.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool
    • Organizational Design Implementation Transition Plan Template

    Use Info-Tech’s transition plan template to map out all of the changes your employees will face during reorganization

    Organizational Design Implementation Transition Plan Template

    • Use Info-Tech’s Organizational Design Implementation Transition Plan Template to document (in consultation with your employees) all of the changes individual staff members need to go through in order to transition into their new roles.
    • It provides a holistic view of all of the changes aligned to the change planning dimensions, including:
      • Current and new job responsibilities
      • Outstanding projects
      • Documenting where the employee may be moving
      • Technology changes
      • Required training
      • New relationships that need to be made
      • Risk mitigation
    • The template is designed to be completed by managers for their direct reports.

    Customize the transition plan template for all affected staff members

    4.1 30 minutes per employee

    Output

    • Completed transition plans

    Materials

    • Individual transition plan templates (for each employee)

    Participants

    • Implementation Team
    • Managers
    1. Implementation team members should hold one-on-one meetings with the managers from the departments they represent to go through the transition plan template.
    2. Some elements of the transition plan can be completed at the initial meeting with knowledge from the implementation team and documentation from the new organizational structure:
      • Employee information (except for the planned transition date)
      • New job responsibilities
      • Logistics and technology changes
      • Relationships (recommendations can be made about beneficial relationships to form if the employee is transitioning to a new role)
    3. After the meeting, managers can continue filling in information based on their own knowledge of their employees:
      • Current job responsibilities
      • Outstanding projects
      • Training (identify gaps in the employee’s knowledge if their role is changing)
      • Risks (potential concerns or problems for the employee during the reorganization)

    Verify and complete the individual transition plans by holding one-on-one meetings with the staff

    4.2 30 minutes per employee

    Output

    • Completed transition plans

    Materials

    • Individual transition plan templates (for each employee)

    Participants

    • Managers
    • Staff (Managers’ Direct Reports)
    1. After the managers complete everything they can in the transition plan templates, they should schedule one-on-one meetings with their staff to review the completed document to ensure the information is correct.
    2. Begin the meeting by verifying the elements that require the most information from the employee:
      • Current job responsibilities
      • Outstanding projects
      • Risks (ask about any problems or concerns they may have about the reorganization)
    3. Discuss the following elements of the transition plan to get feedback:
      • Training (ask if there is any training they feel they may need to be successful at the organization)
      • Relationships (determine if there are any relationships that the employee would like to develop that you may have missed)
    4. Since this may be the first opportunity that the staff member has had to discuss their new role (if they are moving to one), review their new job title and new job responsibilities with them. If employees are prepared for their new role, they may feel more accountable for quickly adopting the reorganization.
    5. Document any questions that they may have so that they can be answered in future communications from the implementation team.
    6. After completing the template, managers will sign off on the document in the approval section.

    Validate plans with organizational change project manager and build the transition timeline

    4.3 3 hours

    Input

    • Individual transition plans
    • Organizational Design Implementation Project Planning Tool

    Output

    • Timeline outlining departmental transition readiness

    Materials

    • Whiteboard

    Participants

    • Implementation Project Manager
    • Implementation Team
    • Managers
    1. After receiving all of the completed individual transition plan templates from managers, members of the implementation team need to approve the contents of the templates (for the departments that they represent).
    2. Review the logistics and technology requirements for transition in each of the templates and align them with the completion dates of the related projects in the Project Planning Tool. These dates will serve as the earliest possible time to transition the employee. Use the latest date from the list to serve as the date that the whole department will be ready to transition.
    3. Hand the approved transition plan templates and the dates at which the departments will be ready for transitioning to the Implementation Project Manager.
    4. The Project Manager needs to verify the contents of the transition plans and approve them.
    5. On a calendar or whiteboard, list the dates that each department will be ready for transitioning.
    6. Review the master copy of the Project Planning Tool. Determine if the outstanding projects limit your ability to transition the departments (when they are ready to transition). Change the ready dates of the departments to align with the completion dates of those projects.
    7. Use these dates to determine the timeline for when you would like to transition your employees to their new roles.

    Overcoming inexperience by training managers to lead through change

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    The IT department had not undergone a major reorganization in several years. When they last reorganized, they experienced high turnover and decreased business satisfaction with IT.

    Many of the managers were new to their roles and only one of them had been around for the earlier reorganization. They lacked experience in leading their staff through major organizational changes.

    One of the major problems they faced was addressing the concerns, fears, and resistance of their staff properly.

    Solution

    The implementation team ran a workshop for all of the managers in the department to train them on the change and how to communicate the impending changes to their staff. The workshop included information on resistance and conflict resolution.

    The workshop was conducted early on in the planning phases of the reorganization so that any rumors or gossip could be addressed properly and quickly.

    Results

    The reorganization was well accepted by the staff due to the positive reinforcement from their managers. Rumors and gossip about the reorganization were under control and the staff adopted the new organizational structure quickly.

    Engagement levels of the staff were maintained and actually improved by 5% immediately after the reorganization.

    Voluntary turnover was minimal throughout the change as opposed to the previous reorganization where they lost 10% of their staff. There was an estimated cost savings of $250,000–$300,000.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1 Build Your Staff Transition Plan

    Review the contends of the staff transition plan, and using the organizational change map as a guide, build the transition schedule for one employee.

    3.2.1 Review the Transition Plan With the Transition Team

    Review and validate the results for your transition team schedule with other team members. As a group, discuss what makes this exercise difficult and any ideas for how to simplify the exercise.

    Works cited

    American Productivity and Quality Center. “Motivation Strategies.” Potentials Magazine. Dec. 2004. Web. November 2014.

    Bersin, Josh. “Time to Scrap Performance Appraisals?” Forbes Magazine. 5 June 2013. Web. 30 Oct 2013.

    Bridges, William. Managing Transitions, 3rd Ed. Philadelphia: Da Capo Press, 2009.

    Buckley, Phil. Change with Confidence – Answers to the 50 Biggest Questions that Keep Change Leaders up at Night. Canada: Jossey-Bass, 2013.

    “Change and project management.” Change First. 2014. Web. December 2009. <http://www.changefirst.com/uploads/documents/Change_and_project_management.pdf>.

    Cheese, Peter, et al. “Creating an Agile Organization.” Accenture. Oct. 2009. Web. Nov. 2013.

    Croxon, Bruce et al. “Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den.'” HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON. 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. “10 Reasons to Get Rid of Performance Reviews.” Huffington Post Business. 18 Dec. 2012. Web. 28 Oct. 2013. <http://www.huffingtonpost.com/samuel-culbert/performance-reviews_b_2325104.html>.

    Denning, Steve. “The Case Against Agile: Ten Perennial Management Objections.” Forbes Magazine. 17 Apr. 2012. Web. Nov. 2013.

    Works cited cont.

    “Establish A Change Management Structure.” Human Technology. Web. December 2014.

    Estis, Ryan. “Blowing up the Performance Review: Interview with Adobe’s Donna Morris.” Ryan Estis & Associates. 17 June 2013. Web. Oct. 2013. <http://ryanestis.com/adobe-interview/>.

    Ford, Edward L. “Leveraging Recognition: Noncash incentives to Improve Performance.” Workspan Magazine. Nov 2006. Web. Accessed May 12, 2014.

    Gallup, Inc. “Gallup Study: Engaged Employees Inspire Company Innovation.” Gallup Management Journal. 12 Oct. 2006. Web. 12 Jan 2012.

    Gartside, David, et al. “Trends Reshaping the Future of HR.” Accenture. 2013. Web. 5 Nov. 2013.

    Grenville-Cleave, Bridget. “Change and Negative Emotions.” Positive Psychology News Daily. 2009.

    Heath, Chip, and Dan Heath. Switch: How to Change Things When Change Is Hard. Portland: Broadway Books. 2010.

    HR Commitment AB. Communicating organizational change. 2008.

    Keller, Scott, and Carolyn Aiken. “The Inconvenient Truth about Change Management.” McKinsey & Company, 2009. <http://www.mckinsey.com/en.aspx>.

    Works cited cont.

    Kotter, John. “LeadingChange: Why Transformation Efforts Fail.” Harvard Business Review. March-April 1995. <http://hbr.org>.

    Kubler-Ross, Elisabeth and David Kessler. On Grief and Grieving: Finding the Meaning of Grief Through the Five Stages of Loss. New York: Scribner. 2007.

    Lowlings, Caroline. “The Dangers of Changing without Change Management.” The Project Manager Magazine. December 2012. Web. December 2014. <http://changestory.co.za/the-dangers-of-changing-without-change-management/>.

    “Managing Change.” Innovative Edge, Inc. 2011. Web. January 2015. <http://www.getcoherent.com/managing.html>.

    Muchinsky, Paul M. Psychology Applied to Work. Florence: Thomson Wadsworth, 2006.

    Nelson, Kate and Stacy Aaron. The Change Management Pocket Guide, First Ed., USA: Change Guides LLC, 2005.

    Nguyen Huy, Quy. “In Praise of Middle Managers.” Harvard Business Review. 2001. Web. December 2014. <https://hbr.org/2001/09/in-praise-of-middle-managers/ar/1>

    “Only One-Quarter of Employers Are Sustaining Gains From Change Management Initiatives, Towers Watson Survey Finds.” Towers Watson. August 2013. Web. January 2015. <http://www.towerswatson.com/en/Press/2013/08/Only-One-Quarter-of-Employers-Are-Sustaining-Gains-From-Change-Management>.

    Shmula. “Why Transformation Efforts Fail.” Shmula.com. September 28, 2009. <http://www.shmula.com/why-transformation-efforts-fail/1510/>

    Define Your Cloud Vision

    • Buy Link or Shortcode: {j2store}448|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $182,333 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.

    Our Advice

    Critical Insight

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Impact and Result

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Define Your Cloud Vision Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Cloud Vision – A step-by-step guide to generating, validating, and formalizing your cloud vision.

    The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.

    • Define Your Cloud Vision – Phases 1-4

    2. Cloud Vision Executive Presentation – A document that captures the results of the exercises, articulating use cases for cloud/non-cloud, risks, challenges, and high-level initiative items.

    The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.

    • Cloud Vision Executive Presentation

    3. Cloud Vision Workbook – A tool that facilitates the assessment of workloads for appropriate service model, delivery model, support model, and risks and roadblocks.

    The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.

    • Cloud Vision Workbook
    [infographic]

    Workshop: Define Your Cloud Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Cloud

    The Purpose

    Align organizational goals to cloud characteristics.

    Key Benefits Achieved

    An understanding of how the characteristics particular to cloud can support organizational goals.

    Activities

    1.1 Generate corporate goals and cloud drivers.

    1.2 Identify success indicators.

    1.3 Explore cloud characteristics.

    1.4 Explore cloud service and delivery models.

    1.5 Define cloud support models and strategy components.

    1.6 Create state summaries for the different service and delivery models.

    1.7 Select workloads for further analysis.

    Outputs

    Corporate cloud goals and drivers

    Success indicators

    Current state summaries

    List of workloads for further analysis

    2 Assess Workloads

    The Purpose

    Evaluate workloads for cloud value and action plan.

    Key Benefits Achieved

    Action plan for each workload.

    Activities

    2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.

    2.2 Discuss assessments and make preliminary determinations about the workloads.

    Outputs

    Completed workload assessments

    Workload summary statements

    3 Identify and Mitigate Risks

    The Purpose

    Identify and plan to mitigate potential risks in the cloud project.

    Key Benefits Achieved

    A list of potential risks and plans to mitigate them.

    Activities

    3.1 Generate a list of risks and potential roadblocks associated with the cloud.

    3.2 Sort risks and roadblocks and define categories.

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations.

    Outputs

    List of risks and roadblocks, categorized

    List of mitigations

    List of initiatives

    4 Bridge the Gap and Create the Strategy

    The Purpose

    Clarify your vision of how the organization can best make use of cloud and build a project roadmap.

    Key Benefits Achieved

    A clear vision and a concrete action plan to move forward with the project.

    Activities

    4.1 Review and assign work items.

    4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.

    4.3 Create a cloud vision statement

    Outputs

    Cloud roadmap

    Finalized task list

    Formal cloud decision rubric

    Cloud vision statement

    5 Next Steps and Wrap-Up

    The Purpose

    Complete your cloud vision by building a compelling executive-facing presentation.

    Key Benefits Achieved

    Simple, straightforward communication of your cloud vision to key stakeholders.

    Activities

    5.1 Build the Cloud Vision Executive Presentation

    Outputs

    Completed cloud strategy executive presentation

    Completed Cloud Vision Workbook.

    Further reading

    Define Your Cloud Vision

    Define your cloud vision before it defines you

    Analyst perspective

    Use the cloud’s strengths. Mitigate its weaknesses.

    The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.

    Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?

    Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.

    Jeremy Roberts

    Research Director, Infrastructure and Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You are both extrinsically motivated to move to the cloud (e.g. by vendors) and intrinsically motivated by internal digital transformation initiatives.
    • You need to define the cloud’s true value proposition for your organization without assuming it is an outsourcing opportunity or will save you money.
    • Your industry, once cloud-averse, is now normalizing the use of cloud services, but you have not established a basic cloud vision from which to develop a strategy at a later point.

    Common Obstacles

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations have a foot in the cloud already, but these decisions have been made in an ad hoc rather than systematic fashion.
    • You lack a consistent framework to assess your workloads’ suitability for the cloud.

    Info-Tech's Approach

    • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
    • Codify risks tied to workloads’ cloud suitability and plan mitigations.
    • Build a roadmap of initiatives for actions by workload and risk mitigation.
    • Define a cloud vision to share with stakeholders.

    Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.

    Your challenge

    This research is designed to help organizations who need to:

    • Identify workloads that are good candidates for the cloud.
    • Develop a consistent, cost-effective approach to cloud services.
    • Outline and mitigate risks.
    • Define your organization’s cloud archetype.
    • Map initiatives on a roadmap.
    • Communicate your cloud vision to stakeholders so they can understand the reasons behind a cloud decision and differentiate between different cloud service and deployment models.
    • Understand the risks, roadblocks, and limitations of the cloud.

    “We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
    • Many organizations already have a foot in the cloud, but the choice to explore these solutions was made in an ad hoc rather than systematic fashion. The cloud just sort of happened.
    • The lack of a consistent assessment framework means that some workloads that probably belong in the cloud are kept on premises or with hosted services providers – and vice versa.
    • Securing cloud expertise is remarkably difficult – especially in a labor market roiled by the global pandemic and the increasing importance of cloud services.

    Standard cloud challenges

    30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)

    44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)

    Info-Tech’s approach

    Goals and drivers

    • Service model
      • What type of cloud makes the most sense for workload archetypes? When does it make sense to pick SaaS over IaaS, for example?
    • Delivery model
      • Will services be delivered over the public cloud, a private cloud, or a hybrid cloud? What challenges accompany this decision?
    • Migration Path
      • What does the migration path look like? What does the transition to the cloud look like, and how much effort will be required? Amazon’s 6Rs framework captures migration options: rehosting, repurchasing, replatforming, and refactoring, along with retaining and retiring. Each workload should be assessed for its suitability for one or more of these paths.
    • Support model
      • How will services be provided? Will staff be trained, new staff hired, a service provider retained for ongoing operations, or will a consultant with cloud expertise be brought on board for a defined period? The appropriate support model is highly dependent on goals along with expected outcomes for different workloads.

    Highlight risks and roadblocks

    Formalize cloud vision

    Document your cloud strategy

    The Info-Tech difference:

    1. Determine the hypothesized value of cloud for your organization.
    2. Evaluate workloads with 6Rs framework.
    3. Identify and mitigate risks.
    4. Identify cloud archetype.
    5. Plot initiatives on a roadmap.
    6. Write action plan statement and goal statement.

    What is the cloud, how is it deployed, and how is service provided?

    Cloud Characteristics

    1. On-demand self-service: the ability to access reosurces instantly without vendor interaction
    2. Broad network access: all services delivered over the network
    3. Resource pooling: multi-tenant environment (shared)
    4. Rapid elasticity: the ability to expand and retract capabilities as needed
    5. Measured service: transparent metering

    Service Model:

    1. Software-as-a-Service: all but the most minor configuration is done by the vendor
    2. Platform-as-a-Service: customer builds the application using tools provided by the provider
    3. Infrastructure-as-a-Service: the customer manages OS, storage, and the application

    Delivery Model

    1. Public cloud: accessible to anyone over the internet; multi-tenant environment
    2. Private cloud: provisioned for a single organization with multiple units
    3. Hybrid cloud: two or more connected clouds; data is portage across them
    4. Community cloud: provisioned for a specific group of organizations

    (National Institute of Standards and Technology)

    A workload-first approach will allow you to take full advantage of the cloud’s strengths

    • Under all but the most exceptional circumstances, good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in one direction.
    • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
    • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you given your unique context.

    Migration paths

    In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.

    These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.

    In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.

    Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.

    Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.

    Migration Paths

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Relocate

    • Move the workload between datacenters or to a hosted software/colocation provider.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud-native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Support model

    Support models by characteristic

    Duration of engagement Specialization Flexibility
    Internal IT Indefinite Varies based on nature of business Fixed, permanent staff
    Managed Service Provider Contractually defined General, some specialization Standard offering
    Consultant Project-based Specific, domain-based Entirely negotiable

    IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.

    By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.

    There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.

    Risks, roadblocks, and strategy components

    No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.

    Component Description Component Description
    Monitoring What will system owners/administrators need visibility into? How will they achieve this? Vendor Management What practices must change to ensure effective management of cloud vendors?
    Provisioning Who will be responsible for deploying cloud workloads? What governance will this process be subject to? Finance Management How will costs be managed with the transition away from capital expenditure?
    Migration How will cloud migrations be conducted? What best practices/standards must be employed? Security What steps must be taken to ensure that cloud services meet security requirements?
    Operations management What is the process for managing operations as they change in the cloud? Data Controls How will data residency, compliance, and protection requirements be met in the cloud?
    Architecture What general principles must apply in the cloud environment? Skills and roles What skills become necessary in the cloud? What steps must be taken to acquire those skills?
    Integration and interoperability How will services be integrated? What standards must apply? Culture and adoption Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance?
    Portfolio Management Who will be responsible for managing the growth of the cloud portfolio? Governing bodies What formal governance must be put in place? Who will be responsible for setting standards?

    Cloud archetypes – a cloud vision component

    Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.

    Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.

    After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.

    The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

    We can best support the organization's goals by:

    More Cloud

    Less Cloud

    Cloud Focused Cloud-Centric Providing all workloads through cloud delivery.
    Cloud-First Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”
    Cloud Opportunistic Hybrid Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.
    Integrated Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.
    Split Using the cloud for some workloads and traditional infrastructure resources for others.
    Cloud Averse Cloud-Light Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.
    Anti-Cloud Using traditional infrastructure resources and avoiding use of the cloud wherever possible.

    Info-Tech’s methodology for defining your cloud vision

    1. Understand the Cloud 2. Assess Workloads 3. Identify and Mitigate Risks 4. Bridge the Gap and Create the Vision
    Phase Steps
    1. Generate goals and drivers
    2. Explore cloud characteristics
    3. Create a current state summary
    4. Select workloads for analysis
    1. Conduct workload assessments
    2. Determine workload future state
    1. Generate risks and roadblocks
    2. Mitigate risks and roadblocks
    3. Define roadmap initiatives
    1. Review and assign work items
    2. Finalize cloud decision framework
    3. Create cloud vision
    Phase Outcomes
    1. List of goals and drivers
    2. Shared understanding of cloud terms
    3. Current state of cloud in the organization
    4. List of workloads to be assessed
    1. Completed workload assessments
    2. Defined workload future state
    1. List of risks and roadblocks
    2. List of mitigations
    3. Defined roadmap initiatives
    1. Cloud roadmap
    2. Cloud decision framework
    3. Completed Cloud Vision Executive Presentation

    Insight summary

    The cloud may not be right for you – and that’s okay!

    Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.

    Not all clouds are equal

    It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).

    Bottom-up is best

    A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.

    Your accountability doesn’t change

    You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.

    Don’t customize for the sake of customization

    SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.

    Best of both worlds, worst of both worlds

    Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.

    The journey matters as much as the destination

    How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.

    Blueprint benefits

    Cloud Vision Executive Presentation

    This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.

    Cloud Vision Workbook

    This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.

    Blueprint benefits

    IT Benefits

    • A consistent approach to the cloud takes the guesswork out of deployment decisions and makes it easier for IT to move on to the execution stage.
    • When properly incorporated, cloud services come with many benefits, including automation, elasticity, and alternative architectures (micro-services, containers). The cloud vision project will help IT readers articulate expected benefits and work towards achieving them.
    • A clear framework for incorporating organizational goals into cloud plans.

    Business benefits

    • Simple, well-governed access to high-quality IT resources.
    • Access to the latest and greatest in technology to facilitate remote work.
    • Framework for cost management in the cloud that incorporates OpEx and chargebacks/showbacks. A clear understanding of expected changes to cost modeling is also a benefit of a cloud vision.
    • Clarity for stakeholders about IT’s response (and contribution to) IT strategic initiatives.

    Measure the value of this blueprint

    Don’t take our word for it:

    • The cloud vision material in various forms has been offered for several years, and members have generally benefited substantially, both from cloud vision workshops and from guided implementations led by analysts.
    • After each engagement, we send a survey that asks members how they benefited from the experience. Of 30 responses, the cloud vision research has received an average score of 9.8/10. Real members have found significant value in the process.
    • Additionally, members reported saving between 2 and 120 days (for an average of 17), and financial savings ranged from $1,920 all the way up to $1.27 million, for an average of $170,577.90! If we drop outliers on both ends, the average reported value of a cloud vision engagement is $37, 613.
    • Measure the value by calculating the time saved from using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

    9.8/10 Average reported satisfaction

    17 Days Average reported time savings

    $37, 613 Average cost savings (adj.)

    Executive Brief Case Study

    Industry: Financial

    Source: Info-Tech workshop

    Anonymous financial institution

    A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.

    The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.

    Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.

    Results

    The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.

    Bank cloud vision

    [Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.

    Bank cloud decision workflow

    • SaaS
      • Platform?
        • Yes
          • PaaS
        • No
          • Hosted
        • IaaS
          • Other

    Non-cloud

    Cloud

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    • Call #1: Discuss current state, challenges, etc.
    • Call #2: Goals, drivers, and current state.

    Phase 2

    • Call #3: Conduct cloud suitability assessment for selected workloads.

    Phase 3

    • Call #4: Generate and categorize risks.
    • Call #5: Begin the risk mitigation conversation.

    Phase 4

    • Call #6: Complete the risk mitigation process
    • Call #7: Finalize vision statement and cloud decision framework.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Offsite day
    Understand the cloud Assess workloads Identify and mitigate risks Bridge the gap and create the strategy Next steps and wrap-up (offsite)
    Activities

    1.1 Introduction

    1.2 Generate corporate goals and cloud drivers

    1.3 Identify success indicators

    1.4 Explore cloud characteristics

    1.5 Explore cloud service and delivery models

    1.6 Define cloud support models and strategy components

    1.7 Create current state summaries for the different service and delivery models

    1.8 Select workloads for further analysis

    2.1 Conduct workload assessments using the cloud strategy workbook tool

    2.2 Discuss assessments and make preliminary determinations about workloads

    3.1 Generate a list of risks and potential roadblocks associated with the cloud

    3.2 Sort risks and roadblocks and define categories

    3.3 Identify mitigations for each identified risk and roadblock

    3.4 Generate initiatives from the mitigations

    4.1 Review and assign work items

    4.2 Finalize the decision framework for each of the following areas:

    • Service model
    • Delivery model
    • Support model

    4.3 Create a cloud vision statement

    5.1 Build the Cloud Vision Executive Presentation
    Deliverables
    1. Corporate goals and cloud drivers
    2. Success indicators
    3. Current state summaries
    4. List of workloads for further analysis
    1. Completed workload assessments
    2. Workload summary statements
    1. List of risks and roadblocks, categorized
    2. List of mitigations
    3. List of initiatives
    1. Finalized task list
    2. Formal cloud decision rubric
    3. Cloud vision statement
    1. Completed cloud strategy executive presentation
    2. Completed cloud vision workbook

    Understand the cloud

    Build the foundations of your cloud vision

    Phase 1

    Phase 1

    Understand the Cloud

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    1.1.1 Generate organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    1.3.1 Record your current state

    1.4.1 Select workloads for further assessment

    This phase involves the following participants:

    IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.

    It starts with shared understanding

    Stakeholders must agree on overall goals and what “cloud” means

    The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.

    This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.

    Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.

    This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.

    Step 1.1

    Generate goals and drivers

    Activities

    1.1.1 Define organizational goals

    1.1.2 Define cloud drivers

    1.1.3 Define success indicators

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • IT management
    • Core working group
    • Security
    • Applications
    • Infrastructure
    • Service management
    • Leadership

    Outcomes of this step

    • List of organizational goals
    • List of cloud drivers
    • Defined success indicators

    What can the cloud do for you?

    The cloud is not valuable for its own sake, and not all users derive the same value

    • The cloud is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Any or all of those characteristics might be enough to make the cloud appealing, but in most cases, there is an overriding driver.
    • Multiple paths may lead to the cloud. Consider an organization with a need to control costs by showing back to business units, or perhaps by reducing capital expenditure – the cloud may be the most appropriate way to effect these changes. Conversely, an organization expanding rapidly and with a need to access the latest and greatest technology might benefit from the elasticity and pooled resources that major cloud providers can offer.
    • In these cases, the destination might be the same (a cloud solution) but the delivery model – public, private, or hybrid – and the decisions made around the key strategy components, including architecture, provisioning, and cost management, will almost certainly be different.
    • Defining goals, understanding cloud drivers, and – crucially – understanding what success means, are all therefore essential elements of the cloud vision process.

    1.1.1 Generate organizational goals

    1-3 hours

    Input

    • Strategy documentation

    Output

    • Organizational goals

    Materials

    • Whiteboard (digital/physical)

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. As a group, brainstorm organizational goals, ideally based on existing documentation
      • Review relevant corporate and IT strategies.
      • If you do not have access to internal documentation, review the standard goals on the next slide and select those that are most relevant for you.
    2. Record the most important business goals in the Cloud Vision Executive Presentation. Include descriptions where possible to ensure wide readability.
    3. Make note of these goals. They should inform the answers to prompts offered in the Cloud Vision Workbook and should be a consistent presence in the remainder of the visioning exercise. If you’re conducting the session in person, leave the goals up on a whiteboard and make reference to them throughout the workshop.

    Cloud Vision Executive Presentation

    Standard COBIT 19 enterprise goals

    1. Portfolio of competitive products and services
    2. Managed business risk
    3. Compliance with external laws and regulations
    4. Quality of financial information
    5. Customer-oriented service culture
    6. Business service continuity and availability
    7. Quality of management information
    8. Optimization of internal business process functionality
    9. Optimization of business process costs
    10. Staff skills, motivation, and productivity
    11. Compliance with internal policies
    12. Managed digital transformation programs
    13. Product and business innovation

    1.1.2 Define cloud drivers

    30-60 minutes

    Input

    • Organizational goals
    • Strategy documentation
    • Management/staff perspective

    Output

    • List of cloud drivers

    Materials

    • Sticky notes
    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. Cloud drivers sit at a level of abstraction below organizational goals. Keeping your organizational goals in mind, have each participant in the session write down how they expect to benefit from the cloud on a sticky note.
    2. Solicit input one at a time and group similar responses. Encourage participants to bring forward their cloud goals even if similar goals have been mentioned previously. The number of mentions is a useful way to gauge the relative weight of the drivers.
    3. Once this is done, you should have a few groups of similar drivers. Work with the group to name each category. This name will be the driver reported in the documentation.
    4. Input the results of the exercise into the Cloud Vision Executive Presentation, and include descriptions based on the constituent drivers. For example, if a driver is titled “do more valuable work,” the constituent drivers might be “build cloud skills,” “focus on core products,” and “avoid administration work where possible.” The description would be based on these components.

    Cloud Vision Executive Presentation

    1.1.3 Define success indicators

    1 hour

    Input

    • Cloud drivers
    • Organizational goals

    Output

    • List of cloud driver success indicators

    Materials

    • Whiteboard
    • Markers

    Participants

    • IT leadership
    • Infrastructure
    • Applications
    • Security
    1. On a whiteboard, draw a table with each of the cloud drivers (identified in 1.1.2) across the top.
    2. Work collectively to generate success indicators for each cloud driver. In this case, a success indicator is some way you can report your progress with the stated driver. It is a real-world proxy for the sometimes abstract phenomena that make up your drivers. Think about what would be true if your driver was realized.
      1. For example, if your driver is “faster access to resources,” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.
    3. Once you are satisfied with your list of indicators, populate the slide in the Cloud Vision Executive Presentation for validation from stakeholders.

    Cloud Vision Executive Presentation

    Step 1.2

    Explore cloud characteristics

    Activities

    Understand the value of the cloud:

    • Review delivery models
    • Review support models
    • Review service models
    • Review migration paths

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants:

    • Core working group
    • Architecture
    • Engineering
    • Security

    Outcomes of this step

    • Understanding of cloud service models and value

    Defining the cloud

    Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.

    Cloud characteristics

    On-demand self-service

    Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.

    Broad network access

    Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).

    Resource pooling

    Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.

    Rapid elasticity

    Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.

    Measured service

    Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.

    Cloud delivery models

    The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.

    Public

    The cloud service is provisioned for access by the general public (customers).

    Private

    A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.

    Hybrid

    Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).

    Multi

    A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).

    Public cloud

    This is what people generally think about when they talk about cloud

    • The public cloud is, well, public! Anyone can make use of its resources, and in the case of the major providers, capacity is functionally unlimited. Need to store exabytes of data in the cloud? No problem! Amazon will drive a modified shipping container to your datacenter, load it up, and “migrate” it to a datacenter.
    • Public clouds offer significant variety on the infrastructure side. Major IaaS providers, like Microsoft and Amazon, offer dozens of services across many different categories including compute, networking, and storage, but also identity, containers, machine learning, virtual desktops, and much, much more. (See a list from Microsoft here, and Amazon here)
    • There are undoubtedly strengths to the public cloud model. Providers offer the “latest and greatest” and customers need not worry about the details, including managing infrastructure and physical locations. Providers offer built-in redundancy, multi-regional deployments, automation tools, management and governance solutions, and a variety of leading-edge technologies that would not be feasible for organizations to run in-house, like high performance compute, blockchain, or quantum computing.
    • Of course, the public cloud is not all sunshine and rainbows – there are downsides as well. It can be expensive; it can introduce regulatory complications to have to trust another entity with your key information. Additionally, there can be performance hiccups, and with SaaS products, it can be difficult to monitor at the appropriate (per-transaction) level.

    Prominent examples include:

    AWS

    Microsoft

    Azure

    Salesforce.com

    Workday

    SAP

    Private cloud

    A lower-risk cloud for cloud-averse customers?

    • A cloud is a cloud, no matter how small. Some IT shops deploy private clouds that make use of the five key cloud characteristics but provisioned for the exclusive use of a single entity, like a corporation.
    • Private clouds have numerous benefits. Some potential cloud customers might be uncomfortable with the shared responsibility that is inherent in the public cloud. Private clouds allow customers to deliver flexible, measured services without having to surrender control, but they require significant overhead, capital expenditure, administrative effort, and technical expertise.
    • According to the 2021 State of the Cloud Report, private cloud use is common, and the most frequently cited toolset is VMware vSphere, followed by Azure Stack, OpenStack, and AWS Outposts. Private cloud deployments are more common in larger organizations, which makes sense given the overhead required to manage such an environment.

    Private cloud adoption

    The images shows a graph titled Private Cloud Adoption for Enterprises. It is a horizontal bar graph, with three segments in each bar: dark blue marking currently use; mid blue marking experimenting; and light blue marking plan to use.

    VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.

    Hybrid cloud

    The best of both worlds?

    Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.

    This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.

    But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).

    Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.

    Amazon, Microsoft, and Google dominate public cloud IaaS, but IBM is betting big on hybrid cloud:

    The image is a screencap of a tweet from IBM News. The tweet reads: IBM CEO Ginni Rometty: Hybrid cloud is a trillion dollar market and we'll be number one #Think2019.

    With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:

    “Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).

    Multi-cloud

    For most organizations, the multi-cloud is the most realistic option.

    Multi-cloud is popular!

    The image shows a graph titled Multi-Cloud Architectures Used, % of all Respondents. The largest percentage is Apps siloed on different clouds, followed by DAta integration between clouds.

    Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.

    Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).

    If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.

    NIST cloud service models

    Software as a service

    SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.

    Platform as a service

    PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.

    Infrastructure as a service

    IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.

    Cloud service models

    • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem,” customers gradually give up more control over their environments to cloud service providers.
    • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
    • A managed service provider or other third party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS, or might offer configuration assistance with a commercially available SaaS.

    Info-Tech Insight

    Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.

    On-prem Co-Lo IaaS PaaS SaaS
    Application Application Application Application Application
    Database Database Database Database Database
    Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware
    OS OS OS OS OS
    Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
    Server Network Storage Server Network Storage Server Network Storage Server Network Storage Server Network Storage
    Facilities Facilities Facilities Facilities Facilities

    Organization has control

    Organization or vendor may control

    Vendor has control

    Analytics folly

    SaaS is good, but it’s not a panacea

    Industry: Healthcare

    Source: Info-Tech workshop

    Situation

    A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.

    The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.

    Complication

    Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.

    That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).

    Results

    The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.

    The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.

    Migration paths

    In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:

    1. Value: does the workload stand to benefit from unique cloud characteristics? To what degree?
    2. Effort: how much work would be required to make the transition?
    3. Cost: how much money is the migration expected to cost?
    4. Time: how long will the migration take?
    5. Skills: what skills must be brought to bear to complete the migration?

    Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.

    As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.

    Retain (Revisit)

    • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

    Retire

    • Get rid of the application completely.

    Rehost

    • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

    Replatform

    • Move the application to the cloud and perform a few changes for cloud optimizations.

    Refactor

    • Rewrite the application, taking advantage of cloud native architectures.

    Repurchase

    • Replace with an alternative, cloud-native application and migrate the data.

    Migration paths – relative value

    Migration path Value Effort Cost Time Skills
    Retain No real change in the absolute value of the workload if it is retained. No effort beyond ongoing workload maintenance. No immediate hard dollar costs, but opportunity costs and technical debt abound. No time required! (At least not right away…) Retaining requires the same skills it has always required (which may be more difficult to acquire in the future).
    Rehire A retired workload can provide no value, but it is not a drain! Spinning a service down requires engaging that part of the lifecycle. N/A Retiring the service may be simple or complicated depending on its current role. N/A
    Rehost Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. Relatively cheap compared to other options. Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS.

    Replatform

    Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). Replatforming is more effortful than rehosting, but less effortful than refactoring. Moderate cost – does not require fundamental rearchitecture, just some tweaking. Relatively more complicated than a simple rehost, but less demanding than a refactor. Platform and workload expertise is required; more substantial than a simple rehost.
    Refactor A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. Significant effort required based on the requirement to engage the full SDLC. Significant cost required to engage SDLC and rebuild the application/service. The most complicated and time-consuming. The most complicated and time-consuming.
    Repurchase Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. Buying software does require knowledge of requirements and integrations, but is otherwise quite simple.

    Where should you get your cloud skills?

    Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.

    Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?

    Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:

    1. Train or hire internal resources: This might be easier said than done, especially for more niche skills, but makes sense for workloads that are critical to operations for the long term.
    2. Engage a managed service provider: MSPs are often engaged to manage services where internal IT lacks bandwidth or expertise.
    3. Hire a consultant: Consultants are great for time-bound implementation projects where highly specific expertise is required, such as a migration or implementation project.

    Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?

    Cloud decisions – summary

    A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.

    Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.

    Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.

    The image is a Venn diagram, with the left side titled Workload level, and the right side titled Environment Level. In the left section are: service model and migration path. On the right section are: Overall vision and Delivery model. In the centre section are: support model and Risks and roadblocks.

    Step 1.3

    Create a current state summary

    Activities

    1.3.1 Record your current state

    Understand the Cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    This step involves the following participants: Core working group

    Outcomes of this step

    • Current state summary of cloud solutions

    1.3.1 Record your current state

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • Current state cloud summary for service, delivery, and support models

    Materials

    • Whiteboard

    Participants

    • Core working group
    • Infrastructure team
    • Service owners
    1. On a whiteboard (real or virtual) draw a table with each of the cloud service models across the top. Leave a cell below each to list examples.
    2. Under each service model, record examples present in your environment. The purpose of the exercise is to illustrate the existence of cloud services in your environment or the lack thereof, so there is no need to be exhaustive. Complete this in turn for each service model until you are satisfied that you have created an effective picture of your current cloud SaaS state, IaaS state, etc.
    3. Input the results into their own slide titled “current state summary” in the Cloud Vision Executive Presentation.
    4. Repeat for the cloud delivery models and support models and include the results of those exercises as well.
    5. Create a short summary statement (“We are primarily a public cloud consumer with a large SaaS footprint and minimal presence in PaaS and IaaS. We retain an MSP to manage our hosted telephony solution; otherwise, everything is handled in house.”

    Cloud Vision Executive Presentation

    Step 1.4

    Select workloads for current analysis

    Activities

    1.4.1 Select workloads for assessment

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of workloads for assessment

    Understand the cloud

    Generate goals and drivers

    Explore cloud characteristics

    Create a current state summary

    Select workloads for analysis

    1.4.1 Select workloads for assessment

    30 minutes

    Input

    • Knowledge of existing cloud workloads

    Output

    • List of workloads to be assessed

    Materials

    • Whiteboard
    • Cloud Vision Workbook

    Participants

    • Core working group
    • IT management
    1. In many cases, the cloud project is inspired by a desire to move a particular workload or set of workloads. Solicit feedback from the core working group about what these workloads might be. Ask everyone in the meeting to suggest a workload and record each one on a sticky note or white board (virtual or physical).
    2. Discuss the results with the group and begin grouping similar workloads together. They will be subject to the assessments in the Cloud Vision Workbook, so try to avoid selecting too many workloads that will produce similar answers. It might not be obvious, but try to think about workloads that have similar usage patterns, risk levels, and performance requirements, and select a representative group.
    3. You should embrace counterintuition by selecting a workload that you think is unlikely to be a good fit for the cloud if you can and subjecting it to the assessment as well for validation purposes.
    4. When you have a list of 4-6 workloads, record them on tab 2 of the Cloud Vision Workbook.

    Cloud Vision Workbook

    Assess your cloud workloads

    Build the foundations of your cloud vision

    Phase 2

    Phase 2

    Evaluate Cloud Workloads

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Conduct workload assessments
    • Determine workload future state

    This phase involves the following participants:

    • Subject matter experts
    • Core working group
    • IT management

    Define Your Cloud Vision

    Work from the bottom up and assess your workloads

    A workload-first approach will help you create a realistic vision.

    The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.

    It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.

    That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.

    It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.

    Introducing the Cloud Vision Workbook

    • The Cloud Vision Workbook is an Excel tool that answers the age old question: “What should I do with my workloads?”
    • It is divided into eight tabs, each of which offers unique value. Start by reading the introduction and inputting your list of workloads. Work your way through tabs 3-6, completing the suitability, migration, management, and risk and roadblock assessments, and review the results on tab 7.
    • If you choose to go through the full battery of assessments for each workload, expect to answer and weight 111 unique questions across the four assessments. This is an intensive exercise, so carefully consider which assessments are valuable to you, and what workloads you have time to assess.
    • Tab 8 hosts the milestone timeline and captures the results of the phase 3 risk and mitigation exercise.

    Understand Cloud Vision Workbook outputs

    The image shows a graphic with several graphs and lists on it, with sections highlighted with notes. At the top, there's the title Database with the note Workload title (populated from tab 2). Below that, there is a graph with the note Relative suitability of the five service models. The Risks and roadblocks section includes the note: The strategy components – the risks and roadblocks – are captured relative to one another to highlight key focus areas. To the left of that, there is a Notes section with the note Notes populated based on post-assessment discussion. At the bottom, there is a section titled Where should skills be procured?, with the note The radar diagram captures the recommended support model relative to the others (MSP, consultant, internal IT). To the right of that, there is a section titled Migration path, with the note that Ordered list of migration paths. Note: a disconnect here with the suggested service model may indicate an unrealistic goal state.

    Step 2.1

    Conduct workload assessments

    Activities

    2.1.1 Conduct workload assessments

    2.1.2 Interpret your results

    Phase Title

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • Core working group
    • Workload subject matter experts

    Outcomes of this step

    • Completed workload assessments

    2.1.1 Conduct workload assessments

    2 hours per workload

    Input

    • List of workloads to be assessed

    Output

    • Completed cloud vision assessments

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. The Cloud Vision Workbook is your one stop shop for all things workload assessment. Open the tool to tab 2 and review the workloads you identified at the end of phase 1. Ensure that these are correct. Once satisfied, project the tool (virtually, if necessary) so that all participants can see the assessment questions.
    2. Work through tabs 3-6, answering the questions and assigning a multiplier for each one. A higher multiplier increases the relative weight of the question, giving it a greater impact on the overall outcome.
    3. Do your best to induce participants to offer opinions. Consensus is not absolutely necessary, but it is a good goal. Ask your participants if they agree with initial responses and occasionally take the opposite position (“I’m surprised you said agree – I would have thought we didn’t care about CapEx vs. OpEx”). Stimulate discussion.
    4. Highlight any questions that you will need to return to or run by someone not present. Include a placeholder answer, as the tool requires all cells to be filled for computation.

    Cloud Vision Workbook

    2.1.2 Interpret your results

    10 minutes

    Input

    • Completed cloud vision assessments

    Output

    • Shared understanding of implications

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    • Service owners/workload SMEs
    1. Once you’ve completed all 111 questions for each workload, you can review your results on tab 7. On tab 7, you will see four populated graphics: cloud suitability, migration path, “where should skills be procured?”, and risks and roadblocks. These represent the components of the overall cloud vision that you will present to stakeholders.
    2. The “cloud suitability” chart captures the service model that the assessment judges to be most suitable for the workload. Ask those present if any are surprised by the output. If there is any disagreement, discuss the source of the surprise and what a more realistic outcome would be. Revisit the assessment if necessary.
    3. Conduct a similar exercise with each of the other outputs. Does it make sense to refactor the workload based on its cloud suitability? Does the fact that we scored so highly on the “consultant” support model indicate something about how we handle upskilling internally? Does the profile of risks and roadblocks identified here align with expectations? What should be ranked higher? What about lower?
    4. Once everyone is generally satisfied with the results, close the tool and take a break! You’ve earned it.

    Cloud Vision Workbook

    Understand the cloud strategy components

    Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.

    People

    • Skills and roles
    • Culture and adoption
    • Governing bodies

    Governance

    • Architecture
    • Integration and interoperability
    • Operations management
    • Cloud portfolio management
    • Cloud vendor management
    • Finance management
    • Security
    • Data controls

    Technology

    • Monitoring
    • Provisioning
    • Migration

    Strategy component: People

    People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.

    Component Description Challenges
    Skills and roles The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration.
    Culture and adoption If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil.
    Governing bodies A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy.

    Strategy component: Governance

    Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.

    Component Description Challenges
    Architecture Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures.
    Integration and interoperability Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform.
    Operations management Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back.

    Strategy component: Governance (cont.)

    Component Description Challenges
    Cloud portfolio management This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy.
    Cloud vendor management Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor.
    Finance management Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”).
    Security The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy.

    Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology.

    Data controls Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud.

    Strategy component: Technology

    Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.

    Component Description Challenges
    Monitoring The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required.
    Provisioning How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation.
    Migration The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise.

    Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!).

    Step 2.2

    Determine workload future state

    Activities

    2.2.1 Determine workload future state

    Conduct workload assessments

    Determine workload future state

    This step involves the following participants:

    • IT management
    • Core working group

    Outcomes of this step

    • Completed workload assessments
    • Defined workload future state

    2.2.1 Determine workload future state

    1-3 hours

    Input

    • Completed workload assessments

    Output

    • Preliminary future state outputs

    Materials

    • Cloud Vision Workbook
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    • Service owners
    • IT management
    1. After you’ve had a chance to validate your results, refer to tab 7 of the tool, where you will find a blank notes section.
    2. With the working group, capture your answers to each of the following questions:
      1. What service model is the most suitable for the workload? Why?
      2. How will we conduct the migration? Which of the six models makes the most sense? Do we have a backup plan if our primary plan doesn’t work out?
      3. What should the support model look like?
      4. What are some workload-specific risks and considerations that must be taken into account for the workload?
    3. Once you’ve got answers to each of these questions for each of the workloads, include your summary in the “notes” section of tab 7.

    Cloud Vision Executive Presentation

    Paste the output into the Cloud Vision Executive Presentation

    • The Cloud Vision Workbook output is a compact, consumable summary of each workload’s planned future state. Paste each assessment in as necessary.
    • There is no absolutely correct way to present the information, but the output is a good place to start. Do note that, while the presentation is designed to lead with the vision statement, because the process is workload-first, the assessments are populated prior to the overall vision in a bottom-up manner.
    • Be sure to anticipate the questions you are likely to receive from any stakeholders. You may consider preparing for questions like: “What other workloads fit this profile?” “What do we expect the impact on the budget to be?” “How long will this take?” Keep these and other questions in mind as you progress through the vision definition process.

    The image shows the Cloud Vision Workbook output, which was described in an annotated version in an earlier section.

    Info-Tech Insight

    Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.

    Identify and Mitigate Risks

    Build the foundations of your cloud vision

    PHASE 3

    Phase 3

    Identify and Mitigate Risks

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Generate risks and roadblocks
    • Mitigate risks and roadblocks
    • Define roadmap initiatives

    This phase involves the following participants:

    • Core working group
    • Workload subject matter experts

    You know what you want to do, but what do you have to do?

    What questions remain unanswered?

    There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.

    Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.

    Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.

    Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.

    Step 3.1

    Generate risks and roadblocks

    Activities

    3.1.1 Generate risks and roadblocks

    3.1.2 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group
    • IT management
    • Infrastructure
    • Applications
    • Security
    • Architecture

    Outcomes of this step

    • List of risks and roadblocks

    Understand risks and roadblocks

    Risk

    • Something that could potentially go wrong.
    • You can respond to risks by mitigating them:
      • Eliminate: take action to prevent the risk from causing issues.
      • Reduce: take action to minimize the likelihood/severity of the risk.
      • Transfer: shift responsibility for the risk away from IT, towards another division of the company.
      • Accept: where the likelihood or severity is low, it may be prudent to accept that the risk could come to fruition.

    Roadblock

    • There are things that aren’t “risks” that we care about when migrating to the cloud.
    • We know, for example, that a complicated integration situation will create work items for any migration – this is not an “unknown.”
    • We respond to roadblocks by generating work items.

    3.1.1 Generate risks and roadblocks

    1.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Gather your core working group – and really anyone with an intelligent opinion on the cloud – into a single meeting space. Give the group 5-10 minutes to list anything they think could present a difficulty in transitioning workloads to the cloud. Write each risk/roadblock on its own sticky note. You will never be 100% exhaustive, but don’t let anything your users care about go unaddressed.
    2. Once everyone has had time to write down their risks and roadblocks, have everyone share one by one. Make sure you get them all. Overlap in risks and roadblocks is okay! Group similar concerns together to give a sort of heat map of what your participants are concerned about. (This is called “affinity diagramming.”)
    3. Assign names to these categories. Many of these categories will align with the strategy components discussed in the previous phase (governance, security, etc.) but some will be specific whether by nature or by degree.
    4. Sort each of the individual risks into its respective category, collapsing any exact duplicates, and leaving room for notes and mitigations (see the next slide for a visual).

    Understand risks and roadblocks

    The image is two columns--on the left, the column is titled Affinity Diagramming. Below the title, there are many colored blocks, randomly arranged. There is an arrow pointing right, to the same coloured blocks, now sorted by colour. In the right column--titled Categorization--each colour has been assigned a category, with subcategories.

    Step 3.2

    Mitigate risks and roadblocks

    Activities

    3.2.1 Generate mitigations

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • List of mitigations

    Is the public cloud less secure?

    This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?

    As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:

    1. Misconfiguration: An error grants access to unauthorized parties (as happened to Capital One in 2019). This can be mitigated by careful configuration management and third-party tooling.
    2. Unauthorized access by cloud provider/partner employees: Though rare, it is possible that a cloud provider or partner can be a vector for a breach. Careful contract language, choosing to own your own encryption keys, and a hybrid approach (storing data on-premises) are some possible ways to address this problem.
    3. Unauthorized access to systems: Cloud services are designed to be accessed from anywhere and may be accessed by malicious actors. Possible mitigations include risk-based conditional access, careful identity access management, and logging and detection.

    “The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud

    Breach bests bank

    No cloud provider can protect against every misconfiguration

    Industry: Finance

    Source: The New York Times, CNET

    Background

    Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”

    Complication

    The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.

    According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.

    Results

    Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

    It was a bad few months for IT at Capital One.

    3.2.1 Generate mitigations

    3-4.5 hours

    Input

    • Completed cloud vision assessments

    Output

    • List of risks and roadblocks

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    • Service owners/workload SMEs
    • Anyone with concerns about the cloud
    1. Recall the four mitigation strategies: eliminate, reduce, transfer, or accept. Keep these in mind as you work through the list of risks and roadblocks with the core working group. For every individual risk or roadblock raised in the initial generation session, suggest a specific mitigation. If the concern is “SaaS providers having access to confidential information,” a mitigation might be encryption, specific contract language, or proof of certifications (or all the above).
    2. Work through this for each of the risks and roadblocks, identifying the steps you need to take that would satisfy your requirements as you understand them.
    3. Once you have gone through the whole list – ideally with input from SMEs in particular areas like security, engineering, and compliance/legal – populate the Cloud Vision Workbook (tab 8) with the risks, roadblocks, and mitigations (sorted by category). Review tab 8 for an example of the output of this exercise.

    Cloud Vision Workbook

    Cloud Vision Workbook – mitigations

    The image shows a large chart titled Risks, roadblocks, and mitigations, which has been annotated with notes.

    Step 3.3

    Define roadmap initiatives

    Activities

    3.3.1 Generate roadmap initiatives

    Identify and mitigate risks

    Generate risks and roadblocks

    Mitigate risks and roadblocks

    Define roadmap initiatives

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Defined roadmap initiatives

    3.3.1 Generate roadmap initiatives

    1 hour

    Input

    • List of risk and roadblock mitigations

    Output

    • List of cloud initiatives

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Executing on your cloud vision will likely require you to undertake some key initiatives, many of which have already been identified as part of your mitigation exercise. On tab 8 of the Cloud Vision Workbook, review the mitigations you created in response to the risks and roadblocks identified. Initiatives should generally be assignable to a party and should have a defined scope/duration. For example, “assess all net new applications for cloud suitability” might not be counted as an initiative, but “design a cloud application assessment” would likely be.
    2. Design a timeline appropriate for your specific needs. Generally short-term (less than 3 months), medium-term (3-6 months), and long-term (greater than 6 months) will work, but this is entirely based on preference.
    3. Review and validate the parameters with the working group. Consider creating additional color-coding (highlighting certain tasks that might be dependent on a decision or have ongoing components).

    Cloud Vision Workbook

    Bridge the gap and create the vision

    Build the foundations of your cloud vision

    Phase 4

    Phase 4

    Bridge the Gap and Create the Vision

    Phase 1

    1.1 Generate goals and drivers

    1.2 Explore cloud characteristics

    1.3 Create a current state summary

    1.4 Select workloads for analysis

    Phase 2

    2.1 Conduct workload assessments

    2.2 Determine workload future states

    Phase 3

    3.1 Generate risks and roadblocks

    3.2 Mitigate risks and roadblocks

    3.3 Define roadmap initiatives

    Phase 4

    4.1 Review and assign work items

    4.2 Finalize cloud decision framework

    4.3 Create cloud vision

    This phase will walk you through the following activities:

    • Assign initiatives and propose timelines
    • Build a delivery model rubric
    • Build a service model rubric
    • Built a support model rubric
    • Create a cloud vision statement
    • Map cloud workloads
    • Complete the Cloud Vision presentation

    This phase involves the following participants:

    • IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders

    Step 4.1

    Review and assign work items

    Activities

    4.1.1 Assign initiatives and propose timelines

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    • Populated cloud vision roadmap

    4.1.1 Assign initiatives and propose timelines

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Once the list is populated, begin assigning responsibility for execution. This is not a RACI exercise, so focus on the functional responsibility. Once you have determined who is responsible, assign a timeline and include any notes. This will form the basis of a more formal project plan.
    2. To assign the initiative to a party, consider 1) who will be responsible for execution and 2) if that responsibility will be shared. Be as specific as possible, but be sure to be consistent to make it easier for you to sort responsibility later on.
    3. When assigning timelines, we suggest including the end date (when you expect the project to be complete) rather than the start date, though whatever you choose, be sure to be consistent. Make use of the notes column to record anything that you think any other readers will need to be aware of in the future, or details that may not be possible to commit to memory.

    Cloud Vision Workbook

    Step 4.2

    Finalize cloud decision framework

    Activities

    4.2.1 Build a delivery model rubric

    4.2.2 Build a service model rubric

    4.2.3 Build a support model rubric

    Bridge the gap and create the vision

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group

    Outcomes of this step

    • Cloud decision framework

    4.2.1 Build a delivery model rubric

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    Participants

    • Core working group
    1. Now that we have a good understanding of the cloud’s key characteristics, the relative suitability of different workloads for the cloud, and a good understanding of some of the risks and roadblocks that may need to be overcome if a cloud transition is to take place, it is time to formalize a delivery model rubric. Start by listing the delivery models on a white board vertically – public, private, hybrid, and multi-cloud. Include a community cloud option as well if that is feasible for you. Strike any models that do not figure into your vision.
    2. Create a table style rubric for each delivery model. Confer with the working group to determine what characteristics best define workloads suitable for each model. If you have a hybrid cloud option, you may consider workloads that are highly dynamic; a private cloud hosted on-premises may be more suitable for workloads that have extensive regulatory requirements.
    3. Once the table is complete, include it in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Delivery model Decision criteria
    Public cloud
    • Public cloud is the primary destination for all workloads as the goal is to eliminate facilities and infrastructure management
    • Offers features, broad accessibility, and managed updates along with provider-managed facilities and hardware
    Legacy datacenter
    • Any workload that is not a good fit for the public cloud
    • Dependency (like a USB key for license validation)
    • Performance requirements (e.g. workloads highly sensitive to transaction thresholds)
    • Local infrastructure components (firewall, switches, NVR)

    Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.

    4.2.2 Build a service model rubric

    1 hour

    Input

    • Output of workload assessments
    • Output of risk and mitigation exercise

    Output

    • Service model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. This next activity is like the delivery model activity, but covers the relevant cloud service models. On a whiteboard, make a vertical list of the cloud service models (SaaS, PaaS, IaaS, etc.) that will be considered for workloads. If you have an order of preference, place your most preferred at the top, your least preferred at the bottom.
    2. Describe the circumstances under which you would select each service model. Do your best to focus on differentiators. If a decision criterion appears for multiple service models, consider refining or excluding it. (For additional information, check out Info-Tech’s Reimagine IT Operations for a Cloud-First World blueprint.)
    3. Create a summary statement to capture your overall service model position. See the next slide for an example. Note: this can be incorporated into your cloud vision statement, so be sure that it reflects your genuine cloud preferences.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Service model Decision criteria
    SaaS

    SaaS first; opt for SaaS when:

    • A SaaS option exists that meets all key business requirements
    • There is a strong desire to have someone else (the vendor) manage infrastructure components/the platform
    • Not particularly sensitive to performance thresholds
    • The goal is to transition management of the workload outside of IT
    • SaaS is the only feasible way to consume the desired service
    PaaS
    • Highly customized service/workload – SaaS not feasible
    • Still preferable to offload as much management as possible to third parties
    • Customization required, but not at the platform level
    • The workload is built using a standard framework
    • We have the time/resources to replatform
    IaaS
    • Service needs to be lifted and shifted out of the datacenter quickly
    • Customization is required at the platform level/there is value in managing components
    • There is no need to manage facilities
    • Performance is not impacted by hosting the workload offsite
    • There is value in right-sizing the workload over time
    On-premises Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key)

    Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.

    4.2.3 Build a support model rubric

    1 hour

    Input

    • Results of the cloud workload assessments

    Output

    • Support model rubric

    Materials

    • Whiteboard
    • Cloud Vision Executive Presentation

    Participants

    • Core working group
    1. The final rubric covered here is that for the support model. Where will you procure the skills necessary to ensure the vision’s proper execution? Much like the other rubric activities, write the three support models vertically (in order of preference, if you have one) on a whiteboard.
    2. Next to each model, describe the circumstances under which you would select each support model. Focus on the dimensions: the duration of the engagement, specialization required, and flexibility required. If you have existing rules/practices around hiring consultants/MSPs, consider those as well.
    3. Once you have a good list of decision criteria, form a summary statement. This should encapsulate your position on support models and should mention any notable criteria that will contribute to most decisions.
    4. Record the results in the Cloud Vision Executive Presentation.

    Cloud Vision Executive Presentation

    Vision for the cloud future state (example)

    Support model Decision criteria
    Internal IT

    The primary support model will be internal IT going forward

    • Chosen where the primary work required is administrative
    • Where existing staff can manage the service in the cloud easily and effectively
    • Where the chosen solution fits the SaaS service model
    Consultant
    • Where the work required is time-bound (e.g. a migration/refactoring exercise)
    • Where the skills do not exist in house, and where the skills cannot easily be procured (specific technical expertise required in areas of the cloud unfamiliar to staff)
    • Where opportunities for staff to learn from consultant SMEs are valuable
    • Where ongoing management and maintenance can be handled in house
    MSP
    • Where an ongoing relationship is valued
    • Where ongoing administration and maintenance are disproportionately burdensome on IT staff (or where this administration and maintenance is likely to be burdensome)
    • Where the managed services model has already been proven out
    • Where specific expertise in an area of technology is required but this does not rise to the need to hire an FTE (e.g. telephony)

    Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.

    Step 4.3

    Create cloud vision

    Activities

    4.3.1 Create a cloud vision statement

    4.3.2 Map cloud workloads

    4.3.3 Complete the Cloud Vision Presentation

    Review and assign work items

    Finalize cloud decision framework

    Create cloud vision

    This step involves the following participants:

    • Core working group
    • IT management

    Outcomes of this step

    Completed Cloud Vision Executive Presentation

    4.3.1 Create a cloud vision statement

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Now that you know what service models are appropriate, it’s time to summarize your cloud vision in a succinct, consumable way. A good vision statement should have three components:
      • Scope: Which parts of the organization will the strategy impact?
      • Goal: What is the strategy intended to accomplish?
      • Key differentiator: What makes the new strategy special?
    2. On a whiteboard, make a chart with three columns (one column for each of the features of a good mission statement). Have the group generate a list of words to describe each of the categories. Ideally, the group will produce multiple answers for each category.
    3. Once you’ve gathered a few different responses for each category, have the team put their heads down and generate pithy mission statements that capture the sentiments underlying each category.
    4. Have participants read their vision statements in front of the group. Use the rest of the session to produce a final statement. Record the results in the Cloud Strategy Executive Presentation.

    Example vision statement outputs

    “IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”

    “At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”

    As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”

    Scope

    Goal

    Key differentiator

    4.3.2 Map cloud workloads

    1 hour

    Input

    • List of workloads
    • List of acceptable service models
    • List of acceptable migration paths

    Output

    • Workloads mapped by service model/migration path

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Core working group
    1. Now that you have defined your overall cloud vision as well as your service model options, consider aligning your service model preferences with your migration path preferences. Draw a table with your expected migration strategies across the top (retain, retire, rehost, replatform, refactor, repurchase, or some of these) and your expected service models across the side.
    2. On individual sticky notes, write a list of workloads in your environment. In a smaller environment, this list can be exhaustive. Otherwise take advantage of the list you created as part of phase 1 along with any additional workloads that warrant discussion.
    3. As a group, go through the list, placing the sticky notes first in the appropriate row based on their characteristics and the decision criteria that have already been defined, and then in the appropriate column based on the appropriate migration path. (See the next slide for an example of what this looks like.)
    4. Record the results in the Cloud Vision Executive Presentation. Note: not every cell will be filled; some migration path/service model combinations are impossible or otherwise undesirable.

    Cloud Vision Executive Presentation

    Example cloud workload map

    Repurchase Replatform Rehost Retain
    SaaS

    Office suite

    AD

    PaaS SQL Database
    IaaS File Storage DR environment
    Other

    CCTV

    Door access

    4.3.3 Complete the Cloud Vision Presentation

    1 hour

    Input

    • List of cloud initiatives

    Output

    • Initiatives assigned by responsibility and timeline

    Materials

    • Cloud Vision Workbook

    Participants

    • Core working group
    1. Open the Cloud Vision Executive Presentation to the second slide and review the templated executive brief. This comprises several sections (see the next slide). Populate each one:
      • Summary of the exercise
      • The cloud vision statement
      • Key cloud drivers
      • Risks and roadblocks
      • Top initiatives and next steps
    2. Review the remainder of the presentation. Be sure to elaborate on any significant initiatives and changes (where applicable) and to delete any slides that you no longer require.

    Cloud Vision Workbook

    Sample cloud vision executive summary

    • From [date to date], a cross-functional group representing IT and its constituents met to discuss the cloud.
    • Over the course of the week, the group identified drivers for cloud computing and developed a shared vision, evaluated several workloads through an assessment framework, identified risks, roadblocks, and mitigations, and finally generated initiatives and next steps.
    • From the process, the group produced a summary and a cloud suitability assessment framework that can be applied at the level of the workload.

    Cloud Vision Statement

    [Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.

    Cloud Drivers Retire the datacenter Do more valuable work
    Right-size the environment Reduce CapEx
    Facilitate ease of mgmt. Work from anywhere
    Reduce capital expenditure Take advantage of elasticity
    Performance and availability Governance Risks and roadblocks
    Security Rationalization
    Cost Skills
    Migration Remaining premises resources
    BC, backup, and DR Control

    Initiatives and next steps

    • Close the datacenter and colocation site in favor of a SaaS-first cloud approach.
    • Some workloads will migrate to infrastructure-as-a-service in the short term with the assistance of third-party consultants.

    Document your cloud strategy

    You did it!

    Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.

    How do you fix this?

    First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.

    The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.

    A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).

    Appendix

    Summary of Accomplishment

    Additional Support

    Research Contributors

    Related Info-Tech Research

    Vendor Resources

    Bibliography

    Summary of Accomplishment

    Problem Solved

    You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.

    You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Generate drivers for cloud adoption

    Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.

    Conduct workload assessments

    Assess your individual cloud workloads for their suitability as candidates for the cloud migration.

    Bibliography

    “2021 State of the Cloud Report.” Flexera, 2021. Web.

    “2021 State of Upskilling Report.” Pluralsight, 2021. Web.

    “AWS Snowmobile.” Amazon Web Services, n.d. Web.

    “Azure products.” Microsoft, n.d. Web.

    “Azure Migrate Documentation.” Microsoft, n.d. Web.

    Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.

    “Cloud Products.” Amazon Web Services, n.d. Web.

    “COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.

    Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.

    Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.

    Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.

    “’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.

    “IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.

    Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.

    Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.

    Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.

    Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.

    “What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.

    Succeed With Digital Strategy Execution

    • Buy Link or Shortcode: {j2store}527|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Rising customer expectations and competitive pressures have accelerated the pace at which organizations are turning to digital transformation to drive revenue or cut costs.
    • Many digital strategies are not put into action, and instead sit on the shelf. A digital strategy that is not translated into specific projects and initiatives will provide no value to the organization.
    • Executing a digital strategy is easier said than done: IT often lacks the necessary framework to create a roadmap, or fails to understand how new applications can enable the vision outlined in the strategy.

    Our Advice

    Critical Insight

    • A digital strategy needs a clear roadmap to succeed. Too many digital strategies are lofty statements of objective with no clear avenue for actual execution: create a digital strategy application roadmap to avoid this pitfall.
    • Understand the art of execution. Application capabilities are rapidly evolving: IT must stand ready to educate the business on how new applications can be used to pursue the digital strategy.

    Impact and Result

    • IT must work with the business to parse specific technology drivers from the digital strategy, distill strategic requirements, and create a prescriptive roadmap of initiatives that will close the gaps between the current state and the target state outlined in the digital strategy. Doing so well is a path to the CIO’s office.
    • To better serve the organization, IT leaders must stay abreast of key application capabilities and trends. Exciting new developments such as artificial intelligence, IoT, and machine learning have opened up new avenues for process digitization, but IT leaders need to make a concerted effort to understand what modern applications bring to the table for technology enablement of the digital strategy.
    • Taking an agile approach to application roadmap development will help to provide a clear path forward for tackling digital strategy execution, while also allowing for flexibility to update and iterate as the internal and external environment changes.

    Succeed With Digital Strategy Execution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have a structured approach to translating your digital strategy to specific application initiatives, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Parse digital strategy drivers

    Parse specific technology drivers out of the formal enterprise digital strategy.

    • Succeed With Digital Strategy Execution – Phase 1: Parse Your Digital Strategy for Critical Technology Drivers

    2. Map drivers to enabling technologies

    Review and understand potential enabling applications.

    • Succeed With Digital Strategy Execution – Phase 2: Map Your Drivers to Enabling Applications

    3. Create the application roadmap to support the digital strategy

    Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.

    • Succeed With Digital Strategy Execution – Phase 3: Create an Application Roadmap That Supports the Digital Strategy
    • Digital Strategy Roadmap Tool
    • Application Roadmap Presentation Template
    • Digital Strategy Communication and Execution Plan Template
    [infographic]

    Workshop: Succeed With Digital Strategy Execution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Validate the Digital Strategy

    The Purpose

    Review and validate the formal enterprise digital strategy.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization’s digital strategy.

    Activities

    1.1 Review the initial digital strategy.

    1.2 Determine gaps.

    1.3 Refine digital strategy scope and vision.

    1.4 Finalize digital strategy and validate with stakeholders.

    Outputs

    Validated digital strategy

    2 Parse Critical Technology Drivers

    The Purpose

    Enumerate relevant technology drivers from the digital strategy.

    Key Benefits Achieved

    List of technology drivers to pursue based on goals articulated in the digital strategy.

    Activities

    2.1 Identify affected process domains.

    2.2 Brainstorm impacts of digital strategy on technology enablement.

    2.3 Distill critical technology drivers.

    2.4 Identify KPIs for each driver.

    Outputs

    Affected process domains (based on APQC)

    Critical technology drivers for the digital strategy

    3 Map Drivers to Enabling Applications

    The Purpose

    Relate your digital strategy drivers to specific, actionable application areas.

    Key Benefits Achieved

    Understand the interplay between the digital strategy and impacted application domains.

    Activities

    3.1 Build and review current application inventory for digital.

    3.2 Execute fit-gap analysis between drivers and current state inventory.

    3.3 Pair technology drivers to specific enabling application categories.

    Outputs

    Current-state application inventory

    Fit-gap analysis

    4 Understand Applications

    The Purpose

    Understand how different applications support the digital strategy.

    Understand the art of the possible.

    Key Benefits Achieved

    Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.

    Activities

    4.1 Application spotlight: customer experience.

    4.2 Application spotlight: content and collaboration.

    4.3 Application spotlight: business intelligence.

    4.4 Application spotlight: enterprise resource planning.

    Outputs

    Application spotlights

    5 Build the Digital Application Roadmap

    The Purpose

    Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.

    Key Benefits Achieved

    Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.

    Activities

    5.1 Build list of enabling projects and applications.

    5.2 Create prioritization criteria.

    5.3 Build the digital strategy application roadmap.

    5.4 Socialize the roadmap.

    5.5 Delineate responsibility for roadmap execution.

    Outputs

    Application roadmap for the digital strategy

    RACI chart for digital strategy roadmap execution

    Don’t Allow Software Licensing to Derail Your M&A

    • Buy Link or Shortcode: {j2store}135|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Assuming that all parties are compliant in their licensing is a risky proposition. Most organizations are deficient in some manner of licensing. Know where those gaps are before finalizing M&A activity and have a plan in place to mitigate them right away.
    • Vendors will target companies that have undergone recent M&A activity with an audit. Vendors know that the many moving parts of M&A activity often result in license shortfall, and they may look to capitalize during the transition with audit revenue.
    • New organizational structure can offer new licensing opportunities. Take advantage of the increased volume discounting, negotiation leverage, and consolidation opportunities afforded by a merger or acquisition.

    Our Advice

    Critical Insight

    • To mitigate risks and create accurate cost estimates, create a contingency fund to compensate for unavailability of information.
    • Gathering and analyzing information is an iterative process that is ongoing throughout due diligence. Update your assumptions, risks, and budget as you obtain new information.
    • Communication with the M&A team and business process owners should be constant throughout due diligence. IT integration does not exist in isolation.

    Impact and Result

    • CIOs must be part of the conversation during the exploration/due diligence phase before the deal is closed to examine licensing compliance and software costs that could have a direct result on the valuation of the new organization.
    • Both organizations must conduct thorough due diligence (such as internal SAM audits), analyze the information, and define critical assumptions to create a strategy for the resultant IT enterprise.
    • The IT team is involved in integration, synergy realization, and cost considerations that the business often does not consider or take into account with respect to IT. License transfer, assignability, use, and geographic rights all come into play and can be overlooked.

    Don’t Allow Software Licensing to Derail Your M&A Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you shouldn’t allow software licensing to derail your M&A deal, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the M&A process with respect to software licensing

    Grasp the key pain points of software licensing and the effects it has on an M&A. Review the benefits of early IT involvement and identify IT’s capabilities.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 1: M&A Overview
    • M&A Software Asset Maturity Assessment

    2. Perform due diligence

    Understand the various steps and process when conducting due diligence. Request information and assess risks, make assumptions, and budget costs.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 2: Due Diligence
    • License Inventory
    • IT Due Diligence Report
    • M&A Software Asset RACI Template

    3. Prepare for integration

    Take a deeper dive into the application portfolios and vendor contracts of both organizations. Review integration strategies and design the end-state of the resultant organization.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 3: Pre-Integration Planning
    • Effective Licensing Position Tool
    • IT Integration Roadmap Tool

    4. Execute on the integration plan

    Review initiatives being undertaken to ensure successful integration execution. Discuss long-term goals and how to communicate with vendors to avoid licensing audits.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 4: Integration Execution
    [infographic]

    Workshop: Don’t Allow Software Licensing to Derail Your M&A

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 M&A Overview

    The Purpose

    Identify the goals and objectives the business has for the M&A.

    Understand cultural and organizational structure challenges and red flags.

    Identify SAM/licensing challenges and red flags.

    Conduct maturity assessment.

    Clarify stakeholder responsibilities.

    Build and structure the M&A team.

    Key Benefits Achieved

    The capabilities required to successfully examine software assets and licensing during the M&A transaction.

    M&A business goals and objectives identified.

    IT M&A team selected.

    Severity of SAM challenges and red flags examined.

    Activities

    1.1 Document pain points from previous experience.

    1.2 Identify IT opportunities during M&A.

    Outputs

    M&A Software Asset Maturity Assessment

    2 Due Diligence

    The Purpose

    Take a structured due diligence approach that properly evaluates the current state of the organization.

    Review M&A license inventory and use top five vendors as example sets.

    Identify data capture and reporting methods/tools.

    Scheduling challenges.

    Scope level of effort and priority list.

    Common M&A pressures (internal/external).

    Key Benefits Achieved

    A clear understanding of the steps that are involved in the due diligence process.

    Recognition of the various areas from which information will need to be collected.

    Licensing pitfalls and compliance risks to be examined.

    Knowledge of terms and conditions that will limit ability in pre-integration planning.

    Activities

    2.1 Identify IT capabilities for an M&A.

    2.2 Create your due diligence team and assign accountability.

    2.3 Use Info-Tech’s IT Due Diligence Report Template to track key elements.

    2.4 Document assumptions to back up cost estimates and risk.

    Outputs

    M&A Software Asset RACI Template

    IT Due Diligence Report

    3 Pre-Integration Planning

    The Purpose

    Review and map legal operating entity structure for the resultant organization.

    Examine impact on licensing scenarios for top five vendors.

    Identify alternative paths and solutions.

    Complete license impact for top five vendors.

    Brainstorm action plan to mitigate negative impacts.

    Discuss and explore the scalable process for second level agreements.

    Key Benefits Achieved

    Identification of the ideal post-M&A application portfolio and licensing structures.

    Recognition of the key considerations when determining the appropriate combination of IT integration strategies.

    Design of vendor contracts for the resultant enterprise.

    Recognition of how to create an IT integration budget.

    Activities

    3.1 Work with the senior management team to review how the new organization will operate.

    3.2 Document the strategic goals and objectives of IT’s integration program.

    3.3 Interview business leaders to understand how they envision their business units.

    3.4 Perform internal SAM audit.

    3.5 Create a library of all IT processes in the target organization as well as your own.

    3.6 Examine staff using two dimensions: competency and capacity.

    3.7 Design the end-state.

    3.8 Communicate your detailed pre-integration roadmap with senior leadership and obtain sign-off.

    Outputs

    IT Integration Roadmap Tool

    Effective License Position

    4 Manage Post-M&A Activities

    The Purpose

    Finalize path forward for top five vendors based on M&A license impact.

    Disclose findings and financial impact estimate to management.

    Determine methods for second level agreements to be managed.

    Provide listing of specific recommendations for top five list.

    Key Benefits Achieved

    Initiatives generated and executed upon to achieve the technology end-state of each IT domain.

    Vendor audits avoided.

    Contracts amended and vendors spoken to.

    Communication with management on achievable synergies and quick wins.

    Activities

    4.1 Identify initiatives necessary to realize the application end-state.

    4.2 Identify initiatives necessary to realize the end-state of IT processes.

    4.3 Identify initiatives necessary to realize the end-state of IT staffing.

    4.4 Prioritize initiatives based on ease of implementation and overall business impact.

    4.5 Manage vendor relations.

    Outputs

    IT Integration Roadmap Tool

    Improve IT Operations With AI and ML

    • Buy Link or Shortcode: {j2store}454|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Many IT departments experience difficulty with meeting the business' expectations for service delivery on a regular basis.
    • Despite significant investment in improving various areas of IT operations, you still feel like you’re constantly firefighting.
    • To tackle these issues, businesses tend to invest in purchasing multiple solutions. This not only complicates their IT operations, but also, in some cases, deteriorates functionality.

    Our Advice

    Critical Insight

    • To leverage AI capabilities, you first need to assess the current state of your IT operations and know what your priorities are.
    • Contemplate use cases that will get the most benefit from automation and start with processes that you are relatively comfortable handling.
    • Analyze your initial plan to identify easy wins, then expand your AIOps.

    Impact and Result

    • Perform a current state assessment to spot which areas within your operations management are the least mature and causing you the most grief. Identify which functional areas within operations management need to be prioritized for improvement.
    • Make a shortlist of use cases that will get the most benefit from AI-based technology.
    • Prepare a plan to deploy AI capabilities to improve your IT operations.

    Improve IT Operations With AI and ML Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out about the latest improvements in AIOps and how these can help you improve your IT operations. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current state of IT operations management

    Identify where your organization currently stands in its operations management practices.

    • AIOps Project Summary Template
    • AIOps Prerequisites Assessment Tool

    2. Identify initiatives that align with operations requirements

    Recognize the benefits of AI and ML for your business. Determine the necessary roles and responsibilities for potential initiatives, then develop and assess your shortlist.

    • AIOps RACI Template
    • AIOps Shortlisting Tool

    3. Develop the AI roadmap

    Analyze your ROI for AIOps and create an action plan. Communicate your AI and ML initiatives to stakeholders to obtain their support.

    • AIOps ROI Calculator
    • AIOps Roadmap Tool
    • AIOps Communications Plan Template
    [infographic]

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Secure IT-OT Convergence

    • Buy Link or Shortcode: {j2store}382|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $10,499 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations

    IT and OT are both very different complex systems. However, significant benefits have driven OT to be converged to IT. This results in IT security leaders, OT leaders and their teams' facing challenges in:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.

    Our Advice

    Critical Insight

    • Returning to isolated OT is not beneficial for the organization, therefore IT and OT need to learn to collaborate starting with communication to build trust and to overcome differences between IT and OT. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and metrics for OT security.
    • Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.
    • OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT-OT based on negotiation and this needs top-down support.

    Impact and Result

    Info-Tech’s approach in preparing for IT/OT convergence in the planning phase is coordination and collaboration of IT and OT to

    • initiate communication to define roles and responsibilities.
    • establish governance and build cross-functional team.
    • identify convergence components and compliance obligations.
    • assess readiness.

    Secure IT/OT Convergence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure IT/OT Convergence Storyboard – A step-by-step document that walks you through how to secure IT-OT convergence.

    Info-Tech provides a three-phase framework of secure IT/OT convergence, namely Plan, Enhance, and Monitor & Optimize. The essential steps in Plan are to:

  • Initiate communication to define roles and responsibilities.
  • Establish governance and build a cross-functional team.
  • Identify convergence components and compliance obligations.
  • Assess readiness.
    • Secure IT/OT Convergence Storyboard

    2. Secure IT/OT Convergence Requirements Gathering Tool – A tool to map organizational goals to secure IT-OT goals.

    This tool serves as a repository for information about the organization, compliance, and other factors that will influence your IT/OT convergence.

    • Secure IT/OT Convergence Requirements Gathering Tool

    3. Secure IT/OT Convergence RACI Chart Tool – A tool to identify and understand the owners of various IT/OT convergence across the organization.

    A critical step in secure IT/OT convergence is populating a RACI (Responsible, Accountable, Consulted, and Informed) chart. The chart assists you in organizing roles for carrying out convergence steps and ensures that there are definite roles that different individuals in the organization must have. Complete this tool to assign tasks to suitable roles.

    • Secure IT/OT Convergence RACI Chart Tool
    [infographic]

    Further reading

    Secure IT/OT Convergence

    Create a holistic IT/OT security culture.

    Analyst Perspective

    Are you ready for secure IT/OT convergence?

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

    In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

    A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

    Photo of Ida Siahaan, Research Director, Security and Privacy Practice, Info-Tech Research Group. Ida Siahaan
    Research Director, Security and Privacy Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    IT and OT are both very different complex systems. However, significant benefits have driven OT to converge with IT. This results in IT security leaders, OT leaders, and their teams facing challenges with:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.
    Common Obstacles
    • IT/OT network segmentation and remote access issues, as most OT incidents indicate that the attackers gained access through the IT network, followed by infiltration into OT networks.
    • OT proprietary devices and unsecure protocols use outdated systems which may be insecure by design.
    • Different requirements of OT and IT security – i.e. IT (confidentiality, integrity, and availability) vs. OT (safety, reliability, and availability).
    Info-Tech’s Approach

    Info-Tech’s approach in preparing for IT/OT convergence (i.e. the Plan phase) is coordination and collaboration of IT and OT to:

    • Initiate communication to define roles and responsibilities.
    • Establish governance and build a cross-functional team.
    • Identify convergence components and compliance obligations.
    • Assess readiness.

    Info-Tech Insight

    Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

    Consequences of unsecure IT/OT convergence

    OT systems were built with no or little security design

    90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

    Bar graph comparing three years, 2019-2021, of four different OT security incidents: 'Ransomeware', 'Insider breaches', 'Phishing', and 'Malware'.
    (Source: Fortinet, 2021.)
    Lack of visibility

    86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

    The need for secure IT/OT convergence

    Important Industrial Control System (ICS) cyber incidents

    2000
    Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.
    2012
    Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.
    2014
    Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.
    2017
    Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.
    2022
    Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
    Timeline of Important Industrial Control System (ICS) cyber incidents.
    1903
    Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”
    2010
    Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).
    2013
    Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers
    2016
    Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.
    2021
    Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

    (Source: US Department of Energy, 2018.


    ”Significant Cyber Incidents,” CSIS, 2022


    MIT Technology Review, 2022.)

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Case Study

    Horizon Power
    Logo for Horizon Power.
    INDUSTRY
    Utilities
    SOURCE
    Interview

    Horizon Power is the regional power provider in Western Australia and stands out as a leader not only in the innovative delivery of sustainable power, but also in digital transformation. Horizon Power is quite mature in distributed energy resource management; moving away from centralized generation to decentralized, community-led generation, which reflects in its maturity in converging IT and OT.

    Horizon Power’s IT/OT convergence journey started over six years ago when advanced metering infrastructure (AMI) was installed across its entire service area – an area covering more than one quarter of the Australian continent.

    In these early days of the journey, the focus was on leveraging matured IT approaches such as adoption of cloud services to the OT environment, rather than converging the two. Many years later, Horizon Power has enabled OT data to be more accessible to derive business benefits such as customer usage data using data analytics with the objective of improving the collection and management of the OT data to improve business performance and decision making.

    The IT/OT convergence meets legislation such as the Australian Energy Sector Cyber Security Framework (AESCSF), which has impacts on the architectural layer of cybersecurity that support delivery of the site services.

    Results

    The lessons learned in converging IT and OT from Horizon Power were:

    • Start with forming relationships to build trust and overcome any divide between IT and OT.
    • Collaborate with IT and OT teams to successfully implement solutions, such as vulnerability management and discovery tools for OT assets.
    • Switch the focus from confidentiality and integrity to availability in solutions evaluation
    • Develop training and awareness programs for all levels of the organization.
    • Actively encourage visible sponsorship across management by providing regular updates and consistent messaging.
    • Monitor cybersecurity metrics such as vulnerabilities, mean time to treat vulnerabilities, and intrusion attempts.
    • Manage third-party vendors using a platform which not only performs external monitoring but provides third-party vendors with visibility or potential threats in their organization.

    The Secure IT/OT Convergence Framework

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating onto the IT ecosystem, to improve access via the internet and to leverage other standard IT capabilities. However, IT and OT are historically very different, and without careful calculation, simply connecting the two systems will result in a problem. Therefore, IT and OT need to learn to live together starting with communication to build trust and to overcome differences between IT and OT.
    Convergence Elements
    • Process convergence
    • Software and data convergence
    • Network and infrastructure convergence
    Target Groups
    • OT leader and teams
    • IT leader and teams
    • Security leader and teams
    Security Components
    • Governance and compliance
    • Security strategy
    • Risk management
    • Security policies
    • IR, DR, BCP
    • Security awareness and training
    • Security architecture and controls

    Plan

    • Initiate communication
    • Define roles and responsibilities
    • Establish governance and build a cross-functional team
    • Identify convergence elements and compliance obligations
    • Assess readiness

    Governance

    Compliance

    Enhance

    • Update security strategy for IT/OT convergence
    • Update risk-management framework for IT/OT convergence
    • Update security policies and procedures for IT/OT convergence
    • Update incident response, disaster recovery, and business continuity plan for IT/OT convergence

    Security strategy

    Risk management

    Security policies and procedures

    IR, DR, and BCP

    Monitor &
    Optimize

    • Implement awareness, induction, and cross-training program
    • Design and deploy converging security architecture and controls
    • Establish and monitor IT/OT security metrics on effectiveness and efficiency
    • Red-team followed by blue-team activity for cross-functional team building

    Awareness and cross-training

    Architecture and controls

    Phases
    Color-coded phases with arrows looping back up from the bottom to top phase.
    • Plan
    • Enhance
    • Monitor & Optimize
    Plan Outcomes
    • Mapping business goals to IT/OT security goals
    • RACI chart for priorities and accountabilities
    • Compliance obligations register
    • Readiness checklist
    Enhance Outcomes
    • Security strategy for IT/OT convergence
    • Risk management framework
    • Security policies & procedures
    • IR, DR, BCP
    Monitor & Optimize Outcomes
    • Security awareness and training
    • Security architecture and controls
    Plan Benefits
    • Improved flexibility and less divided IT/OT
    • Improved compliance
    Enhance Benefits
    • Increased strategic common goals
    • Increased efficiency and versatility
    Monitor & Optimize Benefits
    • Enhanced security
    • Reduced costs

    Plan

    Initiate communication

    To initiate communication between the IT and OT teams, it is important to understand how the two groups are different and to build trust to find a holistic approach which overcomes those differences.
    IT OT
    Remote Access Well-defined access control Usually single-level access control
    Interfaces Human Machine, equipment
    Software ERP, CRM, HRIS, payroll SCADA, DCS
    Hardware Servers, switches, PCs PLC, HMI, sensors, motors
    Networks Ethernet Fieldbus
    Focus Reporting, communication Up-time, precision, safety
    Change management Frequent updates and patches Infrequent updates and patches
    Security Confidentiality, integrity, availability Safety, reliability, availability
    Time requirement Normally not time critical Real time

    Info-Tech Insight

    OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT and OT based on negotiation, and this needs top-down support.

    Identifying organization goals is the first step in aligning your secure IT/OT convergence with your organization’s vision.

    • Security leaders need to understand the direction the organization is headed in.
    • Wise security investments depend on aligning your security initiatives to the organization.
    • Secure IT/OT convergence should contribute to your organization’s objectives by supporting operational performance and ensuring brand protection and shareholder value.

    Map organizational goals to IT/OT security goals

    Input: Corporate, IT, and OT strategies

    Output: Your goals for the security strategy

    Materials: Secure IT/OT Convergence Requirements Gathering Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

    1. As a group, brainstorm organization goals.
      1. Review relevant corporate, IT, and OT strategies.
    2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
    3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

    Download the Secure IT/OT Convergence Requirements Gathering Tool

    Record organizational goals

    Sample of the definitions table with columns numbered 1-4.

    Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

    1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    2. For each of your organizational goals, identify IT alignment goals.
    3. For each of your organizational goals, identify OT alignment goals.
    4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

    Establish scope and boundaries

    It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
    This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list each one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Do you need to secure all your programs or only a select few?
    • Is the system owned or outsourced?
    • Where are you accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    OT Systems Scope and Boundaries

    • There may be hundreds of OT systems that are run and maintained in your organization. Do you need to secure all OT or a select subset?
    • Is the system owned or outsourced?
    • Where are you accountable for safety and security?
    • What reliability requirements does each system handle?

    Record scope and boundaries

    Sample Scope and Boundaries table. Refer to the Secure IT/OT Convergence Framework when filling in the following elements:
    • Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    • For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

    Plan

    Define roles and responsibilities

    Input: List of relevant stakeholders

    Output: Roles and responsibilities for the secure IT/OT convergence program

    Materials: Secure IT/OT Convergence RACI Chart Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader

    There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

    • Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
    • Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
    • Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
    • Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

    Download the Secure IT/OT Convergence RACI Chart Tool

    Define RACI Chart

    Sample RACI chart with only the 'Plan' section enlarged.

    Define responsible, accountable, consulted, and informed (RACI) stakeholders.
    1. Customize the "work units" to best reflect your operation with applicable stakeholders.
    2. Customize the "action“ rows as required.
    Info-Tech Insight

    The roles and responsibilities should be clearly defined. For example, IT network should be responsible for the communication and configuration of all access points and devices from the remote client to the control system DMZ, and controls engineering should be responsible from the control system DMZ to the control system.

    Plan

    Establish governance and build cross-functional team

    To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

    The maturity ladder with levels 'Fully Converged', 'Collaborative Partners', 'Trusted Resources', 'Affiliated Entities', and 'Siloed' at the bottom. Each level has four maturity indicators listed.

    Info-Tech Insight

    To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

    Centralized security governance model example

    Example of a centralized security governance model.

    Plan

    Identify convergence elements and compliance obligations

    To switch the focus from confidentiality and integrity to safety and availability for OT system, it is important to have a common language such as the Purdue model for technical communication.
    • A lot of OT compliance standards are technically focused and do not address governance and management, e.g. IT standards like the NIST Cybersecurity Framework. For example, OT system modeling with Purdue model will help IT teams to understand assets, networking, and controls. This understanding is needed to know the possible security solutions and where these solutions could be embedded to the OT system with respect to safety, reliability, and availability.
    • However, deployment of technical solutions or patches to OT system may nullify warranty, so arrangements should be made to manage this with the vendor or manufacturer prior to modification.
    • Finally, OT modernizations such as smart grid together with the advent of IIoT where data flow is becoming less hierarchical have encouraged the birth of a hybrid Purdue model, which maintains segmentation with flexibility for communications.

    Level 5: Enterprise Network

    Level 4: Site Business

    Level 3.5: DMZ
    Example: Patch Management Server, Application Server, Remote Access Server

    Level 3: Site Operations
    Example: SCADA Server, Engineering Workstation, Historian

    Level 2: Area Supervisory Control
    Example: SCADA Client, HMI

    Level 1: Basic Control
    Example: Batch Controls, Discrete Controls, Continuous Process Controls, Safety Controls, e.g. PLCs, RTUs

    Level 0: Process
    Example: Sensors, Actuators, Field Devices

    (Source: “Purdue Enterprise Reference Architecture (PERA) Model,” ISA-99.)

    Identify compliance obligations

    To manage compliance obligations, it is important to use a platform which not only performs internal and external monitoring, but also provides third-party vendors with visibility on potential threats in their organization.
    Example table of compliance obligations standards. Example tables of compliance obligations regulations and guidelines.

    Source:
    ENISA, 2013
    DHS, 2009.

    • OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive.
    • OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties.
    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

    IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

    International series of standards for asset owners, system integrators, and product manufacturers.
    Diagram of the international series of standards for asset owners.
    (Source: Cooksley, 2021)
    • IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer.
    • In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction.
    • For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level.
    • For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

    Record your compliance obligations

    Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      1. Laws
      2. Government regulations
      3. Industry standards
      4. Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool.
    3. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.
    Table of mandatory and voluntary security compliance obligations.

    Plan

    Assess readiness

    Readiness checklist for secure IT/OT convergence

    People

    • Define roles and responsibilities on interaction based on skill sets and the degree of support and alignment.
    • Adopt well-established security governance practices for cross-functional teams.
    • Analyze and develop skills required by implementing awareness, induction, and cross-training program.

    Process

    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Redesign cybersecurity processes for your secure IT/OT convergence program.
    • Develop a baseline and periodically review on risks, security policies and procedures, incident response, disaster recovery, and business continuity plan.

    Technology

    • Conduct a maturity assessment and identify convergence elements and compliance obligations.
    • Develop a roadmap and deploy converging security architecture and controls step by step, working with trusted technology partners.
    • Monitor security metrics on effectiveness and efficiency and conduct continuous testing by red-team and blue-team activities.

    (Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

    Enhance

    Update security strategy

    To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

    Cycle for updating security strategy: 'Architecture design', 'Procurement', 'Installation', 'Maintenance', 'Decommissioning'.
    (Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)
    • OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning.
    • Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle.
    • Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

    Enhance

    Update risk management framework

    The need for asset and threat taxonomy

    • One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year.
    • Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help.
    • Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.
    Risk management framework.
    (Source: ENISA, 2018.)

    Enhance

    Update security policies and procedures

    • Policy is the link between people, process, and technology for any size of organization. Small organizations may think that having formal policies in place is not necessary for their operations, but compliance is applicable to all organizations, and vulnerabilities affect organizations of all sizes as well. Small organizations partnering with clients or other organizations are sometimes viewed as ideal proxies for attackers.
    • Updating security policies to align with the OT system so that there is a uniform approach to securing both IT and OT environments has several benefits. For example, enhancing the overall security posture as issues are pre-emptively avoided, being better prepared for auditing and compliance requirements, and improving governance especially when OT governance is weak.
    • In updating security policies, it is important to redefine the policy framework to include the OT framework and to prioritize the development of security policies. For example, entities that own or manage US and Canadian electric power grids must comply with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, specifically CIP-003 for Policy and Governance. This can be achieved by understanding the current state of policies and by right-sizing the policy suite based on a policy hierarchy.
    The White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028) in 2021 that establishes new requirements on the scope of protection and security policy such that it must include both IT and OT.

    Policy hierarchy example

    This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

    Example policy hierarchy with four levels, from top-down: 'Governance', 'Process-based policies', 'Prescriptive/ technical (for IT including OT elements)', 'Prescriptive/ technical (for users)'.

    Enhance

    Update IR, DR, and BCP

    A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

    1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
      E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
    2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
      E.g. full authority, shared authority. (Software Engineering Institute, 2003)
    3. Update IR plan, DR plan, and BCP for IT/OT convergence.
      E.g. incorporate zero trust principles for converge network
    4. Testing updated IR plan, DR plan, and BCP.

    Optimize

    Implement awareness, induction, and cross-training

    To develop training and awareness programs for all levels of the organization, it is important to understand the common challenges in IT security that also affect secure IT/OT convergence and how to overcome those challenges.

    Alert Fatigue

    Too many false alarms, too many events to process, and an evolving threat landscape that wastes analysts’ valuable time on mundane tasks such as evidence collection. Meanwhile, only limited time is given for decision and conclusion, which results in fear of missing an incident and alert fatigue.

    Skill Shortages

    Obtaining and retaining cybersecurity-skilled talent is challenging. Organizations need to invest in the people, but not all organizations will be able to invest sufficiently to have their own dedicated security team.

    Lack of Insight

    To report progress, clear metrics are needed. However, cybersecurity still falls short in this area, as the system itself is complex, and much work is siloed. Furthermore, lessons learned are not yet distilled into insights yet for improving future accuracy.

    Lack of Visibility

    Ensuring complete visibility of the threat landscape, risks, and assets requires system integration and consistent workflow across the organization, and the convergence of OT, IoT, and IT enhances this challenge (e.g. machines cannot be scanned during operational uptime).
    (Source: Security Intelligence, 2020.)
    “Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs.” (Danny Palmer, ZDNET News, 2022)

    Awareness may not correspond to readiness

    • An issue with IT/OT convergence training and awareness happens when awareness exists, but the personnel are trained only for IT security and are not trained for OT-specific security. For example, some organizations still use generic topics such as not opening email attachments, when the personnel do not even operate using email nor in a web browsing environment. (“Assessing Operational Readiness,” Dragos, 2022)
    • Meanwhile, as is the case with IT, OT security training topics are broad, such as OT threat intelligence, OT-specific incident response, and tabletop exercises.
    • Hence, it requires the creation of a training program development plan that considers the various audiences and topics and maps them accordingly.
    • Moreover, roles are also evolving due to convergence and modernization. These new roles require an integrative skill set. For example, the grid security & ops team might consist of an IT security specialist, SCADA technician/engineer, and OT/IIOT security specialist where OT/IIOT security specialist is a new role. (Grid Modernization: Optimize Opportunities and Minimize Risks,” Info-Tech)
    • In conclusion, it is important to approach talent development with an open mind. The ability to learn and flexibility in the face of change are important attributes, and technical skill sets can be improved with certifications and training.
    “One area regularly observed by Dragos is a weakness in overall cyber readiness and training tailored specific to the OT environment.” (“Assessing Operational Technology,” Dragos, 2022.)

    Certifications

    What are the options?
    • One of issues in certification is the complexity on relevancy in topics with respect to roles and levels.
    • An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications.

    Specific cybersecurity certification of ICS/SCADA
    Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course.

    Other relevant certification schemes
    Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP).

    Safety Certifications
    Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

    Order of certifications with 'Orientation' at the top, 'Scope', then 'Support'.(Source: ENISA, 2015.)

    Optimize

    Design and deploy converging security architecture and controls

    • IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it.
    • The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle.
    • In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege.
    • Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone”
    • This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.
    Diagram for the deployments of converging security architecture.(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

    Off-the-shelf solutions

    Getting the right recipe: What criteria to consider?

    Image of a shopping cart with the four headlines on the right listed in order from top to bottom.
    Icon of an eye crossed out. Visibility and Asset Management

    Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths.

    Icon of gears. Threat Detection, Mitigation, and Response (+ Hunting)

    Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics.

    Icon of a check and pen. Risk Assessment and Vulnerability Management

    Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management.

    Icon of a wallet. Usability, Architecture, Cost

    The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

    Optimize

    Establish and monitor IT/OT security metrics for effectiveness and efficiency

    Role of security metrics in a cybersecurity program (EPRI, 2017.)
    • Requirements for secure IT/OT are derived from mandatory or voluntary compliance, e.g. NERC CIP, NIST SP 800-53.
    • Frameworks for secure IT/OT are used to build and implement security, e.g. NIST CSF, AESCSF.
    • Maturity of secure IT/OT is used to measure the state of security, e.g. C2M2, CMMC.
    • Security metrics have the role of measuring effectiveness and efficiency.

    Icon of a person ascending stairs.
    Safety

    OT interfaces with the physical world. Thus, metrics based on risks related with life, health, and safety are crucial. These metrics motivate personnel by making clear why they should care about security. (EPRI, 2017.)

    Icon of a person ascending stairs.
    Business Performance

    The impact of security on the business can be measured in various metrics such as operational metrics, service level agreements (SLAs), and financial metrics. (BMC, 2022.)

    Icon of a person ascending stairs.
    Technology Performance

    Early detection will lead to faster remediation and less damage. Therefore, metrics such as maximum tolerable downtime (MTD) and mean time to recovery (MTR) indicate system reliability. (Dark Reading, 2022)

    Icon of a person ascending stairs.
    Security Culture

    The metrics for the overall quality of security culture with indicators such as compliance and audit, vulnerability management, and training and awareness.

    Further information

    Related Info-Tech Research

    Sample of 'Build an Information Security Strategy'.

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations.

    This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

    Sample of 'Preparing for Technology Convergence in Manufacturing'.

    Preparing for Technology Convergence in Manufacturing

    Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication.

    Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

    Sample of 'Implement a Security Governance and Management Program'.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Bibliography

    Assante, Michael J. and Robert M. Lee. “The Industrial Control System Cyber Kill Chain.” SANS Institute, 2015.

    “Certification of Cyber Security Skills of ICS/SCADA Professionals.” European Union Agency for Cybersecurity (ENISA), 2015. Web.

    Cooksley, Mark. “The IEC 62443 Series of Standards: A Product Manufacturer‘s Perspective.” YouTube, uploaded by Plainly Explained, 27 Apr. 2021. Accessed 26 Aug. 2022.

    “Cyber Security Metrics for the Electric Sector: Volume 3.” Electric Power Research Institute (EPRI), 2017.

    “Cybersecurity and Physical Security Convergence.” Cybersecurity and Infrastructure Security Agency (CISA). Accessed 19 May 2022.

    “Cybersecurity in Operational Technology: 7 Insights You Need to Know,” Ponemon, 2019. Web.

    “Developing an Operational Technology and Information Technology Incident Response Plan.” Public Safety Canada, 2020. Accessed 6 Sep. 2022.

    Gilsinn, Jim. “Assessing Operational Technology (OT) Cybersecurity Maturity.” Dragos, 2021. Accessed 02 Sep. 2022.

    “Good Practices for Security of Internet of Things.” European Union Agency for Cybersecurity (ENISA), 2018. Web.

    Greenfield, David. “Is the Purdue Model Still Relevant?” AutomationWorld. Accessed 1 Sep. 2022

    Hemsley, Kevin E., and Dr. Robert E. Fisher. “History of Industrial Control System Cyber Incidents.” US Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.

    “ICS Security Related Working Groups, Standards and Initiatives.” European Union Agency for Cybersecurity (ENISA), 2013.

    Killcrece, Georgia, et al. “Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Software Engineering Institute, CMU, 2003.

    Liebig, Edward. “Security Culture: An OT Survival Story.” Dark Reading, 30 Aug. 2022. Accessed 29 Aug. 2022.

    Bibliography

    O'Neill, Patrick. “Russia Hacked an American Satellite Company One Hour Before the Ukraine Invasion.” MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.

    Palmer, Danny. “Your Cybersecurity Staff Are Burned Out – And Many Have Thought About Quitting.” Zdnet, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Pathak, Parag. “What Is Threat Management? Common Challenges and Best Practices.” SecurityIntelligence, 23 Jan. 2020. Web.

    Raza, Muhammad. “Introduction To IT Metrics & KPIs.” BMC, 5 May 2022. Accessed 12 Sep. 2022.

    “Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability.” Department of Homeland Security (DHS), Oct. 2009. Web.

    Sharma, Ax. “Sigma Rules Explained: When and How to Use Them to Log Events.” CSO Online, 16 Jun. 2018. Accessed 15 Aug. 2022.

    “Significant Cyber Incidents.” Center for Strategic and International Studies (CSIS). Accessed 1 Sep. 2022.

    Tom, Steven, et al. “Recommended Practice for Patch Management of Control Systems.” Department of Homeland Security (DHS), 2008. Web.

    “2021 ICS/OT Cybersecurity Year In Review.” Dragos, 2022. Accessed 6 Sep. 2022.

    “2021 State of Operational Technology and Cybersecurity Report,” Fortinet, 2021. Web.

    Zetter, Kim. “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed.” Black Hat USA, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Research Contributors and Experts

    Photo of Jeff Campbell, Manager, Technology Shared Services, Horizon Power, AU. Jeff Campbell
    Manager, Technology Shared Services
    Horizon Power, AU

    Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors.

    Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability.

    As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

    Christopher Harrington
    Chief Technology Officer (CTO)
    Carolinas Telco Federal Credit Union

    Frank DePaola
    Vice President, Chief Information Security Officer (CISO)
    Enpro

    Kwasi Boakye-Boateng
    Cybersecurity Researcher
    Canadian Institute for Cybersecurity

    Establish a Sustainable ESG Reporting Program

    • Buy Link or Shortcode: {j2store}194|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance

    Consistent, high-quality disclosure of ESG practices is the means by which organizations can demonstrate they are acting responsibly and in the best interest of their customers and society. Organizations may struggle with these challenges when implementing an ESG reporting program:

    • Narrowing down ESG efforts to material ESG issues
    • Building a sustainable reporting framework
    • Assessing and solving for data gaps and data quality issues
    • Being aware of the tools and best practices available to support regulatory and performance reporting

    Our Advice

    Critical Insight

    • A tactical approach to ESG reporting will backfire. The reality of climate change and investor emphasis is not going away. For long-term success, organizations need to design an ESG reporting program that is flexible, interoperable, and digital.
    • Implementing a robust reporting program takes time. Start early, remain focused, and make plans to continually improve data quality and collection and performance metrics.
    • The “G” in ESG may not be capturing the limelight under ESG legislation yet, but there are key factors within the governance component that are under the regulatory microscope, including data, cybersecurity, fraud, and diversity and inclusion. Be sure you stay on top of these issues and include performance metrics in your internal and external reporting frameworks.

    Impact and Result

    • Successful organizations recognize that transparent ESG disclosure is necessary for long-term corporate performance.
    • Taking the time up front to design a robust and proactive ESG reporting program will pay off in the long run.
    • Future-proof your ESG reporting program by leveraging new tools, technologies, and software applications.

    Establish a Sustainable ESG Reporting Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish a Sustainable ESG Reporting Program Storyboard – A comprehensive framework to define an ESG reporting program that supports your ESG goals and reporting requirements.

    This storyboard provides a three-phased approach to establishing a comprehensive ESG reporting framework to drive sustainable corporate performance. It will help you identify what to report, understand how to implement your reporting program, and review in-house and external software and tooling options.

    • Establish a Sustainable ESG Reporting Program Storyboard

    2. ESG Reporting Workbook – A tool to document decisions, rationale, and implications of key activities to support your ESG reporting program.

    The workbook allows IT and business leaders to document decisions as they work through the steps to establish a comprehensive ESG reporting framework.

    • ESG Reporting Workbook

    3. ESG Reporting Implementation Plan – A tool to document tasks required to deliver and address gaps in your ESG reporting program.

    This planning tool guides IT and business leaders in planning, prioritizing, and addressing gaps to build an ESG reporting program.

    • ESG Reporting Implementation Plan Template

    4. ESG Reporting Presentation Template – A guide to communicate your ESG reporting approach to internal stakeholders.

    Use this template to create a presentation that explains the drivers behind the strategy, communicates metrics, demonstrates gaps and costs, and lays out the timeline for the implementation plan.

    • ESG Reporting Presentation Template

    Infographic

    Workshop: Establish a Sustainable ESG Reporting Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Material ESG Factors

    The Purpose

    Determine material ESG factors.

    Key Benefits Achieved

    Learn how to identify your key stakeholders and material ESG risks.

    Activities

    1.1 Create a list of stakeholders and applicable ESG factors.

    1.2 Create a materiality map.

    Outputs

    List of stakeholders and applicable ESG factors

    Materiality map

    2 Define Performance and Reporting Metrics

    The Purpose

    Define performance and reporting metrics.

    Key Benefits Achieved

    Align your ESG strategy with key performance metrics.

    Activities

    2.1 Create a list of SMART metrics.

    2.2 Create a list of reporting obligations.

    Outputs

    SMART metrics

    List of reporting obligations

    3 Assess Data and Implementation Gaps

    The Purpose

    Assess data and implementation gaps.

    Key Benefits Achieved

    Surface data and technology gaps.

    Activities

    3.1 Create a list of high-priority data gaps.

    3.2 Summarize high-level implementation considerations.

    Outputs

    List of high-priority data gaps

    Summary of high-level implementation considerations

    4 Consider Software and Tooling Options

    The Purpose

    Select software and tooling options and develop implementation plan.

    Key Benefits Achieved

    Complete your roadmap and internal communication document.

    Activities

    4.1 Review tooling and technology options.

    4.2 Prepare ESG reporting implementation plan.

    4.3 Prepare the ESG reporting program presentation.

    Outputs

    Selected tooling and technology

    ESG reporting implementation plan

    ESG reporting strategy presentation

    Further reading

    Establish a Sustainable ESG Reporting Program

    Strengthen corporate performance by implementing a holistic and proactive reporting approach.

    Analyst Perspective

    The shift toward stakeholder capitalism cannot be pinned on one thing; rather, it is a convergence of forces that has reshaped attitudes toward the corporation. Investor attention on responsible investing has pushed corporations to give greater weight to the achievement of corporate goals beyond financial performance.

    Reacting to the new investor paradigm and to the wider systemic risk to the financial system of climate change, global regulators have rapidly mobilized toward mandatory climate-related disclosure.

    IT will be instrumental in meeting the immediate regulatory mandate, but their role is much more far-reaching. IT has a role to play at the leadership table shaping strategy and assisting the organization to deliver on purpose-driven goals.

    Delivering high-quality, relevant, and consistent disclosure is the key to unlocking and driving sustainable corporate performance. IT leaders should not underestimate the influence they have in selecting the right technology and data model to support ESG reporting and ultimately support top-line growth.

    Photo of Yaz Palanichamy

    Yaz Palanichamy
    Senior Research Analyst
    Info-Tech Research Group

    Photo of Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization needs to define a ESG reporting strategy that is driven by corporate purpose.

    Climate-related disclosure mandates are imminent; you need to prepare for them by building a sustainable reporting program now.

    There are many technologies available to support your ESG program plans. How do you choose the one that is right for your organization?

    Common Obstacles

    Knowing how to narrow down ESG efforts to material ESG issues for your organization.

    Understanding the key steps to build a sustainable ESG reporting program.

    Assessing and solving for data gaps and data quality issues.

    Being aware of the tools and best practices available to support regulatory and performance reporting.

    Info-Tech’s Approach

    Learn best-practice approaches to develop and adopt an ESG reporting program approach to suit your organization’s unique needs.

    Understand the key features, tooling options, and vendors in the ESG software market.

    Learn through analyst insights, case studies, and software reviews on best-practice approaches and tool options.

    Info-Tech Insight

    Implementing a robust reporting program takes time. Start early, remain focused, and plan to continually improve data quality and collection and performance metrics

    Putting “E,” “S,” and “G” in context

    Corporate sustainability depends on managing ESG factors well

    Environmental, social, and governance are the components of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.

    Human activities, particularly fossil fuel burning since the middle of the twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere. The “E” in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.

    The “S” in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also to prosocial behavior. It’s the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.

    The “G” in ESG is foundational to the realization of “S” and “E.” It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.

    A diagram that shows common examples of ESG issues.

    The impact of ESG factors on investment decisions

    Alleviate Investment Risk

    Organizational Reputation: Seventy-four percent of those surveyed were concerned that failing to improve their corporate ESG performance would negatively impact their organization’s branding and overall reputation in the market (Intelex, 2022).

    Ethical Business Compliance: Adherence to well-defined codes of business conduct and implementation of anti-corruption and anti-bribery practices is a great way to distinguish between organizations with good/poor governance intentions.

    Shifting Consumer Preferences: ESG metrics can also largely influence consumer preferences in buying behavior intentions. Research from McKinsey shows that “upward of 70 percent” of consumers surveyed on purchases in multiple industries said they would pay an additional 5 percent for a green product if it met the same performance standards as a nongreen alternative (McKinsey, 2019).

    Responsible Supply Chain Management: The successful alignment of ESG criteria with supply chain operations can lead to several benefits (e.g. producing more sustainable product offerings, maintaining constructive relationships with more sustainability-focused suppliers).

    Environmental Stewardship: The growing climate crisis has forced companies of all sizes to rethink how they plan their corporate environmental sustainability practices.

    Compliance With Regulatory Guidelines: An increasing emphasis on regulations surrounding ESG disclosure rates may result in some institutional investors taking a more proactive stance toward ESG-related initiatives.

    Sustaining Competitive Advantage: Given today’s globalized economy, many businesses are constantly confronted with environmental issues (e.g. water scarcity, air pollution) as well as social problems (e.g. workplace wellness issues). Thus, investment in ESG factors is simply a part of maintaining competitive advantage.

    Leaders increasingly see ESG as a competitive differentiator

    The perceived importance of ESG has dramatically increased from 2020 to 2023

    A diagram that shows the perceived importance of ESG in 2020 and 2023.

    In a survey commissioned by Schneider Electric, researchers categorized the relative importance of ESG planning initiatives for global IT business leaders. ESG was largely identified as a critical factor in sustaining competitive advantage against competitors and maintaining positive investor/public relations.
    Source: S&P Market Intelligence, 2020; N=825 IT decision makers

    “74% of finance leaders say investors increasingly use nonfinancial information in their decision-making.”
    Source: EY, 2020

    Regulatory pressure to report on carbon emission is building globally

    The Evolving Regulatory Landscape

    Canada

    • Canadian Securities Administrators (CSA) NI 51-107 Disclosure of Climate-related Matters

    United States

    • Securities and Exchange Commission (SEC) 33-11042 – The Enhancement and Standardization of Climate-Related Disclosures for Investors
    • SEC 33-11038 Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
    • Nasdaq Board Diversity Rule (5605(f))

    Europe

    • European Commission Sustainable Finance Disclosure Regulation (SFDR)
    • European Commission EU Supply Chain Act
    • The German Supply Chain Act (GSCA)
    • Financial Conduct Authority UK Proposal (DP 21/4) Sustainability Disclosure Requirements and investment labels
    • UK Modern Slavery Act, 2015

    New Zealand

    • The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021

    Accurate ESG reporting will be critical to meet regulatory requirements

    ESG reporting is the disclosure of environmental, social, and governance (ESG) data via qualitative and quantitative reports.

    It is how organizations make their sustainability commitments and strategies transparent to stakeholders.

    For investors it provides visibility into a company's ESG activities, enabling them to align investments to their values and avoid companies that cause damage to the environment or are offside on social and governance issues.

    Despite the growing practice of ESG reporting, reporting standards and frameworks are still evolving and the regulatory approach for climate-related disclosure is inconsistent across jurisdictions, making it challenging for organizations to develop a robust reporting program.

    “Environmental, social and governance (ESG) commitments are at the core a data problem.”

    Source: EY, 2022

    However, organizations will struggle to meet reporting requirements

    An image that shows 2 charts: How accurately can your organization report on the impact of its ESG Initiatives; and More specifically, if it was required to do so, how accurately could your organization report on its carbon footprint.

    Despite the commitment to support an ESG Initiative, less than a quarter of IT professionals say their organization can accurately report on the impact of its ESG initiatives, and 44% say their reporting on impacts is not accurate.

    Reporting accuracy was even worse for reporting on carbon footprint with 46% saying their organization could not report on its carbon footprint accurately. This despite most IT professionals saying they are working to support environmental mandates.

    Global sustainability rankings based on ESG dimensions

    Global Country Sustainability Ranking Map

    An image of Global Country Sustainability Ranking Map, with a score of 0 to 10.

    Country Sustainability Scores (CSR) as of October 2021
    Scores range from 1 (poor) to 10 (best)
    Source: Robeco, 2021

    ESG Performance Rankings From Select Countries

    Top ESG and sustainability performer

    Finland has ranked consistently as a leading sustainability performer in recent years. Finland's strongest ESG pillar is the environment, and its environmental ranking of 9.63/10 is the highest out of all 150 countries.

    Significant score deteriorations

    Brazil, France, and India are among the countries whose ESG score rankings have deteriorated significantly in the past three years.

    Increasing political tensions and risks as well as aftershock effects of the COVID-19 pandemic (e.g. high inequality and insufficient access to healthcare and education) have severely impacted Brazil’s performance across the governance and social pillars of the ESG framework, ultimately causing its overall ESG score to drop to a CSR value of 5.31.

    Largest gains and losses in ESG scores

    Canada has received worse scores for corruption, political risk, income inequality, and poverty over the past three years.

    Taiwan has seen its rankings improve in terms of overall ESG scores. Government effectiveness, innovation, a strong semiconductor manufacturing market presence, and stronger governance initiatives have been sufficient to compensate for a setback in income and economic inequality.

    Source: Robeco, 2021

    Establish a Sustainable Environmental, Social, and Governance (ESG) Reporting Program

    A diagram of establishing a sustainable ESG reporting program.

    Blueprint benefits

    Business Benefits

    • Clarity on technical and organizational gaps in the organization’s ability to deliver ESG reporting strategy.
    • Transparency on the breadth of the change program, internal capabilities needed, and accountable owners.
    • Reduced likelihood of liability.
    • Improved corporate performance and top-line growth.
    • Confidence that the organization is delivering high-quality, comprehensive ESG disclosure.

    IT Benefits

    • Understanding of IT’s role as strategic enabler for delivering high-quality ESG disclosure and sustainable corporate performance.
    • Transparency on primary data gaps and technology and tools needed to support the ESG reporting strategy.
    • Clear direction of material ESG risks and how to prioritize implementation efforts.
    • Awareness of tool selection options.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Photo of Executive Presentation.

    Key deliverable: Executive Presentation

    Leverage this presentation deck to improve corporate performance by implementing a holistic and proactive ESG reporting program.

    Photo of Workbook

    Workbook

    As you work through the activities, use this workbook to document decisions and rationale and to sketch your materiality map.

    Photo of Implementation Plan

    Implementation Plan

    Use this implementation plan to address organizational, technology, and tooling gaps.

    Photo of RFP Template

    RFP Template

    Leverage Info-Tech’s RFP Template to source vendors to fill technology gaps.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Workshop Overview

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Determine Material ESG Factors

    1.1 Review ESG drivers.
    1.2 Identify key stakeholders and what drives their behavior.
    1.3 Discuss materiality frameworks options and select baseline model.
    1.4 Identify material risks and combine and categorize risks.
    1.5 Map material risks on materiality assessment map.

    Define Performance and Reporting Metrics

    2.1 Understand common program metrics for each ESG component.
    2.2 Consider and select program metrics.
    2.3 Discuss ESG risk metrics.
    2.4 Develop SMART metrics.
    2.5 Surface regulatory reporting obligations.

    Assess Data and Implementation Gaps

    3.1 Assess magnitude and prioritize data gaps.
    3.2 Discuss high-level implementation considerations and organizational gaps.

    Software and Tooling Options

    4.1 Review technology options.
    4.2 Brainstorm technology and tooling options and the feasibility of implementing.
    4.3 Prepare implementation plan.
    4.4 Draft ESG reporting program communication.
    4.5 Optional – Review software selection options.

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days.
    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Customized list of key stakeholders and material ESG risks
    2. Materiality assessment map

    1. SMART metrics
    2. List of regulatory reporting obligations

    1. High-priority data gaps
    2. High-level implementation considerations

    1. Technology and tooling opportunities
    2. Implementation Plan
    3. ESG Reporting Communication

    1. ESG Reporting Workbook
    2. Implementation Plan

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Phase 1

    Explore ESG Reporting

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will walk you through the following:

    • Define key stakeholders and material ESG factors.
    • Identify material ESG issues.
    • Develop SMART program metrics.
    • List reporting obligations.
    • Surface high-level data gaps.
    • Record high-level implementation considerations.

    This phase involves the following participants: CIO, CCO, CSO, business leaders, legal, marketing and communications, head of ESG reporting, and any dedicated ESG team members

    Practical steps for ESG disclosure

    Measuring and tracking incremental change among dimensions such as carbon emissions reporting, governance, and diversity, equity, and inclusion (DEI) requires organizations to acquire, analyze, and synthesize data from beyond their internal organizational ecosystems

    A diagram that shows 5 steps of identify, assess, implement, report & communicate, and monitor & improve.

    1.1 Ensure your reporting requirements are comprehensive

    A diagram of reporting lifecycle.

    This section will walk you through some key considerations for establishing your ESG reporting strategy. The first step in this process is to identify the scope of your reporting program.

    Defining the scope of your reporting program

    1. Stakeholder requirements: When developing a reporting program consider all your stakeholder needs as well as how they want to consume the information.
    2. Materiality assessment: Conduct a materiality assessment to identify the material ESG issues most critical to your organization. Organizations will need to report material risks to internal and external stakeholders.
    3. Purpose-driven goals: Your ESG reporting must include metrics to measure performance against your purpose-driven strategy.
    4. Regulatory requirements & industry: Work with your compliance and legal teams to understand which reporting requirements apply. Don’t forget requirements under the “S” and “G” components. Some jurisdictions require DEI reporting, and the Securities and Exchange Commission (SEC) in the US recently announced cybersecurity disclosure of board expertise and management oversight practices.

    Factor 1: Stakeholder requirements

    Work with key stakeholders to determine what to report

    A diagram that shows internal and external stakeholders.

    Evaluate your stakeholder landscape

    Consider each of these areas of the ESG Stakeholder Wheel and identify your stakeholders. Once stakeholders are identified, consider how the ESG factors might be perceived by delving into the ESG factors that matter to each stakeholder and what drives their behavior.

    A diagram of ESG impact, including materiality assessment, interviews, benchmark verses competitors, metrics and trend analysis.

    Determine ESG impact on stakeholders

    Review materiality assessment frameworks for your industry to surface ESG factors for your segment and stakeholder group(s).

    Perform research and analysis of the competition and stakeholder trends, patterns, and behavior

    Support your findings with stakeholder interviews.

    Stakeholders will prioritize ESG differently. Understanding their commitment is a critical success factor.

    Many of your stakeholders care about ESG commitments…

    27%: Support for social and environmental proposals at shareholder meetings of US companies rose to 27% in 2020 (up from 21% in 2017).
    Source: Sustainable Investments Institute, 2020.

    79%: of investors consider ESG risks and opportunities an important factor in investment decision making.
    Source: “Global Investor Survey,” PwC, 2021.

    ...Yet

    33%: of survey respondents cited that a lack of attention or support from senior leadership was one of the major barriers preventing their companies from making any progress on ESG issues.
    Source: “Consumer Intelligence Survey,” PwC, 2021.

    Info-Tech Insight

    To succeed with ESG reporting it is essential to understand who we hold ourselves accountable to and to focus ESG efforts in areas with the optimal balance between people, the planet, and profits

    Activity 1: Define stakeholders

    Input: Internal documentation (e.g. strategy, annual reports), ESG Stakeholder Wheel
    Output: List of key stakeholders and applicable ESG factors
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders

    2 hours

    1. Using the ESG Stakeholder Wheel as a baseline, consider the breadth of your organization’s value chain and write down all your stakeholders.
    2. Discuss what drives their behavior. Be as detailed as you can be. For example, if it’s a consumer, delve into their age group and the factors that may drive their behavior.
    3. List the ESG factors that may be important to each stakeholder.
    4. Write down the communication channels you expect to use to communicate ESG information to this stakeholder group.
    5. Rate the priority of this stakeholder to your organization.
    6. Record this information in ESG Reporting Workbook.
    7. Optional – consider testing the results with a targeted survey.

    Download the ESG Reporting Workbook

    Activity 1: Example

    An example of activity 1 (defining stakeholders)

    Factor 2: Materiality assessments

    Conduct a materiality assessment to inform company strategy and establish targets and metrics for risk and performance reporting

    The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.

    The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking at a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.

    It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.

    Organizations can use assessment tools from Sustainalytics or GRI, SASB Standards, or guidance and benchmarking information from industry associations to help assess ESG risks .

    An image of materiality matrix to understand ESG exposure

    Info-Tech Insight

    The materiality assessment informs your risk management approach. Material ESG risks identified should be integrated into your organization’s risk reporting framework.

    Supplement your materiality assessment with stakeholder interviews

    A diagram that shows steps of stakeholder interviews.

    How you communicate the results of your ESG assessment may vary depending on whether you’re communicating to internal or external stakeholders and their communication delivery preferences.

    Using the results from your materiality assessment, narrow down your key stakeholders list. Enhance your strategy for disclosure and performance measurement through direct and indirect stakeholder engagement.

    Decide on the most suitable format to reach out to these stakeholders. Smaller groups lend themselves to interviews and forums, while surveys and questionnaires work well for larger groups.

    Develop relevant questions tailored to your company and the industry and geography you are in.

    Once you receive the results, decide how and when you will communicate them.

    Determine how they will be used to inform your strategy.

    Steps to determine material ESG factors

    Step 1

    Select framework

    A diagram of framework

    Review reporting frameworks and any industry guidance and select a baseline reporting framework to begin your materiality assessment.

    Step 2

    Begin to narrow down

    A diagram of narrowing down stakeholders

    Work with stakeholders to narrow down your list to a shortlist of high-priority material ESG issues.

    Step 3

    Consolidate and group

    A diagram of ESG grouping

    Group ESG issues under ESG components, your company’s strategic goals, or the UN’s Sustainable Development Goals.

    Step 4

    Rate the risks of ESG factors

    A diagram of rating the risks of ESG factors

    Assign an impact and likelihood scale for each risk and assign your risk threshold.

    Step 5

    Map

    A diagram of material map

    Use a material map framework such as GRI or SASB or Info-Tech’s materiality map to visualize your material ESG risks.

    Materiality assessment

    The materiality assessment is a strategic tool used to help identify, refine, and assess the numerous ESG issues in the context of your organization.

    There is no universally accepted approach to materiality assessments. Although the concept of materiality is often embedded within a reporting standard, your approach to conducting the materiality assessment does not need to link to a specific reporting standard. Rather, it can be used as a baseline to develop your own.

    To arrive at the appropriate outcome for your organization, careful consideration is needed to tailor the materiality assessment to meet your organization’s objectives.

    When defining the scope of your materiality assessment consider:

    • Your corporate ESG purpose and sustainability strategy
    • Your audience and what drives their behavior
    • The relevance of the ESG issues to your organization. Do they impact strategy? Increase risk?
    • The boundaries of your materiality assessment (e.g. regions or business departments, supply chains it will cover)
    • Whether you want to assess from a double materiality perspective

    A diagram of framework

    Consider your stakeholders and your industry when selecting your materiality assessment tool – this will ensure you provide relevant disclosure information to the stakeholders that need it.

    Double materiality is an extension of the financial concept of materiality and considers the broader impact of an organization on the world at large – particularly to people and climate.

    Prioritize and categorize

    A diagram of narrowing down stakeholders

    Using internal information (e.g. strategy, surveys) and external information (e.g. competitors, industry best practices), create a longlist of ESG issues.

    Discuss and narrow down the list. Be sure to consider opportunities – not just material risks!

    A diagram of ESG grouping

    Group the issues under ESG components or defined strategic goals for your organization. Another option is to use the UN’s Sustainable Development Goals to categorize.

    Differentiate ESG factors that you already measure and report.

    The benefit of clustering is that it shows related topics and how they may positively or negatively influence one another.

    Internal risk disclosure should not be overlooked

    Bank of America estimates ESG disputes have cost S&P companies more than $600 billion in market capitalization in the last seven years alone.

    ESG risks are good predictors of future risks and are therefore key inputs to ensure long-term corporate success.

    Regardless of the size of your organization, it’s important to build resilience against ESG risks.

    To protect an organization against an ESG incident and potential liability risk, ESG risks should be treated like any other risk type and incorporated into risk management and internal reporting practices, including climate scenario analysis.

    Some regulated entities will be required to meet climate-related financial disclosure expectations, and sound risk management practices will be prescribed through regulatory guidance. However, all organizations should instill sound risk practices.

    ESG risk management done right will help protect against ESG mishaps that can be expensive and damaging while demonstrating commitment to stakeholders that have influence over all corporate performance.

    Source: GreenBiz, 2022.

    A diagram of risk landscape.

    IT has a role to play to provide the underlying data and technology to support good risk decisions.

    Visualize your material risks

    Leverage industry frameworks or use Info-Tech’s materiality map to visualize your material ESG risks.

    GRI’s Materiality Matrix

    A photo of GRI’s Materiality Matrix

    SASB’s Materiality Map

    A photo of SASB’s Materiality Map

    Info-Tech’s Materiality Map

    A diagram of material map

    Activity 2: Materiality assessment

    Input: ESG corporate purpose or any current ESG metrics; Customer satisfaction or employee engagement surveys; Materiality assessment tools from SASB, Sustainalytics, GRI, or industry frameworks; Outputs from stakeholder outreach/surveys
    Output: Materiality map, a list of material ESG issues
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders, Participants from marketing and communications

    2-3 hour

    1. Begin by reviewing various materiality assessment frameworks to agree on a baseline framework. This will help to narrow down a list of topics that are relevant to your company and industry.
    2. As a group, discuss the potential impact and start listing material issues. At first the list will be long, but the group will work collectively to prioritize and consolidate the list.
    3. Begin to combine and categorize the results by aligning them to your ESG purpose and strategic pillars.
    4. Treat each ESG issue as a risk and map against the likelihood and impact of the risk.
    5. Map the topics on your materiality map. Most of the materiality assessment tools have materiality maps – you may choose to use their map.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Case Study: Novartis

    Logo of Novartis

    • INDUSTRY: Pharmaceuticals
    • SOURCE: Novartis, 2022

    Novartis, a leading global healthcare company based in Switzerland, stands out as a leader in providing medical consultancy services to address the evolving needs of patients worldwide. As such, its purpose is to use science and technologically innovative solutions to address some of society’s most debilitating, challenging, and ethically significant healthcare issues.

    The application of Novartis’ materiality assessment process in understanding critical ESG topics important to their shareholders, stakeholder groups, and society at large enables the company to better quantify references to its ESG sustainability metrics.

    Novartis applies its materiality assessment process to better understand relevant issues affecting its underlying business operations across its entire value chain. Overall, employing Novartis’s materiality assessment process helps the company to better manage its societal, environmental, and economic impacts, thus engaging in more socially responsible governance practices.

    Novartis’ materiality assessment is a multitiered process that includes three major elements:

    1. Identifying key stakeholders, which involves a holistic analysis of internal colleagues and external stakeholders.
    2. Collecting quantitative feedback and asking relevant stakeholders to rank a set of issues (e.g. climate change governance, workplace culture, occupational health and safety) and rate how well Novartis performs across each of those identified issues.
    3. Eliciting qualitative insights by coordinating interviews and workshops with survey participants to better understand why the issues brought up during survey sessions were perceived as important.

    Results

    In 2021, Novartis had completed its most recent materiality assessment. From this engagement, both internal and external stakeholders had ranked as important eight clusters that Novartis is impacting on from an economic, societal, and environmental standpoint. The top four clusters were patient health and safety, access to healthcare, innovation, and ethical business practices.

    Factor 3: ESG program goals

    Incorporate ESG performance metrics that support your ESG strategy

    Another benefit of the materiality assessment is that it helps to make the case for ESG action and provides key information for developing a purpose-led strategy.

    An internal ESG strategy should drive toward company-specific goals such as green-house gas emission targets, use of carbon neutral technologies, focus on reusable products, or investment in DEI programs.

    Most organizations focus on incremental goals of reducing negative impacts to existing operations or improving the value to existing stakeholders rather than transformative goals.

    Yet, a strategy that is authentic and aligned with key stakeholders and long-term goals will bring sustainable value.

    The strategy must be supported by an accountability and performance measurement framework such as SMART metrics.

    A fulsome reporting strategy should include performance metrics

    A photo of SMART metrics: Specific, Measurable, Actionable, Realistic, Time-bound.

    Activity 3: SMART metrics

    Input: ESG corporate purpose or any current ESG metrics, Outputs from activities 1 and 2, Internally defined metrics (i.e. risk metrics or internal reporting requirements)
    Output: SMART metrics
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Risk officer/Risk leaders, Head of ESG Reporting, Business leaders, Participants from marketing and communications

    1-2 hours

    1. Document a list of appropriate metrics to assess the success of your ESG program.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    4. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Sample ESG metrics

    Leverage industry resources to help define applicable metrics

    Environmental

    • Greenhouse gas emissions – total corporate
    • Carbon footprint – percent emitted and trend
    • Percentage of air and water pollution
    • Renewable energy share per facility
    • Percentage of recycled material in a product
    • Ratio of energy saved to actual use
    • Waste creation by weight
    • Circular transition indicators

    Social

    • Rates of injury
    • Lost time incident rate
    • Proportion of spend on local suppliers
    • Entry-level wage vs. local minimum wage
    • Percentage of management who identify with specific identity groups (i.e. gender and ethnic diversity)
    • Percentage of suppliers screened for accordance to ESG vs. total number of suppliers
    • Consumer responsiveness

    Governance

    • Annual CEO compensation compared to median
    • Percentage of employees trained in conflict-of-interest policy
    • Number of data breaches using personally identifiable information (PII)
    • Number of incidents relating to management corruption
    • Percentage of risks with mitigation plans in place

    Activity 3: Develop SMART project metrics

    1-3 hours

    Attach metrics to your goals to gauge the success of the ESG program.

    Sample Metrics

    An image of sample metrics

    Factor 4: Regulatory reporting obligations

    Identify your reporting obligations

    High-level overview of reporting requirements:

    An image of high-level reporting requirements in Canada, the United Kingdom, Europe, and the US.

    Refer to your legal and compliance team for the most up-to-date and comprehensive requirements.

    The focus of regulators is to move to mandatory reporting of material climate-related financial information.

    There is some alignment to the TCFD* framework, but there is a lack of standardization in terms of scope across jurisdictions.
    *TCFD is the Task Force on Climate-Related Financial Disclosures.

    Activity 4: Regulatory obligations

    Input: Corporate strategy documents; Compliance registry or internal governance, risk, and compliance (GRC) tool
    Output: A list of regulatory obligations
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders

    1-2 hours

    1. Begin by listing the jurisdictions in which you operate or plan to operate.
    2. For each jurisdiction, list any known current or future regulatory requirements. Consider all ESG components.
    3. Log whether the requirements are mandatory or voluntary and the deadline to report.
    4. Write any details about reporting framework; for example, if a reporting framework such as TCFD is prescribed.
    5. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.2 Assess impact and weigh options

    A diagram of reporting lifecycle.

    Once the scope of your ESG reporting framework has been identified, further assessment is needed to determine program direction and to understand and respond to organizational impact.

    Key factors for further assessment and decisions include

    1. Reporting framework options. Consider mandated reporting frameworks and any industry standards when deciding your baseline reporting framework. Strive to have a common reporting methodology that serves all your reporting needs: regulatory, corporate, shareholders, risk reporting, etc.
    2. Perform gap analysis. The gap analysis will reveal areas where data may need to be sourced or where tools or external assistance may be needed to help deliver your reporting strategy.
    3. Organizational impact and readiness. The gap analysis will help to determine whether your current operating model can support the reporting program or whether additional resources, tools, or infrastructure will be needed.

    1.2.1 Decide on baseline reporting framework

    1. Determine the appropriate reporting framework for your organization

    Reporting standards are available to enable relevant, high-quality, and comparable information. It’s the job of the reporting entity to decide on the most suitable framework for their organization.

    The most established standard for sustainability reporting is the Global Reporting Initiative (GRI), which has supported sustainability reporting for over 20 years.

    The Task Force on Climate-Related Financial Disclosures (TCFD) was created by the Financial Stability Board to align ESG disclosure with financial reporting. Many global regulators support this framework.

    The International Sustainability Standards Board (ISSB) is developing high-quality, understandable, and enforceable global standards using the Sustainability Accounting Standards Board (SASB) as a baseline. It is good practice to use SASB Standards until the ISSB standards are available.

    2. Decide which rating agencies you will use and why they are important

    ESG ratings are provided by third-party agencies and are increasingly being used for financing and transparency to investors. ESG ratings provide both qualitative and quantitative information.

    However, there are multiple providers, so organizations need to consider which ones are the most important and how many they want to use.

    Some of the most popular rating agencies include Sustainalytics, MSCI, Bloomberg, Moody's, S&P Global, and CDP.

    Reference Appendix Below

    1.2.2 Determine data gaps

    The ESG reporting mandate is built on the assumption of consistent, good-quality data

    To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.

    One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.

    An important step for delivering reporting requirements is to perform a gap analysis early on to surface gaps in the primary data needed to deliver your reporting strategy.

    The output of this exercise will also inform and help prioritize implementation, as it may show that new data sets need to be sourced or tools purchased to collect and aggregate data.

    Conduct a gap analysis to determine gaps in primary data

    A diagram of gap analysis to determine gaps in primary data.

    Activity 5: Gap analysis

    Input: Business (ESG) strategy, Data inventory (if exists), Output from Activity 1: Key stakeholders, Output from Activity 2: Materiality map, Output of Activity 3: SMART metrics, Output of Activity 4: Regulatory obligations
    Output: List of high-priority data gaps
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders, Data analysts

    1-3 hours

    1. Using the outputs from activities 1-4, list your organization’s ESG issues in order of priority. You may choose to develop your priority list by stakeholder group or by material risks.
    2. List any defined SMART metric from Activity 3.
    3. Evaluate data availability and quality of the data (if existing) as well as any impediments to sourcing the data.
    4. Make note if this is a common datapoint, i.e. would you disclose this data in more than one report?
    5. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.3 Take a holistic implementation approach

    Currently, 84 percent of businesses don’t integrate their ESG performance with financial and risk management reporting.

    Source: “2023 Canadian ESG Reporting Insights,” PwC.

    A diagram of reporting lifecycle.

    When implementing an ESG reporting framework, it is important not to implement in silos but to take a strategic approach that considers the evolving nature of ESG and the link to value creation and sound decision making.

    Key implementation considerations include

    1. Setting clear metrics and targets. Key performance indicators (KPIs) and key risk indicators (KRIs) are used to measure ESG factor performance. It’s essential that they are relevant and are constructed using high-quality data. Your performance metrics should be continually assessed and adapted as your ESG program evolves.
    2. Data challenges. Without good-quality data it is impossible to accurately measure ESG performance, generate actionable insights on ESG performance and risk, and provide informative metrics to investors and other stakeholders. Design your data model to be flexible and digital where possible to enable data interoperability.
    3. Architectural approach. IT will play a key role in the design of your reporting framework, including the decision on whether to build, buy, or deliver a hybrid solution. Every organization will build their reporting program to suit their unique needs; however, taking a holistic and proactive approach will support and sustain your strategy long term.

    1.3.1 Metrics and targets for climate-related disclosure

    “The future of sustainability reporting is digital – and tagged.”
    Source: “XBRL Is Coming,” Novisto, 2022.

    In the last few years, global regulators have proposed or effected legislation requiring public companies to disclose climate-related information.

    Yet according to Info-Tech’s 2023 Trends and Priorities survey, most IT professionals expect to support environmental mandates but are not prepared to accurately report on their organization’s carbon footprint.

    IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.

    To future-proof your reporting structure, your data should be readable by humans and machines.

    eXtensible Business Reporting Language (XBRL) tagging is mandated in several jurisdictions for financial reporting, and several reporting frameworks are adopting XBRL for sustainability reporting so that non-financial and financial disclosure frameworks are aligned.

    Example environmental metrics

    • Amount of scope 1, 2, or 3 GHG emissions
    • Total energy consumption
    • Total water consumption
    • Progress toward net zero emission
    • Percentage of recycled material in a product

    1.3.1 Metrics and targets for social disclosure

    “59% of businesses only talk about their positive performance, missing opportunities to build trust with stakeholders through balanced and verifiable ESG reporting.”
    Source: “2023 Canadian ESG Reporting Insights,” PwC.

    To date, regulatory focus has been on climate-related disclosure, although we are beginning to see signals in Europe and the UK that they are turning their attention to social issues.

    Social reporting focuses on the socioeconomic impacts of an organization’s initiatives or activities on society (indirect or direct).

    The “social” component of ESG can be the most difficult to quantify, but if left unmonitored it can leave your organization open to litigation from consumers, employees, and activists.

    Although organizations have been disclosing mandated metrics such as occupational health and safety and non-mandated activities such as community involvement for years, the scope of reporting is typically narrow and hard to measure in financial terms.

    This is now changing with the recognition by companies of the value of social reporting to brand image, traceability, and overall corporate performance.

    Example social metrics

    • Rate of injury
    • Lost time incident rate
    • Proportion of spend on local suppliers
    • Entry-level wage versus local minimum wage
    • Percentage of management within specific identity groups (i.e. gender and ethnic diversity)
    • Number of workers impacted by discrimination

    Case Study: McDonald’s Corporation (MCD)

    Logo of McDonald’s

    • INDUSTRY: Food service retailer
    • SOURCE: RBC Capital Markets, 2021; McDonald’s, 2019

    McDonald’s Corporation is the leading global food service retailer. Its purpose is not only providing burgers to dinner tables around the world but also serving its communities, customers, crew, farmers, franchisees, and suppliers alike. As such, not only is the company committed to having a positive impact on communities and in maintaining the growth and success of the McDonald's system, but it is also committed to conducting its business operations in a way that is mindful of its ESG commitments.

    An image of McDonald’s Better Together

    McDonald’s Better Together: Gender Balance & Diversity strategy and Women in Tech initiative

    In 2019, MCD launched its Better Together: Gender Balance & Diversity strategy as part of a commitment to improving the representation and visibility of women at all levels of the corporate structure by 2023.

    In conjunction with the Better Together strategy, MCD piloted a “Women in Tech” initiative through its education and tuition assistance program, Archways to Opportunity. The initiative enabled women from company-owned restaurants and participating franchisee restaurants to learn skills in areas such as data science, cybersecurity, artificial intelligence. MCD partnered with Microsoft and Colorado Technical University to carry out the initiative (McDonald’s, 2019).

    Both initiatives directly correlate to the “S” of the ESG framework, as the benefits of gender-diverse leadership continue to be paramount in assessing the core strengths of a company’s overreaching ESG portfolio. Hence, public companies will continue to face pressure from investors to act in accordance with these social initiatives.

    Results

    MCD’s Better Together and Women in Tech programs ultimately helped improve recruitment and retention rates among its female employee base. After the initialization of the gender balance and diversification strategy, McDonald’s signed on to the UN Women’s Empowerment Principles to help accelerate global efforts in addressing the gender disparity problem.

    1.3.1 Metrics and targets for governance disclosure

    Do not lose sight of regulatory requirements

    Strong governance is foundational element of a ESG program, yet governance reporting is nascent and is often embedded in umbrella legislation pertaining to a particular risk factor.

    A good example of this is the recent proposal by the Securities and Exchange Commission in the US (CFR Parts 229, 232, 239, 240, and 249, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure), which will require public companies to:

    • Disclosure of board oversight of cyber risk.
    • Disclose management’s role in managing and accessing cybersecurity-related risks.

    The "G” component includes more than traditional governance factors and acts as a catch-all for other important ESG factors such as fraud, cybersecurity, and data hygiene. Make sure you understand how risk may manifest in your organization and put safeguards in place.

    Example governance metrics

    • Annual CEO compensation compared to median
    • Percentage of employees trained in conflict-of-interest policy
    • Completed number of supplier assessments
    • Number of data breaches using PII
    • Number of material cybersecurity breaches

    Info-Tech Insight

    The "G" in ESG may not be capturing the limelight under ESG legislation yet, but there are key governance factors that are that are under regulatory radar, including data, cybersecurity, fraud, and DEI. Be sure you stay on top of these issues and include performance metrics into your internal and external reporting frameworks.

    1.3.2 Conquering data management challenges

    48% of investment decision makers, including 58% of institutional investors, say companies’ self-reported ESG performance data is “much more important” than companies’ conventional financial data when informing their investment decisions (Benchmark ESG, 2021).

    Due to the nascent nature of climate-related reporting, data challenges such as the availability, usability, comparability, and workflow integration surface early in the ESG program journey when sourcing and organizing data:

    • It is challenging to collect non-financial data across functional business and geographical locations and from supplier base and supply chains.
    • The lack of common standards leads to comparability challenges, hindering confidence in the outputs.

    In addition to good, reliable inputs, organizations need to have the infrastructure to access new data sets and convert raw data into actionable insights.

    The establishment of data model and workflow processes to track data lineage is essential to support an ESG program. To be successful, it is critical that flexibility, scalability, and transparency exist in the architectural design. Data architecture must scale to capture rapidly growing volumes of unstructured raw data with the associated file formats.

    A photo of conceptual model for data lineage.

    Download Info-Tech’s Create and Manage Enterprise Data Models blueprint

    1.3.3 Reporting architecture

    CIOs play an important part in formulating the agenda and discourse surrounding baseline ESG reporting initiatives

    Building and operating an ESG program requires the execution of a large number of complex tasks.

    IT leaders have an important role to play in selecting the right technology approach to support a long-term strategy that will sustain and grow corporate performance.

    The decision to buy a vendor solution or build capabilities in-house will largely depend on your organization’s ESG ambitions and the maturity of in-house business and IT capabilities.

    For large, heavily regulated entities an integrated platform for ESG reporting can provide organizations with improved risk management and internal controls.

    Example considerations when deciding to meet ESG reporting obligations in-house

    • Size and type of organization
    • Extent of regulatory requirements and scrutiny
    • The amount of data you want to report
    • Current maturity of data architecture, particularly your ability to scale
    • Current maturity of your risk and control program – how easy is it to enhance current processes?
    • The availability and quality of primary data
    • Data set gaps
    • In-house expertise in data, model risk, and change management
    • Current operating model – is it siloed or integrated?
    • Implementation time
    • Program cost
    • The availability of vendor solutions that may address gaps

    Info-Tech Insight

    Executive leadership should take a more holistic and proactive stance to not only accurately reporting upon baseline corporate financial metrics but also capturing and disclosing relevant ESG performance metrics to drive alternative streams of valuation across their respective organizational environments.

    Activity 6: High-level implementation considerations

    Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5
    Output: Summary of high-level implementation considerations
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders,

    2-3 hours

    1. Review the implementation considerations on the previous slide to help determine the appropriate technology approach.
    2. For each implementation consideration, describe the current state.
    3. Discuss and draft the implications of reaching the desired future state by listing implications and organizational gaps.
    4. Discuss as a group if there is an obvious implementation approach.
    5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    1.3.4 Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication: Teams must have some type of communication strategy. This can be broken into:

    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value to encourage relationship building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity: Distributed teams create complexity as communication can break down. This can be mitigated by:

    • Location: Placing teams in proximity to close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. videoconference) to help bring teams closer together virtually.

    Trust: Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of what everyone’s role is.

    1.4 Clear effective communication

    Improving investor transparency is one of the key drivers behind disclosure, so making the data easy to find and consumable is essential

    A diagram of reporting lifecycle.

    Your communication of ESG performance is intricately linked to corporate value creation. When designing your communications strategy, consider:

    • Your message – make it authentic and tell a consistent story.
    • How data will be used to support the narrative.
    • How your ESG program may impact internal and external programs and build a communication strategy that is fit for purpose. Example programs are:
      • Employee recruitment
      • New product rollout
      • New customer campaign
    • The design of the communication and how well it suits the audience. Communications may take the form of campaigns, thought leadership, infographics, etc.
    • The appropriateness of communication channels to your various audiences and the messages you want to convey. For example, social media, direct outreach, shareholder circular, etc.

    1.5 Continually evaluate

    A diagram of reporting lifecycle.

    A recent BDC survey of 121 large companies and public-sector buyers found that 82% require some disclosure from their suppliers on ESG, and that's expected to grow to 92% by 2024.
    Source: BDC, 2023

    ESG's link to corporate performance means that organizations must stay on top of ESG issues that may impact the long-term sustainability of their business.

    ESG components will continue to evolve, and as they do so will stakeholder views. It is important to continually survey your stakeholders to ensure you are optimally managing ESG risks and opportunities.

    To keep ESG on the strategy agenda, we recommend that organizations:

    • Appoint a chief sustainability officer (CSO) with a seat on executive leadership committees.
    • Embed ESG into existing governance and form a tactical ESG working group committee.
    • Ensure ESG risks are integrated into the enterprise risk management program.
    • Continually challenge your ESG strategy.
    • Regularly review risks and opportunities through proactive outreach to stakeholders.

    Download The ESG Imperative and Its Impact on Organizations

    Phase 2

    Streamline Requirements and Tool Selection

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will walk you through the following activities:

    • Assess technology and tooling opportunities.
    • Prepare ESG reporting implementation plan.
    • Write ESG reporting presentation document.

    This phase involves the following participants: CIO, CCO, CSO, EA, IT application and data leaders, procurement, business leaders, marketing and communications, head of ESG reporting, and any dedicated ESG team members

    2.1 Streamline your requirements and tool section

    Spend the time up front to enable success and meet expectations

    Before sourcing any technology, it’s important to have a good understanding of your requirements.

    Key elements to consider:

    1. ESG reporting scope. Large enterprises will have more complex workflow requirements, but they also will have larger teams to potentially manage in-house. Smaller organizations will need easy-to-use, low-cost solutions.
    2. Industry and value chain. Look for industry-specific solutions, as they will be more tailored to your needs and will enable you to be up and running quicker.
    3. Coverage. Ensure the tool has adequate regulatory coverage to meet your current and future needs.
    4. Gap in functionality. Be clear on the problem you are trying to solve and/or the gap in workflow. Refer to the reporting lifecycle and be clear on your needs before sourcing technology.
    5. Resourcing. Factor in capacity during and after implementation and negotiate the appropriate support.

    Industry perspective

    The importance of ESG is something that will need to be considered for most, if not every decision in the future, and having reliable and available information is essential. While the industry will continue to see investment and innovation that drives operational efficiency and productivity, we will also see strong ESG themes in these emerging technologies to ensure they support both sustainable and socially responsible operations.

    With the breadth of technology Datamine already has addressing the ESG needs for the mining industry combined with our new technology, our customers can make effective and timely decisions through incorporating ESG data into their planning and scheduling activities to meet customer demands, while staying within the confines of their chosen ESG targets.

    Photo of Chris Parry

    Chris Parry
    VP of ESG, Datamine

    Photo of Datamine Photo of isystain

    Activity 7: Brainstorm tooling options

    Use the technology feature list below to identify areas along the ESG workflow where automated tools or third-party solutions may create efficiencies

    Technological Solutions Feature Bucket

    Basic Feature Description

    Advanced Feature Description

    Natural language processing (NLP) tools

    Ability to use NLP tools to track and monitor sentiment data from news and social media outlets.

    Leveraging NLP toolsets can provide organizations granular insights into workplace sentiment levels, which is a core component of any ESG strategy. A recent study by MarketPsych, a company that uses NLP technologies to analyze sentiment data from news and social media feeds, linked stock price performance to workplace sentiment levels.

    Distributed ledger technologies (DLTs)

    DLTs can help ensure greater reporting transparency, in line with stringent regulatory reporting requirements.

    DLT as an ESG enabler, with advanced capabilities such as an option to provide demand response services linked to electricity usage and supply forecasting.

    Cloud-based data management and reporting systems

    Cloud-based data management and reporting can support ESG initiatives by providing increased reporting transparency and a better understanding of diverse social and environmental risks.

    Leverage newfound toolsets such as Microsoft Cloud for Sustainability – a SaaS offering that enables organizations to seamlessly record, report, and reduce their emissions on a path toward net zero.

    IoT technologies

    Integration of IoT devices can help enhance the integrity of ESG reporting through the collection of descriptive and accurate ESG metrics (e.g. energy efficiency, indoor air quality, water quality and usage).

    Advanced management of real-time occupancy monitoring: for example, the ability to reduce energy consumption rates by ensuring energy is only used when spaces and individual cubicles are occupied.

    2.2 Vendors tools and technologies to support ESG reporting

    In a recent survey of over 1,000 global public- and private-sector leaders, 87% said they see AI as a helpful tool to fight climate change.
    Source: Boston Consulting Group

    Technology providers are part of the solution and can be leveraged to collect, analyze, disclose, track, and report on the vast amount of data.

    Increasingly organizations are using artificial intelligence to build climate resiliency:

    • AI is useful for the predictive modelling of potential climate events due to its ability to gather and analyze and synthesize large complete data sets.

    And protect organizations from vulnerabilities:

    • AI can be used to identify and assess vulnerabilities that may lead to business disruption or risks in production or the supply chain.

    A diagram of tooling, including DLT, natural language processing, cloud-based data management and IoT.

    2.3 ESG reporting software selection

    What Is ESG Reporting Software?

    Our definition: ESG reporting software helps organizations improve the transparency and accountability of their ESG program and track, measure, and report their sustainability efforts.

    Key considerations for reporting software selection:

    • While there are boutique ESG vendors in the market, organizations with existing GRC tools may first want to discuss ESG coverage with their existing vendor as it will enable better integration.
    • Ensure that the vendors you are evaluating support the requirements and regulations in your region, industry, and geography. Regulation is moving quickly – functionality needs to be available now and not just on the roadmap.
    • Determine the level of software integration support you need before meeting with vendors and ensure they will be able to provide it – when you need it!

    Adoption of ESG reporting software has historically been low, but these tools will become critical as organizations strive to meet increasing ESG reporting requirements.

    In a recent ESG planning and performance survey conducted by ESG SaaS company Diligent Corporation, it was found that over half of all organizations surveyed do not publish ESG metrics of any kind, and only 9% of participants are actively using software that supports ESG data collection, analysis, and reporting.

    Source: Diligent, 2021.

    2.3.1 Elicit and prioritize granular requirements for your ESG reporting software

    Understanding business needs through requirements gathering is the key to defining everything about what is being purchased. However, it is an area where people often make critical mistakes.

    Poorly scoped requirements

    Fail to be comprehensive and miss certain areas of scope.

    Focus on how the solution should work instead of what it must accomplish.

    Have multiple levels of detail within the requirements that are inconsistent and confusing.

    Drill all the way down into system-level detail.

    Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.

    Omit constraints or preferences that buyers think are obvious.

    Best practices

    Get a clear understanding of what the system needs to do and what it is expected to produce.

    Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.”

    Explicitly state the obvious and assume nothing.

    Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.

    Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

    Download Info-Tech's Improve Requirements Gathering blueprint

    2.3.1 Identify critical and nice-to-have features

    Central Data Repository: Collection of stored data from existing databases merged into one location that can then be shared, analyzed, or updated.

    Automatic Data Collection: Ability to automate data flows, collect responses from multiple sources at specified intervals, and check them against acceptance criteria.

    Automatic KPI Calculations, Conversions, and Updates: Company-specific metrics can be automatically calculated, converted, and tracked.

    Built-In Indicator Catalogs and Benchmarking: Provides common recognized frameworks or can integrate a catalog of ESG indicators.

    Custom Reporting: Ability to create reports on company emissions, energy, and asset data in company-branded templates.

    User-Based Access and Permissions: Ability to control access to specific content or data sets based on the end user’s roles.

    Real-Time Capabilities: Ability to analyze and visualize data as soon as it becomes available in underlying systems.

    Version Control: Tracking of document versions with each iteration of document changes.

    Intelligent Alerts and Notifications: Ability to create, manage, send, and receive notifications, enhancing efficiency and productivity.

    Audit Trail: View all previous activity including any recent edits and user access.

    Encrypted File Storage and Transfer: Ability to encrypt a file before transmitting it over the network to hide content from being viewed or extracted.

    Activity 7: Technology and tooling options

    Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5, Output from Activity 6,
    Output: List of tooling options
    Materials: Whiteboard/flip charts, ESG Reporting Workbook
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders

    1-2 hours

    1. Begin by listing key requirements and features for your ESG reporting program.
    2. Use the outputs from activities 5 and 6 and the technology feature list on the previous slide to help brainstorm technology and tooling options.
    3. Discuss the availability and readiness of each option. Note that regulatory requirements will have an effective date that will impact the time to market for introducing new tooling.
    4. Discuss and assign a priority.
    5. At this point, further analysis may be needed. Form a subcommittee or assign a leader to conduct further analysis.
    6. Record this information in the ESG Reporting Workbook.

    Download the ESG Reporting Workbook

    Activity 8: Implementation plan

    Input: Business (ESG) strategy, Output from Activity 5, Output from Activity 6, Output from Activity 7
    Output: ESG Reporting Implementation Plan
    Materials: Whiteboard/flip charts, ESG Reporting Implementation Plan Template
    Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, PMO, Data and IT architect/leaders

    1-2 hours

    1. Use the outputs from activities 5 to 7 and list required implementation tasks. Set a priority for each task.
    2. Assign the accountable owner as well as the group responsible. Larger organizations and large, complex change programs will have a group of owners.
    3. Track any dependencies and ensure the project timeline aligns.
    4. Add status as well as start and end dates.
    5. Complete in the ESG Reporting Implementation Plan Template.

    Download the ESG Reporting Implementation Plan Template

    Activity 9: Internal communication

    Input: Business (ESG) strategy, ESG Reporting Workbook, ESG reporting implementation plan
    Output: ESG Reporting Presentation Template
    Materials: Whiteboard/flip charts, ESG Reporting Presentation Template, Internal communication templates
    Participants: Chief Sustainability Officer, Head of Marketing/ Communications, Business leaders, PMO

    1-2 hours

    Since a purpose-driven ESG program presents a significant change in how organizations operate, the goals and intentions need to be understood throughout the organization. Once you have developed your ESG reporting strategy it is important that it is communicated, understood, and accepted. Use the ESG Reporting Presentation Template as a guide to deliver your story.

    1. Consider your audience and discuss and agree on the key elements you want to convey.
    2. Prepare the presentation.
    3. Test the presentation with smaller group before communicating to senior leadership/board

    Download the ESG Reporting Presentation Template

    Phase 3

    Select ESG Reporting Software

    A diagram that shows phase 1 to 3 of establishing ESG reporting program.

    This phase will provide additional material on Info-Tech’s expertise in the following areas:

    • Info-Tech’s approach to RFPs
    • Info-Tech tools for software selection
    • Example ESG software assessments

    3.1 Leverage Info-Tech’s expertise

    Develop an inclusive and thorough approach to the RFP process

    An image that a process of 7 steps.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – with a standard process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on predetermined requirements, either an RFI or an RFP is issued to vendors with a due date.

    Info-Tech Insight

    Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP.

    Software Selection Engagement

    5 Advisory Calls Over a 5-Week Period to Accelerate Your Selection Process

    Expert Analyst Guidance over5 weeks on average to select and negotiate software.

    Save Money, Align Stakeholders, Speed Up the Process & make better decisions.

    Use a Repeatable, Formal Methodology to improve your application selection process.

    Better, Faster Results, guaranteed, included in membership.

    A diagram of selection engagement over a 5-week period.

    CLICK HERE to Book Your Selection Engagement

    Leverage the Contract Review Service to level the playing field with your shortlisted vendors

    You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.

    Use the Contract Review Service to gain insights on your agreements.

    Consider the aspects of a contract review:

    1. Are all key terms included?
    2. Are they applicable to your business?
    3. Can you trust that results will be delivered?
    4. What questions should you be asking from an IT perspective?

    Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.

    A photo of Contract Review Service.

    Click here to book The Contract Review Service

    Download blueprint Master Contract Review and Negotiation for Software Agreements

    3.2 Vendor spotlight assessments

    See above for a vendor landscape overview of key ESG reporting software providers

    The purpose of this section is to showcase various vendors and companies that provide software solutions to help users manage and prioritize their ESG reporting initiatives.

    This section showcases the core capabilities of each software platform to provide Info-Tech members with industry insights regarding some of the key service providers that operate within the ESG vendor market landscape.

    Info-Tech members who are concerned with risks stemming from the inability to sort and disseminate unstructured ESG data reporting metrics or interested in learning more about software offerings that can help automate the data collection, processing, and management of ESG metrics will find high-level insights into the ESG vendor market space.

    Vendor spotlight

    A photo of Datamine Isystain

    The establishment of the Datamine ESG unit comes at the same time the mining sector is showing an increased interest in managing ESG and its component systems as part of a single scope.

    With miners collecting and dealing with ever-increasing quantities of data and looking for ways to leverage it to make data-driven decisions that enhance risk management and increase profitability, integrated software solutions are – now more than ever – essential in supporting continuous improvement and maintaining data fidelity and data integrity across the entire mining value chain.

    An example of Datamine Isystain An example of Datamine Isystain An example of Datamine Isystain

    Key Features:

    • Discover GIS for geochemical, water, erosion, and vegetation modelling and management.
    • Qmed for workforce health management, COVID testing, and vaccine administration.
    • MineMarket and Reconcilor for traceability and auditing, giving visibility to chain of custody and governance across the value chain, from resource modelling to shipping and sales.
    • Centric Mining Systems – intelligence software for real-time transparency and governance across multiple sites and systems, including key ESG performance indicator reporting.
    • Zyght – a leading health, safety, and environment solution for high-impact industries that specializes in environment, injury, risk management, safe work plans, document management, compliance, and reporting.
    • Isystain – a cloud-based platform uniquely designed to support health, safety & environment, sustainability reporting, compliance and governance, and social investment reporting. Designed for seamless integration within an organization’s existing software ecosystems providing powerful analytics and reporting capabilities to streamline the production of sustainability and performance reporting.

    Vendor spotlight

    A logo of Benchmark ESG

    Benchmark ESG provides industry-leading ESG data management and reporting software that can assist organizations in managing operational risk and compliance, sustainability, product stewardship, and ensuring responsible sourcing across complex global operations.

    An example of Benchmark ESG An example of Benchmark ESG

    Key Features:

    Vendor spotlight

    A logo of PWC

    PwC’s ESG Management Solution provides quick insights into ways to improve reporting transparency surrounding your organization’s ESG commitments.

    According to PwC’s most recent CEO survey, the number one motivator for CEOs in mitigating climate change risks is their own desire to help solve this global problem and drive transparency with stakeholders.
    Source: “Annual Global CEO Survey,” PwC, 2022.

    An example of PWC An example of PWC

    Key Features:

    • Streamlined data mining capabilities. PwC’s ESG solution provides the means to streamline, automate, and standardize the input of sustainability data based on non-financial reporting directive (NFRD) and corporate sustainability reporting directive (CSRD) regulations.
    • Company and product carbon footprint calculation and verification modules.
    • Robust dashboarding capabilities. Option to create custom-tailored sustainability monitoring dashboards or integrate existing ESG data from an application to existing dashboards.
    • Team management functionalities that allow for more accessible cross-departmental communication and collaboration. Ability to check progress on tasks, assign tasks, set automatic notifications/deadlines, etc.

    Vendor spotlight

    A logo of ServiceNow

    ServiceNow ESG Management (ESGM) and reporting platform helps organizations transform the way they manage, visualize, and report on issues across the ESG spectrum.

    The platform automates the data collection process and the organization and storage of information in an easy-to-use system. ServiceNow’s ESGM solution also develops dashboards and reports for internal user groups and ensures that external disclosure reports are aligned with mainstream ESG standards and frameworks.

    We know that doing well as a business is about more than profits. One workflow at a time, we believe we can change the world – to be more sustainable, equitable, and ethical.
    Source: ServiceNow, 2021.

    An example of ServiceNow

    Key Features:

    1. An executive dashboard to help coherently outline the status of various ESG indicators, including material topics, goals, and disclosure policies all in one centralized hub
    2. Status review modules. Ensure that your organization has built-in modules to help them better document and monitor their ESG goals and targets using a single source of truth.
    3. Automated disclosure modules. ESGM helps organizations create more descriptive ESG disclosure reports that align with industry accountability standards (e.g. SASB, GRI, CDP).

    Other key vendors to consider

    An image of other 12 key vendors

    Related Info-Tech Research

    Photo of The ESG Imperative and Its Impact on Organizations

    The ESG Imperative and Its Impact on Organizations

    Use this blueprint to educate yourself on ESG factors and the broader concept of sustainability.

    Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach.

    Learn about Info-Tech’s ESG program approach and use it as a framework to begin your ESG program journey.

    Photo of Private Equity and Venture Capital Growing Impact of ESG Report

    Private Equity and Venture Capital Growing Impact of ESG Report

    Increasingly, new capital has a social mandate attached to it due to the rise of ESG investment principles.

    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    Definitions

    Terms

    Definition

    Corporate Social Responsibility

    Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders.

    Chief Sustainability Officer

    Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery.

    ESG

    An acronym that stands for environment, social, and governance. These are the three components of a sustainability program.

    ESG Standard

    Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process.

    ESG Framework

    A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards.

    ESG Factors

    The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization.

    ESG Rating

    An aggregated score based on the magnitude of an organization’s unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc.

    ESG Questionnaire

    ESG surveys or questionnaires are administered by third parties and used to assess an organization’s sustainability performance. Participation is voluntary.

    Key Risk Indicator (KRI)

    A measure to indicate the potential presence, level, or trend of a risk.

    Key Performance Indicator (KPI)

    A measure of deviation from expected outcomes to help a firm see how it is performing.

    Materiality

    Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environmental, and social impact for itself and its stakeholder and society as a whole.

    Materiality Assessment

    A tool to identify and prioritize the ESG issues most critical to the organization.

    Risk Sensing

    The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening).

    Sustainability

    The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.

    Sustainalytics

    Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies.

    UN Guiding Principles on Business and Human Rights (UNGPs)

    An essential methodological foundation for how impacts across all dimensions should be assessed.

    Reporting and standard frameworks

    Standard

    Definition and focus

    CDP
    (Formally Carbon Disclosure Project)

    CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking.

    Audience: All stakeholders

    Dow Jones Sustainability Indices (DJSI)

    Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social.

    Audience: All stakeholders

    Global Reporting Initiative (GRI)

    International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues.

    Audience: All stakeholders

    International Sustainability Standards Board (ISSB)

    Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards.

    Audience: Investor-focused

    United Nations Sustainable Development Goals (SDGs)

    Global partnership across sectors and industries that sets out 17 goals to achieve sustainable development for all.

    Audience: All stakeholders

    Sustainability Accounting Standards Board (SASB)
    Now part of IFSR foundation

    Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance.

    Audience: Investor-focused

    Task Force on Climate-Related Financial Disclosures (TCFD; created by the Financial Stability Board)

    Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk.

    Audience: Investors, financial stakeholders

    Bibliography

    "2021 Global Investor Survey: The Economic Realities of ESG." PwC, Dec. 2021. Accessed May 2022.

    "2023 Canadian ESG Reporting Insights." PwC, Nov. 2022. Accessed Dec. 2022.

    Althoff, Judson. "Microsoft Cloud for Sustainability: Empowering Organizations On Their Path To Net Zero." Microsoft Blog, 14 July 2021. Accessed May 2022.

    "Balancing Sustainability and Profitability." IBM, Feb. 2022. Accessed June. 2022.

    "Beyond Compliance: Consumers and Employees Want Business to Do More on ESG." PwC, Nov. 2021. Accessed July 2022.

    Bizo, Daniel. "Multi-Tenant Datacenters and Sustainability: Ambitions and Reality." S&P Market Intelligence, Sept. 2020. Web.

    Bolden, Kyle. "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value." EY, 18 Dec. 2020. Web.

    Carril, Christopher, et al. "Looking at Restaurants Through an ESG Lens: ESG Stratify – Equity Research Report." RBC Capital Markets, 5 Jan. 2021. Accessed Jun. 2022.

    "Celebrating and Advancing Women." McDonald’s, 8 March 2019. Web.

    Clark, Anna. "Get your ESG story straight: A sustainability communication starter kit." GreenBiz, 20 Dec. 2022, Accessed Dec. 2022.

    Courtnell, Jane. “ESG Reporting Framework, Standards, and Requirements.” Corporate Compliance Insights, Sept. 2022. Accessed Dec. 2022.

    “Country Sustainability Ranking. Country Sustainability: Visibly Harmed by Covid-19.” Robeco, Oct. 2021. Accessed June 2022.

    “Defining the “G” in ESG Governance Factors at the Heart of Sustainable Business.” World Economic Forum, June 2022. Web.

    “Digital Assets: Laying ESG Foundations.” Global Digital Finance, Nov. 2021. Accessed April 2022.

    “Dow Jones Sustainability Indices (DJCI) Index Family.” S&P Global Intelligence, n.d. Accessed June 2022.

    "ESG in Your Business: The Edge You Need to Land Large Contracts." BDC, March 2023, Accessed April 2023.

    “ESG Performance and Its Impact on Corporate Reputation.” Intelex Technologies, May 2022. Accessed July 2022.

    “ESG Use Cases. IoT – Real-Time Occupancy Monitoring.” Metrikus, March 2021. Accessed April 2022.

    Fanter, Tom, et al. “The History & Evolution of ESG.” RMB Capital, Dec. 2021. Accessed May 2022.

    Flynn, Hillary, et al. “A guide to ESG materiality assessments.” Wellington Management, June 2022, Accessed September 2022

    “From ‘Disclose’ to ‘Disclose What Matters.’” Global Reporting Initiative, Dec. 2018. Accessed July 2022.

    “Getting Started with ESG.” Sustainalytics, 2022. Web.

    “Global Impact ESG Fact Sheet.” ServiceNow, Dec. 2021. Accessed June 2022.

    Gorley, Adam. “What is ESG and Why It’s Important for Risk Management.” Sustainalytics, March 2022. Accessed May 2022.

    Hall, Lindsey. “You Need Near-Term Accountability to Meet Long-Term Climate Goals.” S&P Global Sustainable1, Oct. 2021. Accessed April 2022.

    Henisz, Witold, et al. “Five Ways That ESG Creates Value.” McKinsey, Nov. 2019. Accessed July 2022.

    “Integrating ESG Factors in the Investment Decision-Making Process of Institutional Investors.” OECD iLibrary, n.d. Accessed July 2022.

    “Investor Survey.” Benchmark ESG, Nov. 2021. Accessed July 2022.

    Jackson, Brian. Tech Trends 2023, Info-Tech Research Group, Dec. 2022, Accessed Dec. 2022.

    Keet, Lior. “What Is the CIO’s Role in the ESG Equation?” EY, 2 Feb. 2022. Accessed May 2022.

    Lev, Helee, “Understanding ESG risks and why they matter” GreenBiz, June 2022. Accessed Dec 2022.

    Marsh, Chris, and Simon Robinson. “ESG and Technology: Impacts and Implications.” S&P Global Market Intelligence, March 2021. Accessed April 2022.

    Martini, A. “Socially Responsible Investing: From the Ethical Origins to the Sustainable Development Framework of the European Union.” Environment, Development and Sustainability, vol. 23, Nov. 2021. Web.

    Maher, Hamid, et al. “AI Is Essential for Solving the Climate Crisis.” Boston Consulting Group, 7 July 2022. Web.

    “Materiality Assessment. Identifying and Taking Action on What Matters Most.” Novartis, n.d. Accessed June. 2022.

    Morrow, Doug, et al. “Understanding ESG Incidents: Key Lessons for Investors.” Sustainalytics, July 2017. Accessed May 2022.

    “Navigating Climate Data Disclosure.” Novisto, July 2022. Accessed Nov. 2022.

    Nuttall, Robin, et al. “Why ESG Scores Are Here to Stay.” McKinsey & Company, May 2020. Accessed July 2022.

    “Opportunities in Sustainability – 451 Research’s Analysis of Sustainability Perspectives in the Data Center Industry.” Schneider Electric, Sept. 2020. Accessed May 2022.

    Peterson, Richard. “How Can NLP Be Used to Quantify ESG Analytics?” Refinitiv, Feb. 2021. Accessed June 2022.

    “PwC’s 25th Annual Global CEO Survey: Reimagining the Outcomes That Matter.” PwC, Jan. 2022. Accessed June 2022.

    “SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” Securities and Exchange Commission, 9 May 2022. Press release.

    Serafeim, George. “Social-Impact Efforts That Create Real Value.” Harvard Business Review, Sept. 2020. Accessed May 2022.

    Sherrie, Gonzalez. “ESG Planning and Performance Survey.” Diligent, 24 Sept. 2021. Accessed July 2022.

    “Special Reports Showcase, Special Report: Mid-Year Report on Proposed SEC Rule 14-8 Change.” Sustainable Investments Institute, July 2020. Accessed April 2022.

    “State of European Tech. Executive Summary Report.” Atomico, Nov. 2021. Accessed June 2022.

    “Top Challenges in ESG Reporting, and How ESG Management Solution Can Help.” Novisto, Sept. 2022. Accessed Nov. 2022.

    Vaughan-Smith, Gary. “Navigating ESG data sets and ‘scores’.” Silverstreet Capital, 23 March 2022. Accessed Dec. 2022.

    Waters, Lorraine. “ESG is not an environmental issue, it’s a data one.” The Stack, 20 May 2021. Web.

    Wells, Todd. “Why ESG, and Why Now? New Data Reveals How Companies Can Meet ESG Demands – And Innovate Supply Chain Management.” Diginomica, April 2022. Accessed July 2022.

    “XBRL is coming to corporate sustainability Reporting.” Novisto, Aug. 2022. Accessed Dec. 2022.

    Research Contributors and Experts

    Photo of Chris Parry

    Chris Parry
    VP of ESG, Datamine

    Chris Parry has recently been appointed as the VP of ESG at Datamine Software. Datamine’s dedicated ESG division provides specialized ESG technology for sustainability management by supporting key business processes necessary to drive sustainable outcomes.

    Chris has 15 years of experience building and developing business for enterprise applications and solutions in both domestic and international markets.

    Chris has a true passion for business-led sustainable development and is focused on helping organizations achieve their sustainable business outcomes through business transformation and digital software solutions.

    Datamine’s comprehensive ESG capability supports ESG issues such as the environment, occupational health and safety, and medical health and wellbeing. The tool assists with risk management, stakeholder management and business intelligence.

    Harness Configuration Management Superpowers

    • Buy Link or Shortcode: {j2store}303|cart{/j2store}
    • member rating overall impact (scale of 10): 8.5/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Configuration management databases (CMDB) are a lot of work to build and maintain. Starting down this process without the right tools, processes, and buy-in is a lot of work with very little reward.
    • If you decide to just build it and expect they will come, you may find it difficult to articulate the value, and you will be disappointed by the lack of visitors.
    • Relying on manual entry or automated data collection without governance may result in data you can’t trust, and if no one trusts the data, they won’t use it.

    Our Advice

    Critical Insight

    • The right mindset is just as important as the right tools. By involving everyone early, you can ensure the right data is captured and validated and you can make maintenance part of the culture. This is critical to reaching early and continual value with a CMDB.

    Impact and Result

    • Define your use cases: Identify the use cases and prioritize those objectives into phases. Define what information will be needed to meet the use cases and how that information will be populated.
    • Understand and design the CMDB data model: Define services and undiscoverable configuration items (CI) and map them to the discoverable CIs.
    • Operationalize configuration record updates: Define data stewards and governance processes and integrate your configuration management practice with existing practices and lifecycles.

    Harness Configuration Management Superpowers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Harness Configuration Management Superpowers Deck – A step-by-step document that walks you through creating a configuration management program.

    Use this blueprint to create a configuration management program that provides immediate value.

    • Harness Configuration Management Superpowers – Phases 1-4

    2. Configuration Management Project Charter Template – A project charter template to help you build a concise document for communicating appropriate project details to stakeholders.

    Use this template to create a project charter to launch the configuration management project.

    • Configuration Management Project Charter

    3. Configuration Control Board Charter Template – A board charter template to help you define the roles and responsibilities of the configuration control board.

    Use this template to create your board charter for your configuration control board (CCB). Define roles and responsibilities and mandates for the CCB.

    • Configuration Control Board Charter

    4. Configuration Management Standard Operating Procedures (SOP) Template – An SOP template to describe processes and procedures for ongoing maintenance of the CMDB under the configuration management program.

    Use this template to create and communicate your SOP to ensure ongoing maintenance of the CMDB under the configuration management program.

    • Configuration Management Standard Operation Procedures

    5. Configuration Management Audit and Validation Checklist Template – A template to be used as a starting point to meet audit requirements under NIST and ITIL programs.

    Use this template to assess capability to pass audits, adding to the template as needed to meet internal auditors’ requirements.

    • Configuration Management Audit and Validation Checklist

    6. Configuration Management Policy Template – A template to be used for building out a policy for governance over the configuration management program.

    Use this template to build a policy for your configuration management program.

    • Configuration Management Policy

    7. Use Cases and Data Worksheet – A template to be used for validating data requirements as you work through use cases.

    Use this template to determine data requirements to meet use cases.

    • Use Cases and Data Worksheet

    8. Configuration Management Diagram Template Library – Examples of process workflows and data modeling.

    Use this library to view sample workflows and a data model for the configuration management program.

    • Configuration Management Diagram Template Library (Visio)
    • Configuration Management Diagram Template Library (PDF)

    9. Configuration Manager Job Description – Roles and responsibilities for the job of Configuration Manager.

    Use this template as a starting point to create a job posting, identifying daily activities, responsibilities, and required skills as you create or expand your configuration management program.

    • Configuration Manager

    Infographic

    Workshop: Harness Configuration Management Superpowers

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Configuration Management Strategy

    The Purpose

    Define the scope of your service configuration management project.

    Design the program to meet specific stakeholders needs

    Identify project and operational roles and responsibilities.

    Key Benefits Achieved

    Designed a sustainable approach to building a CMDB.

    Activities

    1.1 Introduction

    1.2 Define challenges and goals.

    1.3 Define and prioritize use cases.

    1.4 Identify data needs to meet these goals.

    1.5 Define roles and responsibilities.

    Outputs

    Data and reporting use cases based on stakeholder requirements

    Roles and responsibility matrix

    2 CMDB Data Structure

    The Purpose

    Build a data model around the desired use cases.

    Identify the data sources for populating the CMDB.

    Key Benefits Achieved

    Identified which CIs and relationships will be captured in the CMDB.

    Activities

    2.1 Define and prioritize your services.

    2.2 Evaluate CMDB default classifications.

    2.3 Test configuration items against existing categories.

    2.4 Build a data model diagram.

    Outputs

    List of CI types and relationships to be added to default settings

    CMDB data model diagram

    3 Processes

    The Purpose

    Key Benefits Achieved

    Built a right-sized approach to configuration record updates and data validation.

    Activities

    3.1 Define processes for onboarding, offboarding, and maintaining data in the CMDB.

    3.2 Define practices for configuration baselines.

    3.3 Build a data validation and auditing plan.

    Outputs

    Documented processes and workflows

    Data validation and auditing plan

    4 Communications & Roadmap

    The Purpose

    Key Benefits Achieved

    Metrics program defined

    Communications designed

    Activities

    4.1 Define key metrics for configuration management.

    4.2 Define metrics for supporting services.

    4.3 Build configuration management policies.

    4.4 Create a communications plan.

    4.5 Build a roadmap

    Outputs

    Policy for configuration management

    Communications documents

    Roadmap for next steps

    Further reading

    Harness Configuration Management Superpowers

    Create a configuration management practice that will provide ongoing value to the organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    A robust configuration management database (CMDB) can provide value to the business and superpowers to IT. It's time to invest smartly to reap the rewards.

    IT environments are becoming more and more complex, and balancing demands for stability and demands for faster change requires visibility to make the right decisions. IT needs to know their environment intimately. They need to understand dependencies and integrations and feel confident they are making decisions with the most current and accurate view.

    Solutions for managing operations rely on the CMDB to bring visibility to issues, calculate impact, and use predictive analytics to fix performance issues before they become major incidents. AIOps solutions need accurate data, but they can also help identify configuration drift and flag changes or anomalies that need investigation.

    The days of relying entirely on manual entry and updates are all but gone, as the functionality of a robust configuration management system requires daily updates to provide value. We used to rely on that one hero to make sure information was up to date, but with the volume of changes we see in most environments today, it's time to improve the process and provide superpowers to the entire IT department.

    This is a picture of Sandi Conrad

    Sandi Conrad, ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations, Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Build a configuration management database (CMDB): You need to implement a CMDB, populate it with records and relationships, and integrate it with discovery and management tools.
    • Identify the benefits of a CMDB: Too many CMDB projects fail because IT tries to collect everything. Base your data model on the desired use cases.
    • Define roles and responsibilities: Keeping data accurate and updated is difficult. Identify who will be responsible for helping

    Common Obstacles

    • Significant process maturity is required: Service configuration management (SCM) requires high maturity in change management, IT asset management, and service catalog practices.
    • Large investment: Building a CMDB takes a large amount of effort, process, and expertise.
    • Tough business case: Configuration management doesn't directly provide value to the business, but it requires a lot of investment from IT.

    Info-Tech's Approach

    • Define your scope and objectives: Identify the use cases for SCM and prioritize those objectives into phases.
    • Design the CMDB data model: Align with your existing configuration management system's data model.
    • Operationalize configuration record updates: Integrate your SCM practice with existing practices and lifecycles.

    Start small

    Scope creep is a serial killer of configuration management databases and service configuration management practices.

    Insight summary

    Many vendors are taking a CMDB-first approach to enable IT operations or sometimes asset management. It's important to ensure processes are in place immediately to ensure the data doesn't go stale as additional modules and features are activated.

    Define processes early to ensure success

    The right mindset is just as important as the right tools. By involving everyone early, you can ensure the right data is captured and validated and you can make maintenance part of the culture. This is critical to reaching early and continual value with a CMDB.

    Identify use cases

    The initial use case will be the driving force behind the first assessment of return on investment (ROI). If ROI can be realized early, momentum will increase, and the team can build on the initial successes.

    If you don't see value in the first year, momentum diminishes and it's possible the project will never see value.

    Keep the initial scope small and focused

    Discovery can collect a lot of data quickly, and it's possible to be completely overwhelmed early in the process.

    Build expertise and troubleshoot issues with a smaller scope, then build out the process.

    Minimize customizations

    Most CMDBs have classes and attributes defined as defaults. Use of the defaults will enable easier implementation and faster time to value, especially where automations and integrations depend on standard terms for field mapping.

    Automate as much as possible

    In large, complex environments, the data can quickly become unmanageable. Use automation as much as possible for discovery, dependency mapping, validation, and alerts. Minimize the amount of manual work but ensure everyone is aware of where and how these manual updates need to happen to see continual value.

    Info-Tech's Harness Configuration Management Superpowers.

    Configuration management will improve functionality of all surrounding processes

    A well-functioning CMDB empowers almost all other IT management and governance practices.

    Service configuration management is about:

    • Building a system of record about IT services and the components that support those services.
    • Continuously reconciling and validating information to ensure data accuracy.
    • Ensuring the data lifecycle is defined and well understood and can pass data and process audits.
    • Accessing information in a variety of ways to effectively serve IT and the business.
    An image of Info-Tech's CMDB Configuration Management tree, breaking down aspects into the following six categories: Strategic Partner; Service Provider; Proactive; Stabilize; Core; and Foundational.

    Configuration management most closely impacts these practices

    Info-Tech Research Group sees a clear relationship.

    When an IT department reports they are highly effective at configuration management, they are much more likely to report they are highly effective at these management and governance processes:

    The following management and governance processes are listed: Quality Management; Asset Management; Performance Measurement; Knowledge Management; Release Management; Incident and Problem Management; Service Management; Change Management.

    The data is clear

    Service configuration management is about more than just doing change management more effectively.

    Source: Info-Tech Research Group, IT Management and Governance Diagnostic; N=684 organizations, 2019 to July 2022.

    Make the case to use configuration management to improve IT operations

    Consider the impact of access to data for informing innovations, optimization efforts, and risk assessments.

    75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1)

    75%

    75% of Uptime's 2021 survey respondents who had an outage in the past three years said the outage would have been prevented if they'd had better management or processes.(1)

    42%

    of publicly reported outages were due to software or configuration issues. (1)

    58%

    of networking-related IT outages were due to configuration and change management failure.(1)

    It doesn't have to be that way!

    Enterprise-grade IT service management (ITSM) tools require a CMDB for the different modules to work together and to enable IT operations management (ITOM), providing greater visibility.

    Decisions about changes can be made with accurate data, not guesses.

    The CMDB can give the service desk fast access to helpful information about the impacted components, including a history of similar incidents and resolutions and the relationship between the impacted components and other systems and components.

    Turn your team into IT superheroes.

    CMDB data makes it easier for IT Ops groups to:

    • Avoid change collisions.
    • Eliminate poor changes due to lack of visibility into complex systems.
    • Identify problematic equipment.
    • Troubleshoot incidents.
    • Expand the services provided by tier 1 and through automation.

    Benefits of configuration management

    For IT

    • Configuration management will supercharge processes that have relied on inherent knowledge of the IT environment to make decisions.
    • IT will more quickly analyze and understand issues and will be positioned to improve and automate issue identification and resolution.
    • Increase confidence and reduce risks for decisions involving release and change management with access to accurate data, regardless of the complexity of the environment.
    • Reduce or eliminate unplanned work related to poor outcomes due to decisions made with incorrect or incomplete data.

    For the Business

    • Improve strategic planning for business initiatives involving IT solutions, which may include integrations, development, or security concerns.
    • More quickly deploy new solutions or updates due to visibility into complex environments.
    • Enable business outcomes with reliable and stable IT systems.
    • Reduce disruptions caused by planning without accurate data and improve resolution times for service interruptions.
    • Improve access to reporting for budgeting, showbacks, and chargebacks as well as performance metrics.

    Measure the value of this blueprint

    Fast-track your planning and increase the success of a configuration management program with this blueprint

    Workshop feedback
    8.1/10

    $174,000 savings

    30 average days saved

    Guided Implementation feedback

    8.7/10

    $31,496 average savings

    41 average days saved

    "The workshop was well run, with good facilitation, and gained participation from even the most difficult parts of the audience. The best part of the experience was that if I were to find myself in the same position in the future, I would repeat the workshop."

    – University of Exeter

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Prioritize services and use cases.

    Call #3: Identify data needed to meet goals.

    Call #4: Define roles and responsibilities.

    Call #5: Define and prioritize your services.

    Call #6: Evaluate and test CMDB default classifications.

    Call #7: Build a data model diagram.

    Call #8: Define processes for onboarding, offboarding, and maintaining data.

    Call #9: Discuss configuration baselines.

    Call #10: Build a data validation and audit plan.

    Call #11: Define key metrics.

    Call #12: Build a configuration management policy and communications plan.

    Call #13: Build a roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 9 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4

    Configuration Management Strategy

    CMDB Data Structure

    Process Design

    Communications & Roadmap

    Activities
    • Introduction
    • Define challenges and goals.
    • Define and prioritize use cases.
    • Identify data needed to meet goals.
    • Define roles and responsibilities.
    • Define and prioritize your services.
    • Evaluate CMDB default classifications.
    • Test configuration items against existing categories.
    • Build a data model diagram.
    • Define processes for onboarding, offboarding, and maintaining data in the CMDB.
    • Define practices for configuration baselines.
    • Build a data validation and auditing plan.
    • Define key metrics for configuration management.
    • Define metrics for supporting services.
    • Build configuration management policies.
    • Create a communications plan.
    • Build a roadmap.

    Deliverables

    • Roles and responsibility matrix
    • Data and reporting use cases based on stakeholder requirements
    • List of CI types and relationships to be added to default settings
    • CMDB data model diagram
    • Documented processes and workflows
    • Data validation and auditing plan
    • Policy for configuration management
    • Roadmap for next steps
    • Communications documents

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Configuration Management Project Charter

    Detail your approach to building an SCM practice and a CMDB.

    Screenshot from the Configuration Management Project Charter

    Use Cases and Data Worksheet

    Capture the action items related to your SCM implementation project.

    Screenshot from the Use Cases and Data Worksheet

    Configuration Manager Job Description

    Use our template for a job posting or internal job description.

    Screenshot from the Configuration Manager Job Description

    Configuration Management Diagram Template Library

    Use these diagrams to simplify building your SOP.

    Screenshot from the Configuration Management Diagram Template Library

    Configuration Management Policy

    Set expectations for configuration control.

    screenshot from the Configuration Management Policy

    Configuration Management Audit and Validation Checklist

    Use this framework to validate controls.

    Screenshot from the Configuration Management Audit and Validation Checklist

    Configuration Control Board Charter

    Define the board's responsibilities and meeting protocols.

    Screenshot from the Configuration Management Audit and Validation Checklist

    Key deliverable:

    Configuration Management Standard Operating Procedures Template

    Outlines SCM roles and responsibilities, the CMDB data model, when records are expected to change, and configuration baselines.

    Four Screenshots from the Configuration Management Standard Operating Procedures Template

    Phase 1

    Configuration Management Strategy

    Strategy Data Structure Processes Roadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • Scope
    • Use Cases
    • Reports and Analytics

    This phase involves the following participants:

    • IT and business service owners
    • Business/customer relationship managers
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager
    • SCM project sponsor

    Harness Service Configuration Management Superpowers

    Establish clear definitions

    Ensure everyone is using the same terms.

    Term Definition
    Configuration Management

    The purpose of configuration management is to:

    • "Ensure that accurate and reliable information about the configuration of services, and the CIs that support them, is available when and where it is needed. This includes information on how CIs are configured and the relationships between them" (AXELOS).
    • "Provide sufficient information about service assets to enable the service to be effectively managed. Assess the impact of changes and deal with service incidents" (ISACA, 2018).
    Configuration Management System (CMS) A set of tools and databases used to manage, update, and present data about all configuration items and their relationships. A CMS may maintain multiple federated CMDBs and can include one or many discovery and dependency mapping tools.
    Configuration Management Database (CMDB) A repository of configuration records. It can be as simple as a spreadsheet or as complex as an integrated database populated through multiple autodiscovery tools.
    Configuration Record Detailed information about a configuration item.
    Configuration Item (CI)

    "Any component that needs to be managed in order to deliver an IT service" (AXELOS).

    These components can include everything from IT services and software to user devices, IT infrastructure components, and documents (e.g. maintenance agreements).
    Attributes Characteristics of a CI included in the configuration record. Common attributes include name, version, license expiry date, location, supplier, SLA, and owner.
    Relationships Information about the way CIs are linked. A CI can be part of another CI, connect to another CI, or use another CI. A CMDB is significantly more valuable when relationships are recorded. This information allows CMDB users to identify dependencies between components when investigating incidents, performing root-cause analysis, assessing the impact of changes before deployment, and much more.

    What is a configuration management database (CMDB)?

    The CMDB is a system of record of your services and includes a record for everything you need to track to effectively manage your IT services.

    Anything that is tracked in your CMDB is called a configuration item (CI). Examples of CIs include:

    • User-Facing Services
    • IT-Facing Services
    • Business Capabilities
    • Relationships
    • IT Infrastructure Components
    • Enterprise Software
    • End-User Devices
    • Documents

    Other systems of record can refer to CIs, such as:

    • Ticket database: Tickets can refer to which CI is impacted by an incident or provided as part of a service request.
    • Asset management database (AMDB): An IT asset is often also a CI. By associating asset records with CI records, you can leverage your IT asset data in your reporting.
    • Financial systems: If done well, the CMDB can supercharge your IT financial cost model.

    CMDBs can allow you to:

    • Query multiple databases simultaneously (so long as you have the CI name field in each database).
    • Build automated workflows and chatbots that interact with data across multiple databases.
    • More effectively identify the potential impact of changes and releases.

    Do not confuse asset with configuration

    Asset and configuration management look at the same world through different lenses

    • IT asset management (ITAM) tends to focus on each IT asset in its own right: assignment or ownership, lifecycle, and related financial obligations and entitlements.
    • Configuration management is focused on configuration items (CIs) that must be managed to deliver a service and the relationships and integrations with other CIs.
    • ITAM and configuration management teams and practices should work closely together. Though asset and configuration management focus on different outcomes, they may use overlapping tools and data sets. Each practice, when working effectively, can strengthen the other.
    • Many objects will exist in both the CMDB and AMDB, and the data on those shared objects will need to be kept in sync.

    A comparison between Asset and Configuration Management Databases

    *Discovery, dependency mapping, and data normalization are often features or modules of configuration management, asset management, or IT service management tools.

    Start with ITIL 4 guiding principles to make your configuration management project valuable and realistic

    Focus on where CMDB data will provide value and ensure the cost of bringing that data in will be reasonable for its purpose. Your end goal should be not just to build a CMDB but to use a CMDB to manage workload and workflows and manage services appropriately.

    Focus on value

    Include only the relevant information required by stakeholders.

    Start where you are

    Use available sources of information. Avoid adding new sources and tools unless they are justified.

    Progress iteratively with feedback

    Regularly review information use and confirm its relevance, adjusting the CMDB scope if needed.

    Collaborate and promote visibility

    Explain and promote available sources of configuration information and the best ways to use them, then provide hints and tips for more efficient use.

    Think and work holistically

    Consider other sources of data for decision making. Do not try to put everything in the CMDB.

    Keep it simple and practical

    Provide relevant information in the most convenient way; avoid complex interfaces and reports.

    Optimize and automate

    Continually optimize resource-consuming practice activities. Automate CDMB verification, data collection, relationship discovery, and other activities.

    ITIL 4 guiding principles as described by AXELOS

    Step 1.1

    Identify use cases and desired benefits for service configuration management

    Activities

    1.1.1 Brainstorm data collection challenges

    1.1.2 Define goals and how you plan to meet them

    1.1.3 Brainstorm and prioritize use cases

    1.1.4 Identify the data needed to reach your goals

    1.1.5 Record required data sources

    This step will walk you through the following aspects of a configuration management system:

    • Scope
    • Use cases

    This phase involves the following participants:

    • IT and business service owners
    • Business/customer relationship managers
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project sponsor
    • Project manager

    Identify potential obstacles in your organization to building and maintaining a CMDB

    Often, we see multiple unsuccessful attempts to build out a CMDB, with teams eventually losing faith and going back to spreadsheets. These are common obstacles:

    • Significant manual data collection, which is rarely current and fully accurate.
    • Multiple discovery solutions creating duplicate records, with no clear path to deduplicate records.
    • Manual dependency mapping that isn't accurate because it's not regularly assessed and updated.
    • Hybrid cloud and on-premises environment with discovery solutions only partially collecting as the right discovery and dependency mapping solutions aren't in place.
    • Dynamic environments (virtual, cloud, or containers) that may exist for a very short time, but no one knows how they should be managed.
    • Lack of expertise to maintain and update the CMDB or lack of an assigned owner for the CMDB. If no one owns the process and is assigned as a steward of data, it will not be maintained.
    • Database that was designed with other purposes in mind and is heavily customized, making it difficult to use and maintain.

    Understanding the challenges to accessing and maintaining quality data will help define the risks created through lack of quality data.

    This knowledge can drive buy-in to create a configuration management practice that benefits the organization.

    1.1.1 Brainstorm data collection challenges

    Involve stakeholders.
    Allot 45 minutes for this discussion.

    1. As a group, brainstorm the challenges you have with data:
    2. Accuracy and trustworthiness: What challenges do you have with getting accurate data on IT services and systems?
      1. Access: Where do you have challenges with getting data to people when they need it?
      2. Manually created data: Where are you relying on data that could be automatically collected?
      3. Data integration: Where do you have issues with integrating data from multiple sources?
      4. Impact: What is the result of these challenges?
    3. Group together these challenges into similar issues and identify what goals would help overcome them.
    4. Record these challenges in the Configuration Management Project Charter, section 1.2: Project Purpose.

    Download the Configuration Management Project Charter

    Input

    Output

    • None
    • List of high-level desired benefits for SCM
    Materials Participants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Configuration Management Project Charter
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Info-Tech Maturity Ladder

    Identify your current and target state

    INNOVATOR

    • Characteristics of business partner
    • Integration with orchestration tools

    BUSINESS PARTNER

    Data collection and validation is fully automated

    Integrated with several IT processes

    Meets the needs of IT and business use cases

    TRUSTED OPERATOR

    • Data collection and validation is partially or fully automated
    • Trust in data accuracy is high, meets the needs of several IT use cases

    FIREFIGHTER

    • Data collection is partially or fully automated, validation is ad hoc
    • Trust in data accuracy is variable, used for decision making

    UNSTABLE

    INNOVATOR

    • Characteristics of business partner
    • Integration with orchestration tools

    BUSINESS PARTNER

    • Data collection and validation is fully automated
    • Integrated with several IT processes
    • Meets the needs of IT and business use cases

    TRUSTED OPERATOR

    • Data collection and validation is partially or fully automated
    • Trust in data accuracy is high, meets the needs of several IT use cases

    FIREFIGHTER

    • Data collection is partially or fully automated, validation is ad hoc
    • Trust in data accuracy is variable, used for decision making

    UNSTABLE

    A tower is depicted, with arrows pointing to Current (orange) and Target(blue)

    Define goals for your CMDB to ensure alignment with all stakeholders

    • How are business or IT goals being hindered by not having the right data available?
    • If the business isn't currently asking for service-based reporting and accountability, start with IT goals. This will help to develop goals that will be most closely aligned to the IT teams' needs and may help incentivize the right behavior in data maintenance.
    • Configuration management succeeds by enabling its stakeholders to achieve their outcomes. Set goals for configuration management based on the most important outcomes expected from this project. Ask your stakeholders:
      1. What are the business' or IT's planned transformational initiatives?
      2. What are your highest priority goals?
      3. What should the priorities of the configuration management practice be?
    • The answers to these questions will shape your approach to configuration management. Direct input from your leadership and executives, or their delegates, will help ensure you're setting a solid foundation for your practice.
    • Identify which obstacles will need to be overcome to meet these goals.

    "[T]he CMDB System should be viewed as a 'system of relevance,' rather than a 'single source of truth.' The burdens of relevance are at once less onerous and far more meaningful in terms of action, analysis, and automation. While 'truth' implies something everlasting or at least stable, relevance suggests a far more dynamic universe."

    – CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al

    Identify stakeholders to discuss what they need from a CMDB; business and IT needs will likely differ

    Define your audience to determine who the CMDB will serve and invite them to these conversations. The CMDB can aid the business and IT and can be structured to provide dashboards and reports for both.

    Nondiscoverable configuration items will need to be created for both audiences to organize CIs in a way that makes sense for all uses.

    Integrations with other systems may be required to meet the needs of your audience. Note integrations for future planning.

    Business Services

    Within the data sets, service configuration models can be used for:

    • Impact analysis
    • Cause and effect analysis
    • Risk analysis
    • Cost allocation
    • Availability analysis and planning

    Technical Services

    Connect to IT Finance for:

    • Service-based consumption and costing
    • Financial awareness through showback
    • Financial recovery through chargeback
    • Support IT strategy through financial transparency
    • Cost optimization
    • Reporting for depreciation, location-related taxation, and capitalization (may also use asset management for these)

    Intersect with IT Processes to:

    • Reduce time to restore services through incident management
    • Improve stability through change management
    • Reduce outages through problem management
    • Optimize assets through IT asset management
    • Provide detailed reporting for audit/governance, risk, and compliance

    1.1.2 Define goals and how you plan to meet them

    Involve stakeholders.

    Allot 45 minutes for this discussion.

    As a group, identify current goals for building and using a CMDB.

    Why are we doing this?

    • How do you hope to use the data within the CMDB?
    • What processes will be improved through use of this data and what are the expected outcomes?

    How will we improve the process?

    • What processes will be put in place to ensure data integrity?
    • What tools will be put in place to improve the methods used to collect and maintain data?

    Record these goals in the Configuration Management Project Charter, section 1.3: Project Objectives.

    Input

    Output

    • None
    • List of high-level desired benefits for SCM
    Materials Participants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Configuration Management Project Charter
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    It's easy to think that if you build it, they will come, but CMDBs rarely succeed without solid use cases

    Set expectations for your organization that defined and fulfilled use cases will factor into prioritization exercises, functional plans, and project milestones to achieve ROI for your efforts.

    A good use case:

    • Justifies resource allocation
    • Gains funding for the right tools
    • Builds stakeholder support
    • Drives interest and excitement
    • Gains support from anyone in a position to help build out and validate the data
    • Helps to define success

    In the book CMDB Systems, Making Change Work in the Age of Cloud and Agile, authors Drogseth, Sturm, and Twing describe the secrets of success:

    A documented evaluation of CMDB System vendors showed that while most "best case" ROI fell between 6 and 9 months for CMDB deployments, one instance delivered ROI for a significant CMDB investment in as little as 2 weeks!

    If there's a simple formula for quick time to value for a CMDB System, it's the following:

    Mature levels of process awareness
    + Strong executive level support
    + A ready and willing team with strongly supportive stakeholders
    + Clearly defined and ready phase one use case
    + Carefully selected, appropriate technologies

    All this = Powerful early-phase CMDB System results

    Define and prioritize use cases for how the CMDB will be used to drive value

    The CMDB can support several use cases and may require integration with various modules within the ITSM solution and integration with other systems.

    Document the use cases that will drive your CMDB to relevance, including the expected benefits for each use case.

    Identify the dependencies that will need to be implemented to be successful.

    Define "done" so that once data is entered, verified, and mapped, these use cases can be realized.

    "Our consulting experience suggests that more than 75% of all strategic initiatives (CMDB or not) fail to meet at least initial expectations across IT organizations. This is often due more to inflated expectations than categorical failure."

    – CMDB Systems, Making Change Work in the Age of Cloud and Agile, Drogseth et al.

    This image demonstrates how CMBD will be used to drive value.

    After identifying use cases, determine the scope of configuration items required to feed the use cases

    On-premises software and equipment will be critical to many use cases as the IT team and partners work on network and data-center equipment, enterprise software, and integrations through various means, including APIs and middleware. Real-time and near real-time data collection and validation will ensure IT can act with confidence.

    Cloud use can include software as a service (SaaS) solutions as well as infrastructure and platform as a service (IaaS and PaaS), and this may be more challenging for data collection. Tools must be capable of connecting to cloud environments and feeding the information back into the CMDB. Where on-premises and cloud applications show dependencies, you might need to validate data if multiple discovery and dependency mapping solutions are used to get a complete picture. Tagging will be crucial to making sense of the data as it comes into the CMDB.

    In-house developed software would be beneficial to have in the CMDB but may require more manual work to identify and classify once discovered. A combination of discovery and tagging may be beneficial to input and classification.

    Highly dynamic environments may require data collection through integration with a variety of solutions to manage and record continuous deployment models and verifications, or they may rely on tags and activity logs to record historical activity. Work with a partner who specializes in CI/CD to help architect this use case.

    Containers will require an assessment of the level of detail required. Determine if the container is a CI and if the content will be described as attributes. If there is value to your use case to map the contents of each container as separate CIs within the container CI, then you can map to that level of detail, but don't map to that depth unless the use case calls for it.

    Internet of Things (IoT) devices and applications will need to match a use case as well. IoT device asset data will be useful to track within an asset database but may have limited value to add to a CMDB. If there are connections between IoT applications and data warehouses, the dependencies should likely be mapped to ensure continued dataflow.

    Out of scope

    A single source of data is highly beneficial, but don't make it a catchall for items that are not easily stored in a CMDB.

    Source code should be stored in a definitive media library (DML). Code can be linked to the CMDB but is generally too big to store in a CMDB and will reduce performance for data retrieval.

    Knowledge articles and maintenance checklists are better suited to a knowledge base. They can also be linked to the CDMB if needed but this can get messy where many-to-many relationships between articles and CIs exist.

    Fleet (transportation) assets and fixed assets should be in fleet management systems and accounting systems, respectively. Storing these types of data in the CMDB doesn't provide value to the support process.

    1.1.3 Brainstorm and prioritize use cases

    Which IT practices will you supercharge?

    Focus on improving both operations and strategy.

    1. Brainstorm the list of relevant use cases. What do you want to do with the data from the CMDB? Consider:
      1. ITSM management and governance practices
      2. IT operations, vendor orchestration, and service integration and management (SIAM) to improve vendor interactions
      3. IT finance and business service reporting needs
    2. Identify which use cases are part of your two- to three-year plan, including the purpose for adding configuration data into that process. Prioritize one or two of these use cases to accomplish in your first year.
    3. Identify dependencies to manage as part of the solution and define a realistic timeline for implementing integrations, modules, or data sources.
    4. Document this table in the Configuration Management Project Charter, section 2.2: Use Cases.
    Audience Use Case Goal/Purpose Project/Solution Dependencies Proposed Timeline Priority
    • IT
    • Change Management

    Stabilize the process by seeing:

    Change conflict reporting

    Reports of CI changes without change records

    System availability

    RFC mapping requires discovered CIs

    RFC review requires criticality, technical and business owners

    Conflict reporting requires dependency mapping

    • Discovery and manual information entered by October
    • Dependency mapping implemented by December

    High

    Determine what additional data will be needed to achieve your use cases

    Regardless of which use cases you are planning to fulfill with the CMDB, it is critical to not add data and complexity with the plan of resolving every possible inquiry. Ensure the cost and effort of bringing in the data and maintaining it is justified. The complexity of the environment will impact the complexity of data sources and integrations for discovery and dependency mapping.

    Before bringing in new data, consider:

    • Is this information available in other maintained databases now?
    • Will this data be critical for decision making? If it is nice to have or optional, can it be automatically moved into the database and maintained using existing integrations?
    • Is there a cost to bringing the data into the CMDB and maintaining it? Is that cost reasonable for its purpose?
    • How frequently will this information be accessed, and can it be updated in an adequate cadence to meet these needs?
    • When does this information need to be available?

    Info-Tech Insight

    If data will be used only occasionally upon request, determine if it will be more efficient to maintain it or to retrieve it from the CMDB or another data source as needed.

    Remember, within the data sets, service configuration models can be used for:

    • Impact analysis
    • Cause and effect analysis
    • Risk analysis
    • Cost allocation
    • Availability analysis and planning

    1.1.4 Expand your use cases by identifying the data needed to reach your goals

    Involve stakeholders.

    Allot 60 minutes for this discussion.

    Review use cases and their goals.

    Identify what data will be required to meet those goals and determine whether it will be mandatory or optional/nice-to-have information.

    Identify sources of data for each type of data. Color code or sort.

    Italicize data points that can be automatically discovered.

    Gain consensus on what information will be manually entered.

    Record the data in the Use Cases and Data Worksheet.

    Download the Use Cases and Data Worksheet

    Input

    Output

    • None
    • List of data requirements
    MaterialsParticipants
    • Whiteboard/flip charts
    • Sticky notes
    • Markers/pens
    • Use Cases and Data Worksheet
    • IT and business service owners
    • Business/customer relationship managers
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Use discovery and dependency mapping tools to automatically update the CMDB

    Avoid manual data entry whenever possible.

    Consider these features when looking at tools:

    • Application dependency mapping: Establishing and tracking the relationships and dependencies between system components, applications, and IT services. The ideal tool will be able to generate maps automatically.
    • Agentless and agent discovery: Scanning systems with both agent and agentless approaches. Agent-based scanning provides comprehensive information on applications used in individual endpoints, which is helpful in minimizing its IT footprint. However, agents require endpoint access. Agentless-based scanning provides a broader and holistic view of deployed applications without the need to install an agent on end devices, which can be good enough for inventory awareness.
    • Data export capability: Easy exporting of application inventory information to be used in reports and other tools.
    • Dashboards and chart visualization: Detailed list of the application inventory, including version number, number of users, licenses, deployment location, and other application details. These details will inform decision makers of each application's health and its candidacy for further rationalization activities.
    • Customizable scanning scripts: Tailor your application discovery approach by modifying the scripts used to scan your systems.
    • Integration with third-party tools: Easy integration with other systems with out-of-the-box plugins or customizable APIs.

    Determine which data collection methods will be used to populate the CMDB

    The effort-to-value ratio is an important factor in populating a CMDB. Manual efforts require a higher process focus, more intensive data validation, and a constant need to remind team members to act on every change.

    Real-Time Data AIOps continual scans Used for event and incident management
    Near Real-Time Data Discovery and dependency mapping run on a regular cycle Used for change and asset management
    Historical Data Activity log imports, manual data entry Used for IT finance, audit trail
    • Determine what amount of effort is appropriate for each data grouping and use case. As decisions are made to expand data within the CMDB, the effort-to-value ratio should always factor in. To be usable, data must be accurate, and every piece of data that needs to be manually entered runs the risk of becoming obsolete.
    • Identify which data sources will bring in each type of data. Where there is a possibility of duplicate records being created, one of the data sources will need to be identified as the primary.
    • If the decision is to manually enter configuration items early in the process, be aware that automation may create duplicates of the CIs that will need to be deduplicated at some point in the process to make the information more usable.
    • Typically, items are discovered, validated, then mapped, but there will be variations depending on the source.
    • Active Directory or LDAP may be used to bring users and technicians into the CMDB. Data may be imported from spreadsheets. Identify efforts where data cleanup may have to happen before transferring into the CMDB.
    • Identify how often manual imports will need to be conducted to make sure data is usable.

    Identify other nondiscoverable data that will need to be added to or accessed by the CMDB

    Foundational data, such as technicians, end users and approvers, roles, location, company, agency, department, building, or cost center, may be added to tables that are within or accessed by the CMDB. Work with your vendor to understand structure and where this information resides.

    • These records can be imported from CSV files manually, but this will require manual removal or edits as information changes.
    • Integration with the HRIS, Active Directory, or LDAP will enable automatic updates through synchronization or scheduled imports.
    • If synchronization is fully enabled, new data can be added and removed from the CMDB automatically.
    • Identify which nondiscoverable attributes will be needed, such as system criticality, support groups, groups it is managed by, location.
    • If partially automating the process, identify where manual updates will need to occur.
    • If fully automating the process, notifications will need to be set up when business owner or product or technical owner fields become empty to prompt defining a replacement within the CMDB.
    • Determine who will manage these updates.
    • Work with your CMDB implementation vendor to determine the best option for bringing this information in.

    1.1.5 Record required data sources

    Allot 15 minutes for this discussion.

    1. Where do you track the work involved in providing services? Typically, your ticket database tracks service requests and incidents. Additional data sources can include:
      • Enterprise resource planning tools for tracking purchase orders
      • Project management information system for tracking tasks
    2. What trusted data sources exist for the technology that supports these services? Examples include:
      • Management tools (e.g. Microsoft Endpoint Configuration Manager)
      • Architectural diagrams and network topology diagrams
      • IT asset management database
      • Spreadsheets
      • Other systems of record
    3. What other data sources can help you gather the data you identified in activity 1.1.4?
    4. Record the relevant data sources for each use case in the Configuration Management Standard Operating Procedures, section 6: Data Collection and Updates.

    Info-Tech Insight

    Improve the trustworthiness of your CMDB as a system of record by relying on data that is already trusted.

    Input

    Output

    • Use cases
    • List of data requirements
    MaterialsParticipants
    • Use Cases and Data Worksheet
    • Configuration Management Standard Operating Procedures
    • IT and business service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Step 1.2

    Define roles and responsibilities

    Activities

    1.2.1 Record the project team and stakeholders

    1.2.2 Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    This step will walk you through the following aspects of a configuration management system:

    • Roles and responsibilities

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager

    Identify the roles you need in your SCM project

    Determine which roles will need to be involved in the initial project and how to source these roles.

    Leadership Roles
    Oversee the SCM implementation

    1. Configuration Manager – The practice owner for SCM. This is a long-term role.
    2. Configuration Control Board (CCB) Chair – An optional role that oversees proposed alterations to configuration plans. If a CCB is implemented, this is a long-term role.
    3. Project Sponsor or Program Sponsor – Provides the necessary resources for building the CMDB and SCM practices.
    4. Architecture Roles
      Plan the program to build strong foundation
      1. Configuration Management Architect – Technical leader who defines the overall CM solution, plans the scope, selects a tool, and leads the technical team that will implement the solution.
      2. Requirements Analyst – Gathers and manages the requirements for CM.
      3. Process Engineer – Defines, documents, and implements the entire process.

    Architecture Roles
    Plan the program to build strong foundation

    1. Configuration Management Architect – Technical leader who defines the overall CM solution, plans the scope, selects a tool, and leads the technical team that will implement the solution.
    2. Requirements Analyst – Gathers and manages the requirements for CM.
    3. Process Engineer – Defines, documents, and implements the entire process.

    Engineer Roles
    Implement the system

    1. Logical Database Analyst (DBA) Designs the structure to hold the configuration management data and oversees implementation.
    2. Communications and Trainer – Communicates the goals and functions of CM and teaches impacted users the how and why of the process and tools.

    Administrative Roles
    Permanent roles involving long-term ownership

    1. Technical Owner – The system administrator responsible for their system's uptime. These roles usually own the data quality for their system.
    2. Configuration Management Integrator – Oversees regular transfer of data into the CMDB.
    3. Configuration Management Tool Support – Selects, installs, and maintains the CM tool.
    4. Impact Manager – Analyzes configuration data to ensure relationships between CIs are accurate; conducts impact analysis.

    1.2.1 Record the project team and stakeholders

    Allocate 25 minutes to this discussion.

    1. Record the project team.
      1. Identify the project manager who will lead this project.
      2. Identify key personnel that will need to be involved in design of the configuration management system and processes.
      3. Identify where vendors/outsourcers may be required to assist with technical aspects.
      4. Document the project team in the Configuration Management Project Charter, section 1.1: Project Team.
    1. Record a list of stakeholders.
      1. Identify stakeholders internal and external to IT.
      2. Build the stakeholder profile. For each stakeholder, identify their role, interest in the project, and influence on project success. You can score these criteria high/medium/low or score them out of ten.
      3. If managed service providers will need to be part of the equation, determine who will be the liaison and how they will provide or access data.
    Input

    Output

    • Project team members
    • Project plan resources
    MaterialsParticipants
    • Configuration Management Project Charter
    • List of project stakeholders and participants
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Even with full automation, this cannot be a "set it and forget it" project if it is to be successful long-term

    Create a team to manage the process and data updates and to ensure data is always usable.

    • Services may be added and removed.
    • Technology will change as technical debt is reduced.
    • Vendors may change as contract needs develop.
    • Additional use cases may be introduced by IT and the business as approaches to management evolve.
    • AIOps can reduce the level of effort and improve visibility as configuration items change from the baseline and notifications are automated.
    • Changes can be checked against requests for changes through automated reconciliations, but changes will still need to be investigated where they do not meet expectations.
    • Manual data changes will need to be made regularly and verified.

    "We found that everyone wanted information from the CMDB, but no one wanted to pay to maintain it. People pointed to the configuration management team and said, 'It's their responsibility.'

    Configuration managers, however, cannot own the data because they have no way of knowing if the data is accurate. They can own the processes related to checking accuracy, but not the data itself."
    – Tim Mason, founding director at TRM Associates
    (Excerpt from Viewpoint: Focus on CMDB Leadership)

    Include these roles in your CMDB practice to ensure continued success and continual improvement

    These roles can make up the configuration control board (CCB) to make decisions on major changes to services, data models, processes, or policies. A CCB will be necessary in complex environments.

    Configuration Manager

    This role is focused on ensuring everyone works together to build the CMDB and keep it up to date. The configuration manager is responsible to:

    • Plan and manage the standards, processes, and procedures and communicate all updates to appropriate staff. Focused on continual improvement.
    • Plan and manage population of the CMDB and ensure data included meets criteria for cost effectiveness and reasonable effort for the value it brings.
    • Validate scope of services and CIs to be included and controlled within the CMDB and manage exceptions.
    • Audit data quality to ensure it is valid, is current, and meets defined standards.
    • Evaluate and recommend tools to support processes, data collection, and integrations.
    • Ensure configuration management processes interface with all other service and business management functions to meet use cases.
    • Report on configuration management performance and take appropriate action on process adherence and quality issues.

    Configuration Librarian

    This role is most important where manual data entry is prevalent and where many nonstandard configurations are in place. The librarian role is often held by the tool administrator. The librarian focuses specifically on data within the CMDB, including:

    • Manual updates to configuration data.
    • CMDB data verification on a regular schedule.
    • Processing ad hoc requests for data.

    Product/Service/Technical Owners

    The product or technical owner will validate information is correctly updating and reflects the existing data requirements as new systems are provisioned or as existing systems change.

    Interfacing Practice Owners

    All practice owners, such as change manager, incident manager, or problem manager, must work with the configuration team to ensure data is usable for each of the use cases they are responsible for.

    Download the Configuration Manager job description

    Assign configuration management responsibilities and accountabilities

    Align authority and accountability.

    • A RACI exercise will help you discuss and document accountability and responsibility for critical configuration management activities.
    • When responsibility and accountability are not well documented, it's often useful to invite a representative of the roles identified to participate in this alignment exercise. The discussion can uncover contrasting views on responsibility and governance, which can help you build a stronger management and governance model.
    • The RACI chart can help you identify who should be involved when making changes to a given activity. Clarify the variety of responsibilities assigned to each key role.
    • In the future, you may need to define roles in more detail as you change your configuration management procedures.

    Responsible: The person who actually gets the job done.
    Different roles may be responsible for different aspects of the activity relevant to their role.

    Accountable: The one role accountable for the activity (in terms of completion, quality, cost, etc.)
    Must have sufficient authority to be held accountable; responsible roles are often accountable to this role.

    Consulted: Those who need the opportunity to provide meaningful input at certain points in the activity; typically, subject matter experts or stakeholders. The more people you must consult, the more overhead and time you'll add to a process.

    Informed: Those who receive information regarding the task but do not need to provide feedback.
    Information might relate to process execution, changes, or quality.

    Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    Determine what roles will be in place in your organization and who will fulfill them, and create your RACI chart to reflect what makes sense for your organization. Additional roles may be involved where there is complexity.

    R = responsible, A = accountable, C = consulted, I = informed CCB Configuration Manager Configuration Librarian Technical Owner(s) Interfacing Practice Owners Tool Administrator
    Plan and manage the standards, processes, and procedures and communicate all updates to appropriate staff. Focused on continual improvement. A R
    Plan and manage population of the CMDB and ensure data included meets criteria for cost effectiveness and reasonable effort for the value it brings. A R
    Validate scope of services and CIs to be included and controlled within the CMDB and manage exceptions. A R
    Audit data quality to ensure it is valid, is current, and meets defined standards. A,R
    Evaluate and recommend tools to support processes, data collection, and integrations. A,R
    Ensure configuration management processes interface with all other service and business management functions to meet use cases. A
    Report on configuration management performance and take appropriate action on process adherence and quality issues. A
    Make manual updates to configuration data. A
    Conduct CMDB data verification on a regular schedule. A
    Process ad hoc requests for data. A
    Enter new systems into the CMDB. A R
    Update CMDB as systems change. A R
    Identify new use cases for CMDB data. R A
    Validate data meets the needs for use cases and quality. R A
    Design reports to meet use cases. R
    Ensure integrations are configured as designed and are functional. R

    1.2.2 Complete a RACI chart to define who will be accountable and responsible for configuration tasks

    Allot 60 minutes for this discussion.

    1. Open the Configuration Management Standard Operating Procedures, section 4.1: Responsibility Matrix. In the RACI chart, review the top row of roles. Smaller organizations may not need a configuration control board, in which case the configuration manager may have more authority.
    2. Modify or expand the process tasks in the left column as needed.
    3. For each role, identify what that person is responsible for, accountable for, consulted on, or informed of. Fill out each column.
    4. Document in the SOP. Schedule a time to share the results with organization leads.
    5. Distribute the chart among all teams in your organization.
    6. Describe additional roles as needed in the documentation.
    7. Add accountabilities and responsibilities for the CCB into the Configuration Control Board Charter.
    8. If appropriate, add auxiliary roles to the Configuration Management Standard Operating Procedures, section 4.2: Configuration Management Auxiliary Role Definitions.

    Notes:

    1. Assign one Accountable for each task.
    2. Have one or more Responsible for each task.
    3. Avoid generic responsibilities such as "team meetings."
    4. Keep your RACI definitions in your documents for quick reference.

    Refer back to the RACI chart when building out the communications plan to ensure accountable and responsible team members are on board and consulted and informed people are aware of all changes.

    Input

    Output

    • Task assignments
    • RACI chart with roles and responsibilities
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures, RACI chart
    • Configuration Control Board Charter, Responsibilities section
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Phase 2

    Configuration Management Data Model

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • Data Model
    • Customer-Facing and Supporting Services
    • Business Capabilities
    • Relationships
    • IT Infrastructure Components
    • Enterprise Software
    • End-User Devices
    • Documents

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • CM practice manager
    • CM project manager

    Step 2.1

    Build a framework for CIs and relationships

    Activities

    Document services:

    2.1.1 Define and prioritize your services

    2.1.2 Test configuration items against existing categories

    2.1.3 Create a configuration control board charter to define the board's responsibilities and protocols

    This step will walk you through the following aspects of a configuration management system:

    • Data model
    • Configuration items
    • Relationships

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • CM practice manager
    • Project manager

    Making sense of data daily will be key to maintaining it, starting with services

    As CIs are discovered and mapped, they will automatically map to each other based on integrations, APIs, queries, and transactions. However, CIs also need to be mapped to a conceptional model or service to present the service and its many layers in an easily consumable way.

    These services will need to be manually created or imported into the CMDB and manually connected to the application services. Services can be mapped to technical or business services or both.

    If business services reporting has been requested, talk to the business to develop a list of services that will be required. Use terms the business will be expecting and identify which applications and instances will be mapped to those services.

    If IT is using the CMDB to support service usage and reporting, develop the list of IT services and identify which applications and instances will be mapped to those services.

    This image show the relationship between Discoverable and Nondiscoverable CIs. The discoverable CIs are coloured in purple, and the nondiscoverables are blue.

    Work with your stakeholders to ensure catalog items make sense to them

    There isn't a definitive right or wrong way to define catalog items. For example, the business and IT could both reference application servers, but only IT may need to see technical services broken down by specific locations or device types.

    Refer back to your goals and use cases to think through how best to meet those objectives and determine how to categorize your services.

    Define the services that will be the top-level, nondiscoverable services, which will group together the CIs that make up the complete service. Identify which application(s) will connect into the technical service.

    When you are ready to start discovery, this list of services will be connected to the discovered data to organize it in a way that makes sense for how your stakeholders need to see the data.

    While working toward meeting the goals of the first few use cases, you will want to keep the structure simple. Once processes are in place and data is regularly validated, complexities of different service types and names can be integrated into the data.

    This image show the relationship between Discoverable and Nondiscoverable CIs. Both Discoverable and nondiscoverable CIs are blue.

    Application Service(blue); Technical Service(Purple); IT Shared Services(Orange); Billable Services(green); Service Portfolio(red)

    Define the service types to manage within the CMDB to logically group CIs

    Determine which method of service groupings will best serve your audience for your prioritized use cases. This will help to name your service categories. Service types can be added as the CMDB evolves and as the audience changes.

    Application Service

    Technical Service

    IT Shared Services

    Billable Services

    Service Portfolio

    A set of interconnected applications and hosts configured to offer a service to the organization.

    Example: Financial application service, which may include email, web server, application server, databases, and middleware.

    A logical grouping of CIs based on common criteria.

    Example: Toronto web services, which may include several servers, web applications, and databases.

    A logical grouping of IT and business services shared and used across the organization.

    Example: VoIP/phone services or networking or security services.

    A group of services that will be billed out to departments or customers and would require logical groupings to enable invoicing.

    A group of business and technical service offerings with specific performance reporting levels. This may include multiple service levels for different customer audiences for the same service.

    2.1.1 Define and prioritize your services

    Prioritize your starting point. If multiple audiences need to be accommodated, work with one group at a time.

    Timing: will vary depending on number of services, and starting point

    1. Create your list of services, referencing an existing service catalog, business continuity or disaster recovery plan, list of applications, or brainstorming sessions. Use the terminology that makes the most sense for the audience and their reporting requirements.
    2. If this list is already in place, assess for relevance and reduce the list to only those services that will be managed through the CMDB.
    3. Determine what data will be relevant for each service based on the exercises done in 1.1.4 and 1.1.5. For example, if priority was a required attribute for use case data, ensure each service lists the priority of that service.
    4. For each of these, identify the supporting services. These items can come from your technical service catalog or list of systems and software.
    5. Document this table in the Use Cases and Data Worksheet, tab 3: Service Catalog.

    Service Record Example

    Service: Email
    Supporting Services: M365, Authentication Services

    Service Attributes

    Availability: 24/7 (99.999%)
    Priority: Critical
    Users: All
    Used for: Collaboration
    Billable: Departmental
    Support: Unified Support Model, Account # 123456789

    The CMDB will be organized by services and will enable data analysis through multiple categorization schemes

    To extract maximum service management benefit from a CMDB, the highest level of CI type should be a service, as demonstrated below. While it is easier to start at the system or single-asset level, taking the service mapping approach will provide you with a useful and dynamic view of your IT environment as it relates to the services you offer, instead of a static inventory of components.

    Level 1: Services

    • Business Service Offering: A business service is an IT service that supports a business process, or a service that is delivered to business customers. Business service offerings typically are bound by service-level agreements.
    • IT Service Offering: An IT service supports the customer's business processes and is made up of people, processes, and technology. IT service offerings typically are bound by service-level agreements.

    Level 2: Infrastructure CIs

    • IT Component Set: An IT service offering consists of one of more sets of IT components. An IT component set allows you to group or bundle IT components with other components or groupings.
    • IT Component: An IT system is composed of one or more supporting components. Many components are shared between multiple IT systems.

    Level 3: Supporting CIs

    • IT Subcomponent: Any IT asset that is uniquely identifiable and a component of an IT system.
    • IT components can have subcomponents, and those components can have subcomponents, etc.

    Two charts, showing Enterprise Architect Model and Configuration Service Model. Each box represents a different CI.

    Assess your CMDB's standard category offerings against your environment, with a plan to minimize customization

    Standard categorization schemes will allow for easier integration with multiple tools and reporting and improve results if using machine learning to automate categorization. If the CMDB chosen includes structured categories, use that as your starting point and focus only on gaps that are not addressed for CIs unique to your environment.

    There is an important distinction between a class and a type. This concept is foundational for your configuration data model, so it is important that you understand it.

    • Types are general groupings, and the things within a type will have similarities. For attributes that you want to collect on a type, all children classes and CIs will have those attribute fields.
    • Classes are a more specific grouping within a type. All objects within a class will have specific similarities. You can also use subclasses to further differentiate between CIs.
    • Individual CIs are individual instances of a class or subclass. All objects in a class will have the same attribute fields and behave the same, although the values of their attributes will likely differ.
    • Attributes may be discovered or nondiscoverable and manually added to CIs. The attributes are properties of the CI such as serial number, version, memory, processor speed, or asset tag.

    Use inheritance structures to simplify your configuration data model.

    An example CM Data Model is depicted.

    Assess the list of classes of configuration items against your requirements

    Types are general groupings, and the things within a type will have similarities. Each type will have its own table within the CMDB. Classes within a type are a more specific grouping of configuration items and may include subclasses.

    Review your vendor's CMDB documentation. Find the list of CI types or classes. Most CMDBs will have a default set of classes, like this standard list. If you need to build your own, use the table below as a starting point. Define anything required for unique classes. Create a list and consult with your installation partner.

    Sample list of classes organized by type

    Types Services Network Hardware Storage Compute App Environment Documents
    Classes
    • Application Service
    • Technical Service
    • IT Shared Service
    • Billable Service
    • Service Portfolio
    • Switch
    • Router
    • Firewall
    • Modem
    • SD-WAN
    • Load Balancer
    • UPS
    • Computer
    • Laptop
    • Server
    • Tablet
    • Database
    • Network-Attached Storage
    • Storage Array Network
    • Blob
    • Operating System
    • Hypervisor
    • Virtual Server
    • Virtual Desktop
    • Appliance
    • Virtual Application
    • Enterprise Application
    • Line of Business Application Software
    • Development
    • Test
    • Production
    • Contract
    • Business Impact Analysis
    • Requirements

    Review relationships to determine which ones will be most appropriate to map your dependencies

    Your CMDB should include multiple relationship types. Determine which ones will be most effective for your environment and ensure everyone is trained on how to use them. As CIs are mapped, verify they are correct and only manually map what is incorrect or not mapping through automation.

    Manually mapping CMDB relationships may be time consuming and prone to error, but where manual mapping needs to take place, ensure the team has a common view of the dependency types available and what is important to map.

    Use automated mapping whenever possible to improve accuracy, provide functional visualizations, and enable dynamic updates as the environment changes.

    Where a dependency maps to external providers, determine where it makes sense to discover and map externally provided CIs.

    • Only connect where there is value in mapping to vendor-owned systems.
    • Only connect where data and connections can be trusted and verified.

    Most common dependency mapping types

    A list of the most common dependency mapping types.

    2.1.2 Test configuration items against existing categories

    Time to complete: 1-2 hours

    1. Select a service to test.
    2. Identify the various components that make up the service, focusing on configuration items, not attributes
    3. Categorize configuration items against types and classes in the default settings of the CMDB.
    4. Using the default relationships within the CMDB, identify the relationships between the configuration items.
    5. Identify types, classes, and relationships that do not fit within the default settings. Determine if there are common terms for these items or determine most appropriate name.
    6. Validate these exceptions with the publisher.
    7. Document exceptions in the Configuration Management Standard Operating Procedures, Appendix 2: Types and Classes of Configuration Items
    Input

    Output

    • List of default settings for classes, types, and relationships
    • Small list of services for testing
    • List of CIs to map to at least one service
    • List of categories to add to the CMDB solution.
    MaterialsParticipants
    • Use Cases and Data Worksheet
    • Configuration Management Standard Operating Procedures
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    2.1.3 Create a configuration control board charter to define the board's responsibilities and protocols

    A charter will set the tone for meetings, ensure purpose is defined and meeting cadence is set for regular reviews.

    1. Open the Configuration Control Board Charter. Review the document and modify as appropriate for your CCB. This will include:
      • Purpose and mandate of the committee – Reference objectives from the project charter.
      • Team composition – Determine the right mix of team members. A team of six to ten people can provide a good balance between having a variety of opinions and getting work done.
      • Voting option – Determine the right quorum to approve changes.
      • Responsibilities – List responsibilities, starting with RACI chart items.
      • Authority – Define the control board's span of control.
      • Governing laws and regulations – List any regulatory requirements that will need to be met to satisfy your auditors.
      • Meeting preparation – Set expectations to ensure meetings are productive.
    2. Distribute the charter to CCB members.
    Input

    Output

    • Project team members
    • Project plan resources
    MaterialsParticipants
    • Configuration Control Board Charter
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Assess the default list of statuses for each state

    Align this list with your CMDB

    Minimize the number of customizations that will make it difficult to update the platform.

    1. Review the default status list within the tool.
    2. Identify which statuses will be most used. Write a definition for each status.
    3. Update this list as you update process documentation in Step 3.1. After initial implementation, this list should only be modified through change enablement.
    4. Record this list of statuses in the Configuration Management Standard Operating Procedures, Appendix 4: Statuses
    State Status Description
    Preparation Ordered Waiting delivery from the vendor
    In Planning Being created
    Received Vendor has delivered the item, but it is not ready for deployment
    Production In Stock Available to be deployed
    In Use Deployed
    On Loan Deployed to a user on a temporary basis
    For Removal Planning to be phased out but still deployed to an end user
    Offline In Transit Moving to a new location
    Under Maintenance Temporarily offline while a patch or change is applied
    Removed Decommissioned Item has been retired and is no longer in production
    Disposed Item has been destroyed and we are no longer in possession of it
    Lost Item has been lost
    Stolen Item has been stolen

    Step 2.2

    Document statuses, attributes, and data sources

    Activities

    2.2.1 Follow the packet and map out the in-scope services and data centers

    2.2.2 Build data model diagrams

    2.2.3 Determine access rights for your data

    This step will walk you through the following aspects of a configuration management system:

    • Statuses
    • Attributes for each class of CI

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager

    Outcomes of this step

    • Framework for approaching CI statuses
    • Attributes for each class of CI
    • Data sources for those attributes

    Service mapping approaches

    As you start thinking about dependency mapping, it's important to understand the different methods and how they work, as well as your CMDB's capabilities. These approaches may be all in the same tool, or the tool may only have the top-down options.

    Top down, most common

    Pattern-based

    Most common option, which includes indicators of connections such as code, access rights, scripting, host discovery, and APIs.

    Start with pattern-based, then turn on traffic-based for more detail. This combination will provide the most accuracy.

    Traffic-based

    Map against traffic patterns involving connection rules to get more granular than pattern-based.

    Traffic-based can add a lot of overhead with extraneous data, so you may not want to run it continuously.

    Tag-based

    Primarily used for cloud, containers, and virtual machines and will attach the cloud licenses to their dependent services and any related CIs.

    Tags work well with cloud but will not have the same hierarchical view as on-premises dependency mapping.

    Machine learning

    Machine learning will look for patterns in the traffic-based connections, match CIs to categories and help organize the data.

    Machine learning (ML) may not be in every solution, but if you have it, use it. ML will provide many suggestions to make the life of the data manager easier.

    Model hierarchy

    Automated data mapping will be helpful, but it won't be foolproof. It's critical to understand the data model to validate and map nondiscoverable CIs correctly.

    The framework consists of the business, enterprise, application, and implementation layers.

    The business layer encodes real-world business concepts via the conceptual model.

    The enterprise layer defines all enterprise data assets' details and their relationships.

    The application layer defines the data structures as used by a specific application.

    The implementation layer defines the data models and artifacts for use by software tools.

    An example of Model Hierarchy is depicted.

    Learn how to create data models with Info-Tech's blueprint Create and Manage Enterprise Data Models

    2.2.1 Follow the packet and map out the in-scope services and data centers

    Reference your network topology and architecture diagrams.

    Allot 1 hour for this activity.

    1. Start with a single service that is well understood and documented.
    2. Identify the technical components (hardware and applications) that make up the service.
    3. Determine if there is a need to further break down services into logical service groupings. For example, the email service to the right is broken down into authentication and mail flow.
    4. If you don't have a network diagram to follow, create a simple one to identify workflows within the service and components the service uses.
    5. Record the apps and underlying components in the Configuration Management Standard Operating Procedures, Appendix 1: Configuration Data Model Structure.

    This information will be used for CM project planning and validating the contents of the CMDB.

    an example of a Customer-facing service is shown, for Email sample topology.

    Download the Configuration Management Diagram Template Library to see an example.

    Build your configuration data model

    Rely on out-of-the-box functionality where possible and keep a narrow focus in the early implementation stages.

    1. If you have an enterprise architecture, then your configuration management data model should align with it.
    2. Keep a narrow focus in the early implementation stages. Don't fill up your CMDB until you are ready to validate and fix the data.
    3. Rely on out-of-the-box (OOTB) functionality where possible. If your configuration management database (CMDB) and platform do not have a data model OOTB, then rely on a publicly available data model.
    4. Map your business or IT service offering to the first few layers.

    Once this is built out in the system, you can let the automated dependency mapping take over, but you will still need to validate the accuracy of the automated mapping and investigate anything that is incorrect.

    Sample Configuration Data Model

    Every box represents a CI, and every line represents a relationship

    A sample configuration Data model is shown.

    Example: Data model and CMDB visualization

    Once the data model is entered into the CMDB, it will provide a more dynamic and complex view, including CIs shared with other services.

    An example of a Data Model Exercise

    CMDB View

    An example of a CMDB View of the Data Model Exercise

    2.2.2 Build data model diagrams

    Visualize the expected CI classes and relationships.

    Allot 45 minutes.

    1. Identify the different data model views you need. Use multiple diagrams to keep the information simple to read and understand. Common diagrams include:
      1. Network level: Outline expected CI classes and relationships at the network level.
      2. Application level: Outline the expected components and relationships that make up an application.
      3. Services level: Outline how business capability CIs and service CIs relate to each other and to other types of CIs.
    1. Use boxes to represent CI classes.
    2. Use lines to represent relationships. Include details such as:
      1. Relationship name: Write this name on the arrow.
      2. Direction: Have an arrow point to each child.

    Review samples in Configuration Management Diagram Template Library.
    Record these diagrams in the Configuration Management Standard Operating Procedures, Appendix 1: Configuration Data Model Structure.

    Input

    Output

    • List of default settings for classes, types, and relationships
    • Small list of services for testing
    • List of CIs to map to at least one service
    • List of additions of categories to add to the CMDB solution.
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Download the Configuration Management Diagram Template Library to see examples.

    Determine governance for data security, access, and validation

    Align CMDB access to the organization's access control policy to maintain authorized and secure access for legitimate staff performing their role.

    Data User Type Access Role
    Data consumers
    • View-only access
    • Will need to view and use the data but will not need to make modifications to it
    • Service desk
    • Change manager
    • Major incident manager
    • Finance
    CMDB owner
    • Read/write access with the ability to update and validate data as needed
    • Configuration manager
    Domain owner
    • Read/write access for specific domains
    • Data owner within their domain, which includes validating that data is in the database and that it is correctly categorized.
    • Enterprise architect
    • Application owner
    Data provider
    • Read/write access for specific domains
    • Ensures automated data has been added and adds nondiscoverable assets and attributes as needed
    • Server operations
    • Database management
    • Network teams
    CMDB administrator
    • View-only access for data
    • Will need to have access for modifying the structure of the product, including adding fields, as determined by the CCB
    • ITSM tool administrator

    2.2.3 Determine access rights for your data

    Allot 30 minutes for this discussion.

    1. Open the Configuration Management Standard Operating Procedures, section 5: Access Rights.
    2. Review the various roles from an access perspective.
      1. Who needs read-only access?
      2. Who needs read/write access?
      3. Should there be restrictions on who can delete data?
    1. Fill in the chart and communicate this to your CMDB installation vendor or your CMDB administrator.
    Input

    Output

    • Task assignments
    • Access rights and roles
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • IT service owners
    • Practice owners and managers
    • SCM practice manager
    • SCM project sponsor

    Phase 3

    Configuration Record Updates

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspects of a configuration management system:

    • ITSM Practices and Workflows
    • Discovery and Dependency Mapping Tools
    • Auditing and Data Validation Practices

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager
    • IT audit

    Harness Service Configuration Management Superpowers

    Step 3.1

    Keep CIs and relationships up to date through lifecycle process integrations

    Activities

    3.1.1 Define processes to bring new services into the CMDB

    3.1.2 Determine when each type of CI will be created in the CMDB

    3.1.3 Identify when each type of CI will be retired in the CMDB

    3.1.4 Record when and how attributes will change

    3.1.5 Institute configuration control and configuration baselines

    This step will walk you through the following aspects of a configuration management system:

    1. ITSM Practices and Workflows
    2. Discovery and Dependency Mapping Tools

    This phase involves the following participants:

    1. IT service owners
    2. Enterprise architects
    3. Practice owners and managers
    4. SCM practice manager
    5. Project manager

    Outcomes of this step

    • List of action items for updating interfacing practices and processes
    • Identification of where configuration records will be manually updated

    Incorporate CMDB updates into IT operations

    Determine which processes will prompt changes to the CMDB data

    Onboard new services - Offboard Redundant Services. Onboard new CIs - Offboard Redundant CIs; Maintain CIs - Update Attributes.

    Change enablement

    Identify which process are involved in each stage of data input, maintenance, and removal to build out a process for each scenario.

    Project management

    Change enablement

    Asset management

    Security controls

    Project management

    Incident management

    Deployment management

    Change enablement

    Asset management

    Security controls

    Project management

    Incident management

    Service management

    Formalize the process for adding new services to the CMDB

    As new services and products are introduced into the environment, you can improve your ability to correctly cost the service, design integrations, and ensure all operational capabilities are in place, such as data backup and business continuity plans.
    In addition, attributes such as service-level agreements (SLAs), availability requirements, and product, technical, and business owners should be documented as soon as those new systems are made live.

    • Introduce the technical team and CCB to the product early to ensure the service record is created before deployment and to quickly map the services once they are moved into the production environment.
    • Engage with project managers or business analysts to define the process to include security and technical reviews early.
    • Engage with the security and technical reviewers to start documenting the service as soon as it is approved.
    • Determine which practices will be involved in the creation and approval of new services and formalize the process to streamline entry of the new service, onboarding corresponding CIs and mapping dependencies.

    an example of the review and approval process for new service or products is shown.

    3.1.1 Define processes to bring new services into the CMDB

    Start with the most frequent intake methods, and if needed, use this opportunity to streamline the process.

    1. Discuss the methods for new services to be introduced to the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the creation of services in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Complete the Configuration Management Standard Operating Procedures, section 8.1: Introduce New Service and Data Model.

    Possible intake opportunities:

    • Business-driven project intake process
    • IT-driven project intake process
    • Change enablement reviews
    • Vendor-driven product changes
    Input

    Output

    • Discussion
    • Intake processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Identify scenarios where CIs are added and removed in the configuration management database

    New CIs may be introduced with new services or may be introduced and removed as part of asset refreshes or through service restoration in incident management. Updates may be done by your own services team or a managed services provider.
    Determine the various ways the CIs may be changed and test with various CI types.
    Review attributes such as SLAs, availability requirements, and product, technical, and business owners to determine if changes are required.

    • Identify what will be updated automatically or manually. Automation could include discovery and dependency mapping or synchronization with AMDB or AIOps tools.
    • Engage with relevant program managers to define and validate processes.
    • Identify control points and review audit requirements.

    An example of New or refresh CI from Procurement.

    Info-Tech Insight

    Data deemed no longer current may be archived or deleted. Retained data may be used for tracing lifecycle changes when troubleshooting or meeting audit obligations. Determine what types of CIs and use cases require archived data to meet data retention policies. If none do, deletion of old data may be appropriate.

    3.1.2 Identify when each type of CI will be created in the CMDB

    Allot 45 minutes for discussion.

    1. Discuss the various methods for new CIs to be introduced to the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the creation of CIs in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Complete Configuration Management Standard Operating Procedures, section 8.2: Introduce New Configuration Items to the CMDB

    Possible intake opportunities:

    • Business-driven project intake process
    • IT-driven project intake process
    • Change enablement reviews
    • Vendor-driven product changes
    • Incident management
    • Asset management, lifecycle refresh
    Input

    Output

    • Discussion
    • Retirement processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    3.1.3 Identify when each type of CI will be retired in the CMDB

    Allot 45 minutes for discussion.

    1. Discuss the various methods for CIs to be removed from the IT environment.
    2. Critique existing methods to assess consistency and identify issues that could prevent the retirement of CIs in the CMDB in a timely manner.
    3. Create a workflow for the existing processes, with an eye to improvement. Identify any changes that will need to be introduced and managed appropriately.
    4. Identify where additional groups may need to be engaged to ensure success. For example, if project managers are not interfacing early with IT, discuss process changes with them.
    5. Discuss the validation process and determine where control points are. Document these on the workflows.
    6. Discuss data retention. How long will retired information need to be archived? What are the potential scenarios where legacy information may be needed for analysis?
    7. Complete the Configuration Management Standard Operating Procedures, section 8.4: Retire and Archive Configuration Records.

    Possible retirement scenarios:

    • Change enablement reviews
    • Vendor-driven product changes
    • Incident management
    • Asset management, lifecycle refresh
    Input

    Output

    • Discussion
    • Intake processes
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration Management Diagram Template Library
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Determine appropriate actions for detecting new or changed CIs through discovery

    Automated detection will provide the most efficient way of recording planned changes to CIs as well as detected unplanned changes. Check with the tool to determine what reports or notifications are available for the configuration management process and define what actions will be appropriate.

    As new CIs are detected, identify the process by which they should have been introduced into configuration management and compare against those records. If your CMDB can automatically check for documentation, this may be easier. Weekly reporting will allow you to catch changes quickly, and alerts on critical CIs could enable faster remediation, if the tool allows for alerting. AIOps could identify, notify of, and process many changes in a highly dynamic environment.

    Type of Change

    Impacted Process

    Validation

    Findings

    Actions

    Configuration change to networking equipment or software

    Change management

    Check for request for change

    No RFC

    Add to CAB agenda, notify technical owner

    Configuration change to end-user device or software

    Asset management

    Check for service ticket

    No ticket

    Escalate to asset agenda, notify service manager

    New assets coming into service

    Security incident and event management

    Check for SIEM integration

    No SIEM integration

    Notify security operations team to investigate

    The configuration manager may not have authority to act but can inform the process owners of unauthorized changes for further action. Once the notifications are forwarded to the appropriate process owner, the configuration manager will note the escalation and follow up on data corrections as deemed appropriate by the associated process owner.

    3.1.4 Record when and how attributes will change

    These lists will help with configuration control plans and your implementation roadmap.

    1. List each attribute that will change in that CI type's life.
    2. Write all the times that each attribute will change. Identify:
      1. The name of the workflow, service request, process, or practice that modifies the attribute.
      2. Whether the update is made automatically or manually.
      3. The role or tool that updates the CMDB.
    1. Update the relevant process or procedure documentation. Explicitly identify when the configuration records are updated.

    Document these tables in Configuration Management Standard Operation Procedures, Section 8.7: Practices That Modify CIs.

    Network Equipment
    Attributes

    Practices That Modify This Attribute

    Status
    • Infra Deployment (updated manually by Network Engineering)
    • Change Enablement (updated manually by CAB or Network Engineering)
    Assigned User
    • IT Employee Offboarding or Role Change (updated manually by Network Engineering)
    Version
    • Patch Deployment (updated automatically by SolarWinds)
    End-User Computers
    Attributes
    Practices That Modify This Attribute
    Status
    • Device Deployment (updated manually by Desktop Support)
    • Device Recovery (updated manually by Desktop Support)
    • Employee Offboarding and Role Change (updated manually by Service Desk)
    Assigned User
    • Device Deployment (updated manually by Desktop Support)
    • Device Recovery (updated manually by Desktop Support)
    • Employee Offboarding and Role Change (updated manually by Service Desk)
    Version
    • Patch Deployment (updated automatically by ConfigMgr)

    Institute configuration control and configuration baselines where appropriate

    A baseline enables an assessment of one or more systems against the desired state and is useful for troubleshooting incidents or problems and validating changes and security settings.

    Baselines may be used by enterprise architects and system engineers for planning purposes, by developers to test their solution against production copies, by technicians to assess configuration drift that may be causing performance issues, and by change managers to assess and verify the configuration meets the target design.

    Configuration baselines are a snapshot of configuration records, displaying attributes and first-level relationships of the CIs. Standard configurations may be integral to the success of automated workflows, deployments, upgrades, and integrations, as well as prevention of security events. Comparing current CIs against their baselines will identify configuration drift, which could cause a variety of incidents. Configuration baselines are updated through change management processes.
    Configuration baselines can be used for a variety of use cases:

    • Version control – Management of software and hardware versions, https://dj5l3kginpy6f.cloudfront.net/blueprints/harness-configuration-management-superpowers-phases-1-4/builds, and releases.
    • Access control – Management of access to facilities, storage areas, and the CMS.
    • Deployment control – Take a baseline of CIs before performing a release so you can use this to check against actual deployment.
    • Identify accidental changes Everyone makes mistakes. If someone installs software on the wrong server or accidentally drops a table in a database, the CMS can alert IT of the unauthorized change (if the CI is included in configuration control).

    Info-Tech Insight

    Determine the appropriate method for evaluating and approving changes to baselines. Delegating this to the CCB every time may reduce agility, depending on volume. Discuss in CCB meetings.

    A decision tree for deploying requested changes.

    3.1.5 Institute configuration control and configuration baselines where appropriate

    Only baseline CIs and relationships that you want to control through change enablement.

    1. Determine criteria for capturing configuration baselines, including CI type, event, or processes.
    2. Identify who will use baselines and how they will use the data. Identify their needs.
    3. Identify CIs that will be out of scope and not have baselines created.
    4. Document requirements in the SOP.
    5. Ensure appropriate team members have training on how to create and capture baselines in the CMDB.
    6. Document in the Configuration Management Standard Operating Procedures, section 8.5: Establish and Maintain Configuration Baselines.
    Process Criteria Systems
    Change Enablement & Deployment All high-risk changes must have the baseline captured with version number to revert to stable version in the event of an unsuccessful change
    • Servers (physical and virtual)
    • Enterprise software
    • IaaS
    • Data centers
    Security Identify when configuration drift may impact risk mitigation strategies
    • Servers (physical and virtual)
    • Enterprise software
    • IaaS
    • Data centers
    Input

    Output

    • Discussion
    • Baseline configuration guidelines
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Step 3.2

    Validate data within the CMDB

    Activities

    3.2.1 Build an audit plan and checklist

    This step will walk you through the following aspects of a configuration management system:

    • Data validation and audit

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • Project manager
    • IT audit

    Outcomes of this step

    • Updates to processes for data validation
    • Plan for auditing and validating the data in the CMDB

    Audit and validate the CMDB

    Review the performance of the supporting technologies and processes to validate the accuracy of the CMDB.

    A screenshot of the CM Audit Plan.

    CM Audit Plan

    • CM policies
    • CM processes and procedures
    • Interfacing processes
    • Content within the CMDB

    "If the data in your CMDB isn't accurate, then it's worthless. If it's wrong or inaccurate, it's going to drive the wrong decisions. It's going to make IT worse, not better."
    – Valence Howden, Research Director, Info-Tech Research Group

    Ensure the supporting technology is working properly

    Does the information in the database accurately reflect reality?

    Perform functional tests during audits and as part of release management practices.

    Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
    The audit should cover three areas:

    • Process: Are process requirements for the program well documented? Are the processes being followed? If there were updates to the process, were those updates to the process documented and communicated? Has behavior changed to suit those modified processes?
    • Physical: Physical configuration audits (PCAs) are audits conducted to verify that a configuration item, as built, conforms to the technical documentation that defines and describes it.
    • Functional: Functional configuration audits (FCAs) are audits conducted to verify that the development of a configuration item has been completed satisfactorily, the item has achieved the functional attributes specified in the functional or allocated baseline, and its technical documentation is complete and satisfactory.

    Build auditing and validation of processes whenever possible

    When technicians and analysts are working on a system, they should check to make sure the data about that system is correct. When they're working in the CMDB, they should check that the data they're working with is correct.

    More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.

    • Watch for data duplication from multiple discovery tools.
    • Review mapping to ensure all relevant CIs are attached to a product or service.
    • Ensure report data is logical.

    Ensure the supporting technology is working properly

    Does the information in the database accurately reflect reality?

    Perform functional tests during audits and as part of release management practices.

    Audit results need to have a clear status of "compliant," "noncompliant," or "compliant with conditions," and conditions need to be noted. The conditions will generally offer a quick win to improve a process, but don't use these audit results to quickly check off something as "done." Ensure the fix is useful and meaningful to the process.
    The audit should cover three areas:

    • Process: Are process requirements for the program well documented? Are the processes being followed? If there were updates to the process, were those updates to the process documented and communicated? Has behavior changed to suit those modified processes?
    • Physical: Physical configuration audits (PCAs) are audits conducted to verify that a configuration item, as built, conforms to the technical documentation that defines and describes it.
    • Functional: Functional configuration audits (FCAs) are audits conducted to verify that the development of a configuration item has been completed satisfactorily, the item has achieved the functional attributes specified in the functional or allocated baseline, and its technical documentation is complete and satisfactory.

    More frequent audits, especially in the early days, may help move toward process adoption and resolving data quality issues. If audits are happening more frequently, the audits can include a smaller scope, though it's important to vary each one to ensure many different areas have been audited through the year.

    • Watch for data duplication from multiple discovery tools.
    • Review mapping to ensure all relevant CIs are attached to a product or service.
    • Ensure report data is logical.

    Identify where processes break down and data is incorrect

    Once process stops working, data becomes less accurate and people find workarounds to solve their own data needs.

    Data within the CMDB often becomes incorrect or incomplete where human work breaks down

    • Investigate processes that are performed manually, including data entry.
    • Investigate if the process executors are performing these processes uniformly.
    • Determine if there are opportunities to automate or provide additional training.
    • Select a sample of the corresponding data in the CMS. Verify if the data is correct.

    Non-CCB personnel may not be completing processes fully or consistently

    • Identify where data in the CMS needs to be updated.
    • Identify whether the process practitioners are uniformly updating the CMS.
    • Discuss options for improving the process and driving consistency for data that will benefit the whole organization.

    Ensure that the data entered in the CMDB is correct

    • Confirm that there is no data duplication. Data duplication is very common when there are multiple discovery tools in your environment. Confirm that you have set up your tools properly to avoid duplication.
    • Build a process to respond to baseline divergence when people make changes without following change processes and when updates alter settings.
    • Audit the system for accuracy and completeness.

    3.2.1 Build an audit plan and checklist

    Use the audit to identify areas where processes are breaking down.

    Audits present you with the ability to address these pain points before they have greater negative impact.

    1. Identify which regulatory requirements and/or auditing bodies will be relevant to audit processes or findings.
    2. Determine frequency of practice audits and how they relate to internal audits or external audits.
    3. Determine audit scope, including requirements for data spot checks.
    4. Determine who will be responsible for conducting audits and validate this is consistent with the RACI chart.
    5. Record audit procedures in the Configuration Management Standard Operating Procedures section 8.6: Verify and Review the Quality of Information Through Auditing.
    6. Review the Configuration Management Audit and Validation Checklist and modify to suit your needs.

    Download the Configuration Management Audit and Validation Checklist

    Input

    Output

    • Discussion
    • Baseline configuration guidelines
    MaterialsParticipants
    • Configuration Management Standard Operating Procedures
    • Configuration control board
    • Configuration manager
    • Project sponsor
    • IT stakeholders

    Phase 4

    Service Configuration Roadmap

    StrategyData StructureProcessesRoadmap
    • Challenges and Goals
    • Use Cases and Data
    • Roles and Responsibilities
    • Services
    • Classifications
    • Data Modeling
    • Lifecycle Processes
    • Baselines
    • Audit and Data Validation
    • Metrics
    • Communications Plan
    • Roadmap

    This phase will walk you through the following aspect of a configuration management system:
    Roadmap
    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    Harness Service Configuration Management Superpowers

    Step 4.1

    Define measures of success

    Activities

    4.1.1 Identify key metrics to define configuration management success
    4.1.2 Brainstorm and record desired reports, dashboards, and analytics
    4.1.3 Build a configuration management policy

    This phase will walk you through the following aspects of a configuration management system:

    • Metrics
    • Policy

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    The value of metrics can be found in IT efficiency increases

    When determining metrics for configuration management, be sure to separate metrics needed to gauge configuration management success and those that will use data from the CMDB to provide metrics on the success of other practices.

    • Metrics provide accurate indicators for IT and business decisions.
    • Metrics help you identify IT efficiencies and problems and solve issues before they become more serious.
    • Active metrics tracking makes root cause analysis of issues much easier.
    • Proper application of metrics helps IT services identification and prioritization.
    • Operational risks can be prevented by identifying and implementing metrics.
    • Metrics analysis increases the confidence of the executive team and ensures that IT is working well.

    A funnel is shown. The output is IT Performance. The inputs are: Service Desk Metrics; Incident Metrics; Asset Mgmt. Metrics; Release Mgmt. Metrics; Change Mgmt. Metrics; Infra. Metrics

    4.1.1 Identify key metrics to define configuration management success

    Determine what metrics are specifically related to the practice and how and when metrics will be accessed.

    Success factors

    Key metrics

    Source

    Product and service configuration data is relevant

    • Stakeholder satisfaction with data access, accuracy, and usability
    • Stakeholder satisfaction with service configuration management interface, procedures, and reports

    Stakeholder discussions

    • Number of bad decisions made due to incorrect or insufficient data
    • Impact of bad decisions made due to incorrect or insufficient data

    Process owner discussions

    • Number and impact of data identified as incorrect
    • % of CMDB data verified over the period

    CMDB

    Cost and effort are continually optimized

    • Effort devoted to service configuration management
    • Cost of tools directly related to the process

    Resource management or scheduling

    ERP

    Progress reporting

    • Communication execution
    • Process
    • Communications and feedback

    Communications team and stakeholder discussions

    Data – How many products are in the CMDB and are fully and accurately discovered and mapped?

    CMDB

    Ability to meet milestones on time and with appropriate quality

    Project team

    Document metrics in the Configuration Management Standard Operating Procedures, section 7: Success Metrics

    Use performance metrics to identify areas to improve service management processes using CMDB data

    Metrics can indicate a problem with service management processes but cannot provide a clear path to a solution on their own.

    • The biggest challenge is defining and measuring the process and people side of the equation.
    • Expected performance may also need to be compared to actual performance in planning, budgeting, and improvements.
    • The analysis will need to include critical success factors (CSFs), data collection procedures, office routines, engineering practices, and flow diagrams including workflows and key relationships.
    • External benchmarking may also prove useful in identifying how similar organizations are managing aspects of their infrastructure, processing transactions/requests, or staffing. If using external benchmarking for actual process comparisons, clearly defining your internal processes first will make the data collection process smoother and more informative.

    Info-Tech Insight

    Using a service framework such as ITIL, COBIT, or ISO 20000 may make this job easier, and subscribing to benchmarking partners will provide some of the external data needed for comparison.

    4.1.2 Brainstorm and record desired reports, dashboards, and analytics with related practices

    The project team will use this list as a starting point

    Allot 45 minutes for this discussion.

    1. Create a table for each service or business capability.
      1. Have one column for each way of consuming data: reports, dashboards, and ad hoc analytics.
      2. Have one row for each stakeholder group that will consume the information.
    2. Use the challenges and use cases to brainstorm reports, dashboards, and ad hoc analytic capabilities that each stakeholder group will find useful.
    3. Record these results in your Configuration Management Standard Operating Procedures, section 7: Aligned Processes' Desired Analytical Capabilities.
    Stakeholder Groups Reports Dashboards
    Change Management
    • CI changes executed without an RFC
    • RFCs grouped by service
    • Potential collisions in upcoming changes
    Security
    • Configuration changes that no longer match the baseline
    • New configuration items discovered
    Finance
    • Service-based costs
    • Service consumption by department

    Download the blueprint Take Control of Infrastructure and Operations Metrics to create a complete metrics program.

    Create a configuration management policy and communicate it

    Policies are important documents to provide definitive guidelines and clarity around data collection and use, process adherence, and controls.

    • A configuration management policy will apply to IT as the audience, and participants in the program will largely be technical.
    • Business users will benefit from a great configuration management program but will not participate directly.
    • The policy will include objectives and scope, use of data, security and integrity of data, data models and criteria, and baseline configurations.
    • Several governing regulations and practices may intersect with configuration management, such as ITIL, COBIT, and NIST frameworks, as well as change enablement, quality management, asset management, and more.
    • As the policy is written, review processes to ensure policies and processes are aligned. The policy should enable processes, and it may require modifications if it hinders the collection, security, or use of data required to meet proposed use cases.
    • Once the policy is written and approved, ensure all stakeholders understand the importance, context, and repercussions of the policy.

    The approvals process is about appropriate oversight of the drafted policies. For example:

    • Do the policies satisfy compliance and regulatory requirements?
    • Do the policies work with the corporate culture?
    • Do the policies address the underlying need?

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.

    Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.

    Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.

    Employees must be informed on where to get help or ask questions and who to request policy exceptions from.

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    4.1.3 Build a configuration management policy

    This policy provides the foundation for configuration control.

    Use this template as a starting point.

    The Configuration Management Policy provides the foundation for a configuration control board and the use of configuration baselines.
    Instructions:

    1. Review and modify the policy statements. Ensure that the policy statements reflect your organization and the expectations you wish to set.
    2. If you don't have a CCB: The specified responsibilities can usually be assigned to either the configuration manager or the governing body for change enablement.
    3. Determine if you should apply this policy beyond SCM. As written, this policy may provide a good starting point for practices such as:
      • Secure baseline configuration management
      • Software configuration management

    Two screenshots from the Configuration Management Policy template

    Download the Configuration Management Policy template

    Step 4.2

    Build communications and a roadmap

    Activities

    4.2.1 Build a communications plan
    4.2.2 Identify milestones

    This phase will walk you through the following aspects of a configuration management system:

    • Communications plan
    • Roadmap

    This phase involves the following participants:

    • IT service owners
    • Enterprise architects
    • Practice owners and managers
    • SCM practice manager
    • SCM project manager

    Outcomes of this step

    • Documented expectations around configuration control
    • Roadmap and action items for the SCM project

    Do not discount the benefits of a great communications plan as part of change management

    Many configuration management projects have failed due to lack of organizational commitment and inadequate communications.

    • Start at the top to ensure stakeholder buy-in by verifying alignment and use cases. Without a committed project sponsor who believes in the value of configuration management, it will be difficult to draw the IT team into the vision.
    • Clearly articulate the vision, strategy, and goals to all stakeholders. Ensure the team understands why these changes are happening, why they are happening now, and what outcomes you hope to achieve.
    • Gain support from technical teams by clearly expressing organizational and departmental benefits – they need to know "what's in it for me."
    • Clearly communicate new responsibilities and obligations and put a feedback process in place to hear concerns, mitigate risk, and act on opportunities for improvement. Be prepared to answer questions as this practice is rolled out.
    • Be consistent in your messaging. Mixed messages can easily derail progress.
    • Communicate to the business how these efforts will benefit the organization.
    • Share documents built in this blueprint or workshop with your technical teams to ensure they have a clear picture of the entire configuration management practice.
    • Share your measures and view of success and communicate wins throughout building the practice.

    30%

    When people are truly invested in change, it is 30% more likely to stick.
    McKinsey

    82%

    of CEOs identify organizational change management as a priority.
    D&B Consulting

    6X

    Initiatives with excellent change management are six times more likely to meet objectives than those with poor change management.
    Prosci

    For a more detailed program, see Drive Technology Adoption

    Formulate a communications plan to ensure all stakeholders and impacted staff will be aware of the plan

    Communication is key to success in process adoption and in identifying potential risks and issues with integration with other processes. Engage as often as needed to get the information you need for the project and for adoption.

    Identify Messages

    Distinct information that needs to be sent at various times. Think about:

    • Who will be impacted and how.
    • What the goals are for the project/new process.
    • What the audience needs to know about the new process and how they will interface with each business unit.
    • How people can request configuration data.

    Identify Audiences

    Any person or group who will be the target of the communication. This may include:

    • Project sponsors and stakeholders.
    • IT staff who will be involved in the project.
    • IT staff who will be impacted by the project (i.e. who will benefit from it or have obligations to fulfill because of it).
    • Business sponsors and product owners.

    Document and Track

    Document messaging, medium, and responsibility, working with the communications team to refine messages before executing.

    • Identify where people can send questions and feedback to ensure they have the information they need to make or accept the changes.
    • Document Q&A and share in a central location.

    Determine Timing

    Successful communications plans consider timing of various messages:

    • Advanced high-level notice of improvements for those who need to see action.
    • Advanced detailed notice for those who will be impacted by workload.
    • Advanced notice for who will be impacted (i.e. who will benefit from it or have obligations to fulfill because of it) once the project is ready to be transitioned to daily life.

    Determine Delivery

    Work with your communications team, if you have one, to determine the best medium, such as:

    • Meeting announcement for stakeholders and IT.
    • Newsletter for those less impacted.
    • Intranet announcements: "coming soon!"
    • Demonstrations with vendors or project team.

    4.2.1 Build a communications plan

    The communications team will use this list as a starting point.

    Allot 45 minutes for this discussion.

    Identify stakeholders.

    1. Identify everyone who will be affected by the project and by configuration management.

    Craft key messages tailored to each stakeholder group.

    1. Identify the key messages that must be communicated to each group.

    Finalize the communication plan.

    1. Determine the most appropriate timing for communications with each group to maximize receptivity.
    2. Identify any communication challenges you anticipate and incorporate steps to address them into your communication plan.
    3. Identify multiple methods for getting the messages out (e.g. newsletters, emails, meetings).
    1. Identify how feedback will be collected (i.e. through interviews or surveys) to measure whether the changes were communicated well.
    Audience Message Medium Timing Feedback Mechanism
    Configuration Management Team Communicate all key processes, procedures, policies, roles, and responsibilities In-person meetings and email communications Weekly meetings Informal feedback during weekly meetings
    Input

    Output

    • Discussion
    • Rough draft of messaging for communications team
    MaterialsParticipants
    • Project plan
    • Configuration manager
    • Project sponsor
    • IT director
    • Communications team

    Build a realistic, high-level roadmap including milestones

    Break the work into manageable pieces

    1. Plan to have multiple phases with short-, medium-, and long-term goals/timeframes. Building a CMDB is not easy and should be broken into manageable sections.
    2. Set reasonable milestones. For each phase, document goals to define "done" and ensure they're reasonable for the resources you have available. If working with a vendor, include them in your discussions of what's realistic.
    3. Treat the first phase as a pilot. Focus on items you understand well:
      1. Well-understood user-facing and IT services
      2. High-maturity management and governance practices
      3. Trusted data sources
    4. Capture high-value, high-criticality services early. Depending on the complexity of your systems, you may need to split this phase into multiple phases.

    Document this table in the Configuration Management Project Charter, section 3.0: Milestones

    Timeline/Owner Milestone/Deliverable Details
    First four weeks Milestone: Plan defined and validated with ITSM installation vendor Define processes for intake, maintenance, and retirement.
    Rebecca Roberts Process documentation written, approved, and ready to communicate Review CI categories

    4.2.2 Identify milestones

    Build out a high-level view to inform the project plan

    Open the Configuration Management Project Charter, section 3: Milestones.
    Instructions:

    1. Identify high-level milestones for the implementation of the configuration management program. This may include tool evaluation and implementation, assignment of roles, etc.
    2. Add details to fill out the milestone, keeping to a reasonable level of detail. This may inform vendor discussion or further development of the project plan.
    3. Add target dates to the milestones. Validate they are realistic with the team.
    4. Add notes to the assumptions and constraints section.
    5. Identify risks to the plan.

    Two Screenshots from the Configuration Management Project Charter

    Download the Configuration Management Project Charter

    Workshop Participants

    R = Recommended
    O = Optional

    Participants Day 1 Day 2 Day 3 Day 4
    Configuration Management Strategy CMDB Data Structure Processes Communications & Roadmap
    Morning Afternoon Morning Afternoon Morning Afternoon Morning Afternoon
    Head of IT R O
    Project Sponsor R R O O O O O O
    Infrastructure, Enterprise Apps Leaders R R O O O O O O
    Service Manager R R O O O O O O
    Configuration Manager R R R R R R R R
    Project Manager R R R R R R R R
    Representatives From Network, Compute, Storage, Desktop R R R R R R R R
    Enterprise Architecture R R R R O O O O
    Owner of Change Management/Change Control/Change Enablement R R R R R R R R
    Owner of In-Scope Apps, Use Cases R R R R R R R R
    Asset Manager R R R R R R R R

    Related Info-Tech Research

    Research Contributors and Experts

    Thank you to everyone who contributed to this publication

    Brett Johnson, Senior Consultant, VMware

    Yev Khovrenkov, Senior Consultant, Solvera Solutions

    Larry Marks, Reviewer, ISACA New Jersey

    Darin Ohde, Director of Service Delivery, GreatAmerica Financial Services

    Jim Slick, President/CEO, Slick Cyber Systems

    Emily Walker, Sr. Digital Solution Consultant, ServiceNow

    Valence Howden, Principal Research Director, Info-Tech Research Group

    Allison Kinnaird, Practice Lead, IT Operations, Info-Tech Research Group

    Robert Dang, Principal Research Advisor, Security, Info-Tech Research Group

    Monica Braun, Research Director, IT Finance, Info-Tech Research Group

    Jennifer Perrier, Principal Research Director, IT Finance, Info-Tech Research Group

    Plus 13 anonymous contributors

    Bibliography

    An Introduction to Change Management, Prosci, Nov. 2019.
    BAI10 Manage Configuration Audit Program. ISACA, 2014.
    Bizo, Daniel, et al, "Uptime Institute Global Data Center Survey 2021." Uptime Institute, 1 Sept. 2021.
    Brown, Deborah. "Change Management: Some Statistics." D&B Consulting Inc. May 15, 2014. Accessed June 14, 2016.
    Cabinet Office. ITIL Service Transition. The Stationery Office, 2011.
    "COBIT 2019: Management and Governance Objectives. ISACA, 2018.
    "Configuration Management Assessment." CMStat, n.d. Accessed 5 Oct. 2022.
    "Configuration Management Database Foundation." DMTF, 2018. Accessed 1 Feb. 2021.
    Configuration Management Using COBIT 5. ISACA, 2013.
    "Configuring Service Manager." Product Documentation, Ivanti, 2021. Accessed 9 Feb. 2021.
    "Challenges of Implementing configuration management." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 1." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 2." CMStat, n.d. Accessed 5 Oct. 2022.
    "Determining if configuration management and change control are under management control, part 3." CMStat, n.d. Accessed 5 Oct. 2022.
    "CSDM: The Recipe for Success." Data Content Manager, Qualdatrix Ltd. 2022. Web.
    Drogseth, Dennis, et al., 2015, CMDB Systems: Making Change Work in the Age of Cloud and Agile. Morgan Kaufman.
    Ewenstein, B, et al. "Changing Change Management." McKinsey & Company, 1 July 2015. Web.
    Farrell, Karen. "VIEWPOINT: Focus on CMDB Leadership." BMC Software, 1 May 2006. Web.
    "How to Eliminate the No. 1 Cause of Network Downtime." SolarWinds, 4 April 2014. Accessed 9 Feb. 2021.
    "ISO 10007:2017: Quality Management -- Guidelines for Configuration Management." International Organization for Standardization, 2019.
    "IT Operations Management." Product Documentation, ServiceNow, version Quebec, 2021. Accessed 9 Feb. 2021.
    Johnson, Elsbeth. "How to Communicate Clearly During Organizational Change." Harvard Business Review, 13 June 2017. Web.
    Kloeckner, K. et al. Transforming the IT Services Lifecycle with AI Technologies. Springer, 2018.
    Klosterboer, L. Implementing ITIL Configuration Management. IBM Press, 2008.
    Norfolk, D., and S. Lacy. Configuration Management: Expert Guidance for IT Service Managers and Practitioners. BCS Learning & Development Limited, revised ed., Jan. 2014.
    Painarkar, Mandaar. "Overview of the Common Data Model." BMC Documentation, 2015. Accessed 1 Feb. 2021.
    Powers, Larry, and Ketil Been. "The Value of Organizational Change Management." Boxley Group, 2014. Accessed June 14, 2016.
    "Pulse of the Profession: Enabling Organizational Change Throughout Strategic Initiatives." PMI, March 2014. Accessed June 14, 2016.
    "Service Configuration Management, ITIL 4 Practice Guide." AXELOS Global Best Practice, 2020
    "The Guide to Managing Configuration Drift." UpGuard, 2017.

    Develop Your Agile Approach for a Successful Transformation

    • Buy Link or Shortcode: {j2store}163|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $86,469 Average $ Saved
    • member rating average days saved: 16 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation’s chances of success.

    Our Advice

    Critical Insight

    • Agile transformations are more likely to be successful when the entire organization understands Agile fundamentals, principles, and practices; the “different way of working” that Agile requires; and the role each person plays in its success.

    Impact and Result

    • Understand the “what and why” of Agile.
    • Identify your organization’s biggest Agile pain points.
    • Gain a deeper understanding of Agile principles and practices, and apply these to your Agile pain points.
    • Create a list of action items to address your organization’s Agile challenges.

    Develop Your Agile Approach for a Successful Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify common Agile challenges

    Identify your organization's biggest Agile pain points so you can focus attention on those topics that are impacting your Agile capabilities the most.

    • Develop Your Agile Approach for a Successful Transformation – Phases 1-2

    2. Establish a solid foundation for Agile delivery

    Ensure that your organization has a solid understanding of Agile principles and practices to help ensure your Agile transformation is successful. Understand Agile's different way of working and identify the steps your organization will need to take to move from traditional Waterfall delivery to Agile.

    • Roadmap for Transition to Agile

    3. Backlog Management Module: Manage your backlog effectively

    The Backlog Management Module helps teams develop a better understanding of backlog management and user story decomposition. Improve your backlog quality by implementing a three-tiered backlog with quality filters.

    4. Scrum Simulation Module: Simulate effective Scrum practices

    The Scrum Simulation Module helps teams develop a better understanding of Scrum practices and the behavioral blockers affecting Agile teams and organizational culture. This module features two interactive simulations to encourage a deeper understanding of good Scrum practices and Agile principles.

    • Scrum Simulation Exercise (Online Banking App)

    5. Estimation Module: Improve product backlog item estimation

    The Estimation Module helps teams develop a better understanding of Agile estimation practices and how to apply them. Teams learn how Agile estimation and reconciliation provide reliable planning estimates.

    6. Product Owner Module: Establish an Effective Product Owner Role

    The Product Owner Module helps teams understand product management fundamentals and a deeper understanding of the product owner role. Teams define their product management terminology, create quality filters for PBIs moving through the backlog, and develop their product roadmap approach for key audiences.

    7. Product Roadmapping Module: Create effective product roadmaps

    The Product Roadmapping Module helps teams understand product road mapping fundamentals. Teams learn to effectively use the six tools of Product Roadmapping.

    [infographic]

    Further reading

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Analyst Perspective

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Pictures of Alex Ciraco and Hans Eckman

    Alex Ciraco and Hans Eckman
    Application Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation's chances of success.

    Common Obstacles

    • People seem to have different, conflicting, or inadequate knowledge of Agile principles and practices.
    • Your organization is not seeing the full benefits that Agile promises, and project teams aren't sure they are "doing Agile right."
    • Confusion and misinformation about Agile is commonplace in your organization.

    Info-Tech's Approach

    • Use our Common Agile Challenges Survey to identify your organization's Agile pain points.
    • Leverage this blueprint to level-set the organization on Agile fundamentals.
    • Address your survey's biggest Agile pain points to see immediate benefits and improvements in the way you practice Agile in your organization.

    Info-Tech Insight

    Agile transformations are more likely to be successful when the entire organization genuinely understands Agile fundamentals, principles and practices, as well as the role each person plays in its success. Focus on developing a solid understanding of Agile practices so your organization can "Be Agile", not just "Do Agile".

    Info-Tech's methodology

    1. Identify Common Agile Challenges

    2. Establish a Solid Foundation for Agile Delivery

    3. Agile Modules

    Phase Steps

    1.1 Identify common agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module:
      Manage Your Backlog Effectively
    • Scrum Simulation Module:
      Simulate Effective Scrum Practices
    • Estimation Module:
      Improve Product Backlog Item Estimation
    • Product Owner Module:
      Establish an Effective Product Owner Role
    • Product Roadmapping Module: Create Effective Product Roadmaps
    Phase Outcomes

    Understand common challenges associated with Agile transformations and identify your organization's struggles.

    Establish and apply a uniform understanding of Agile fundamentals and principles.

    Create a roadmap for your transition to Agile delivery and prioritized challenges.

    Foster deeper understanding of Agile principles and practices to resolve pain points.

    Develop your agile approach for a successful transformation

    Everyone's Agile journey is not the same.

    agile journey for a successful transformation

    Application delivery continues to fall short

    78% of IT professionals believe the business is "usually" or "always" out of sync with project requirements.
    Source: "10 Ways Requirements Can Sabotage Your Projects Right From the Start"

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech's CIO Business Vision Diagnostic

    Agile DevOps is a progression of cultural, behavioral, and process changes. It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the main steps of the agile approach to reaching Nirvana.

    Enhancements and maintenance are misunderstood

    an image showing the relationship between enhancements and maintenance.

    Source: "IEEE Transactions on Software Engineering"

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A frequency graph showing the Time to delivering value depends on Frequency of Releases

    Time to delivering value depends on Frequency of Releases

    Embrace change, don't "scope creep" it

    64% of IT professionals adopt Agile to enhance their ability to manage changing priorities.

    71% of IT professionals found their ability to manage changing priorities improved after implementing Agile.

    Info-Tech Insight

    Traditional delivery processes work on the assumption that product requirements will remain constant throughout the SDLC. This results in delayed delivery of product enhancements which are critical to maintaining a positive customer experience.

    Adapted from: "12th Annual State of Agile Report"

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Harness Agile's cultural advantages

    Collaboration

    • Team members leverage all their experience working toward a common goal.

    Iterations

    • Cycles provide opportunities for more product feedback.

    Continual Improvement

    • Self-managing teams continually improve their approach for the next iteration.

    Prioritization

    • The most important needs are addressed in the current iteration.

    Compare Waterfall and Agile – the "what" (how are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    Be aware of common myths around Agile

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    An image of the Agile SDLC Approach.

    * There are many Agile methodologies to choose from, but Scrum is by far the most widely used (and is shown above).

    Key Elements of the Agile SDLC

    • You are not "one-and-done." There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time."
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Deliverables

    Many steps in this blueprint are accompanied by supporting deliverables to help you accomplish your goals.

    Common Agile Challenges Survey
    Survey the organization to understand which of the common Agile challenges the organization is experiencing

    A screenshot from Common Agile Challenges Survey

    Roadmap for Transition to Agile
    Identify steps you will take to move your organization toward Agile delivery

    A screenshot from Roadmap for Transition to Agile

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Consistent Agile delivery teams.
    • Delivery prioritized with business needs and committed work is achievable.
    • Improved ability to adjust future delivery cycles to meet changing business, market, and end-user needs.
    • Increased alignment and stability of resources with products and technology areas.
    • Reduction in the mean time to delivery of product backlog items.
    • Reduction in technical debt.
    • Better delivery alignment with enterprise goals, vision, and outcomes.
    • Improved coordination with product owners and stakeholders.
    • Quantifiable value realization following each release.
    • Product decisions made at the right time and with the right input.
    • Improved team morale and productivity.
    • Improved operational efficiency and process automation.
    • Increased employee retention and quality of new hires.
    • Reduction in accumulated project risk.

    Measure the value of this blueprint

    Implementing quality and consistent Agile practices improves SDLC metrics and reduces time to value.

    • Use Select and Use SDLC Metrics Effectivelyto track and measure the impact of Agile delivery. For example:
      • Reduction in PBI wait time
      • Improve throughput
      • Reduction in defects and defect severity
    • Phase 1 helps you prepare and send your Common Agile Challenges Survey.
    • Phase 2 builds a transformation plan aligned with your top pain points.

    Align Agile coaching and practices to address your key pain points identified in the Common Agile Challenges Survey.

    A screenshot from Common Agile Challenges Survey

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    This is an image of the eight calls which will take place over phases 1-3.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 1 to 2 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phases 1-2
    1.5 - 3.0 days estimated

    Backlog Management
    0.5 - 1.0 days estimated

    Scrum Simulation
    1.25 - 2.25 days estimated

    Estimation
    1.0 - 1.25 days estimated

    Product Owner
    1.0 - 1.75 days estimated

    Product Roadmapping
    0.5 - 1.0 days estimated

    Establish a Solid Foundation for Agile Delivery

    Define the
    IT Target State

    Assess the IT
    Current State

    Bridge the Gap and
    Create the Strategy

    Establish an Effective Product Owner Role

    Create Effective Product Roadmaps

    Activities

    1.1 Gather Agile challenges and gaps
    2.1 Align teams with Agile fundamentals
    2.2 Interpret your common Agile challenges survey results
    2.3 (Optional) Move stepwise to iterative Agile delivery
    2.4 Identify insights and team feedback

    1. User stories and the art of decomposition
    2. Effective backlog management and refinement
    3. Identify insights and team feedback
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Identify your product roadmapping pains
    2. The six "tools" of product roadmapping
    3. Product roadmapping exercise

    Deliverables

    1. Identify your organization's biggest Agile pain points.
    2. Establish common Agile foundations.
    3. Prioritize support for a better Agile delivery approach.
    4. Plan to move stepwise to iterative Agile delivery.
    1. A better understanding of backlog management and user story decomposition.
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Understand product vs. project orientation.
    2. Understand product roadmapping fundamentals.

    Agile Modules

    For additional assistance planning your workshop, please refer to the facilitation planning tool in the appendix.

    Related Info-Tech Research

    Mentoring for Agile Teams
    Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work
    Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale
    Deliver value at the scale of your organization through defining enterprise product families.

    Phase 1

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Decide who will participate in the Common Agile Challenges Survey
    • Compile the results of the survey to identify your organization's biggest pain points with Agile

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Develop Your Agile Approach for a Successful Transformation

    Step 1.1

    Identify common Agile challenges

    Activities

    1.1 Distribute Common Agile Challenges Survey and collect results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of your organization's Agile pain points.

    Focus Agile support where it is most needed

    A screenshot from Common Agile Challenges Survey

    Info-Tech Insight

    There isn't one approach that cures all the problems your Agile teams are facing. First, understand these common challenges, then develop a plan to address the root causes.

    Use Info-Tech's Common Agile Challenges Survey to determine common issues and what problems individual teams are facing. Use the Agile modules and supporting guides in this blueprint to provide targeted support on what matters most.

    Exercise 1.1.1 Distribute Common Agile Challenges Survey

    30 minutes

    1. Download Survey Template: Info-Tech Common Agile Challenges Survey template.
    2. Create your own local copy of the Common Agile Challenges Survey by using the template. The Common Agile Challenges Survey will help you to identify which of the many common Agile-related challenges your organization may be facing.
    3. Decide on the teams/participants who will be completing the survey. It is best to distribute the survey broadly across the organization and include participants from several teams and roles.
    4. Copy the link for your local survey and distribute it for participants to complete (we suggest giving them one week to complete it).
    5. Collect the consolidated survey results in preparation for the next phase.
    6. NOTE: Using this survey template requires having access to Microsoft Forms. If you do not have access to Microsoft Forms, an Info-Tech analyst can perform the survey for you.

    Output

    • Your organization's biggest Agile pain points

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Record the results in the Roadmap for Transition to Agile Template

    Phase 2

    Establish a Solid Foundation for Agile Delivery

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Gain a fundamental understanding of Agile
    • Understand why becoming Agile is hard
    • Identify steps needed to become more Agile
    • Understand your biggest Agile pain points

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Step 2.1

    Align teams with Agile fundamentals

    Activities

    2.1.1 Share what Agile means to you
    2.1.2 (Optional) Contrast two delivery teams
    2.1.3 (Optional) Dissect the Agilist's Oath
    2.1.4 (Optional) Create your prototype definitions of ready
    2.1.5 (Optional) Create your prototype definitions of done
    2.1.6 Identify the challenges of implementing agile in your organization

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of what Agile is and why we do it.

    Exercise 2.1.1 Share what Agile means to you

    30-60 minutes

    1. What is Agile? Why do we do it?
    2. As a group, discuss and capture your thoughts on:
      1. What is Agile (its characteristics, practices, differences from alternatives, etc.)?
      2. Why do we do it (its drivers, benefits, advantages, etc.)?
    3. Capture your findings in the table below:

    What is Agile?

    Why do we do it?

    (e.g. Agile mindset, principles, and practices)

    (e.g. benefits)

    Output

    • Your current understanding of Agile and its benefits

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A graph demonstrating the increased frequency of release expected over time, from 1960 - present

    Time to delivering value depends on frequency of releases.
    Source: 5Q Partners

    The pandemic accelerated the speed of digital transformation

    With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

    December 2019 - 36%; acceleration of 3 years; July 2020 - 58%.

    Companies also accelerated the pace of creating digital or digitally enhanced products and services.

    December 2019 - 35%; acceleration of 3 years; July 2020 - 55%.

    (McKinsey, 2020 )

    "The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data."
    (OECD Definition)

    What does "elite" DevOps look like?

    This is an image of an annotated table showing what elite devops looks like.

    Where are you now?
    Where do You Want to Be?

    * Google Cloud/Accelerate State of DevOps 2021

    Realize and sustain value with DevOps

    Businesses with elite DevOps practices…

    973x more frequent faster lead time code deployments from commit to deploy, 3x 6570x lower change failure rate faster time to recover.

    Waterfall vs. Agile – the "what" (How are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    (Optional) Exercise 2.1.2 A tale of two teams

    Discussion (5-10 minutes)

    As a group, discuss how these teams differ

    Team 1:
    An image of the business analyst passing the requirements baton to the architect runner.

    Team 2:
    An image of team of soldiers carrying a heavy log up a beach

    Image Credit: DVIDS

    Discuss differences between these teams:
    • How are they different?
    • How would you coach/train/manage/lead?
    • How does team members' behavior differ?
    • How would you measure each team?
    What would have to happen at your organization to make working like this possible?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Dissect the Agilist's Oath

    Read and consider each element of the oath.

    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Exercise 2.1.3 (Optional) Dissect the Agilist's Oath

    30 minutes

    1. Each bullet point in the Agilist's Oath is chosen to convey one of eight key messages about Agile practices and the mindset change that's required by everyone involved.
    2. As a group, discuss the "message" for each bullet point in the Agilist's Oath. Then identify which of them would be "easy" and "hard" to achieve in your organization.
    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Which aspects of the Agilist's Oath are "easy" in your org?

    Which aspects of the Agilist's Oath are "hard" in your org?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Be aware of common myths around Agile

    Agile does not . . . .

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Consider the traditional/Waterfall SDLC

    With siloes and handoffs, valuable product is delivered only at the end of an extended project lifecycle.

    This is an image of the Traditional Waterfall SDLC approach

    View additional transition models in the appendix

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    Key Elements of the Agile SDLC

    • You are not "one-and-done". There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time"
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    This is a picture of the Agile SDLC approach.

    * There are many Agile methodologies to choose from, but Scrum (shown above) is by far the most widely used.

    Scrum roles and responsibilities

    Product Owner

    Scrum Master

    Team Members

    Responsible

    • For identifying the product features and their importance in the final deliverable.
    • For refining and reprioritizing the backlog that identifies which features will be delivered in the next sprint based on business importance.
    • For clearing blockers and escalations when necessary.
    • For leading scrums, retrospectives, sprint reviews, and demonstrations.
    • For team building and resolving team conflicts.
    • For creating, testing, deploying, and supporting deliverables and valuable features.
    • For self-managing. There is no project manager assigning tasks to each team member.

    Accountable

    • For delivering valuable features to stakeholders.
    • For ensuring communication throughout development.
    • For ensuring high-quality deliverables for the product owner.

    Consulted

    • By the team through collaboration, rather than contract negotiation.
    • By the product owner on resolution of risks.
    • By the team on suggestions for improvement.
    • By the scrum master and product owner during sprint planning to determine level of complexity of tasks.

    Informed

    • On the progress of the current sprint.
    • By the team on work completed during the current sprint.
    • On direction of the business and current priorities.

    Scrum ceremonies

    Are any of these challenges for your organization? Done When:

    Project Backlog Refinement (PO & SM): Prepare user stories to be used in the next two to three future sprints. User stories are broken down into small manageable pieces of work that should not span sprints. If a user story is too big for a sprint, it is broken down further here. The estimation of the user story is examined, as well as the acceptance criteria, and each is adjusted as necessary from the Agile team members' input.

    Regularly over the project's lifespan

    Sprint Planning (PO, SM & Delivery Team): Discuss the work for the upcoming sprint with the business. Establish a clear understanding of the expectations of the team and the sprint. The product owner decides if priority and content of the user stories is still accurate. The development team decides what they believe can be completed in the sprint, using the user stories, in priority order, refined in backlog refinement.

    At/before the start of each sprint

    Daily Stand-Up (SM & Delivery Team): Coordinate the team to communicate progress and identify any roadblocks as quickly as possible. This meeting should be kept to fifteen minutes. Longer conversations are tabled for a separate meeting. These are called "stand-ups" because attendees should stay standing for the duration, which helps keep the meeting short and focused. The questions each team member should answer at each meeting: What did I do since last stand-up? What will I do before the next stand-up? Do I have any roadblocks?

    Every day during the sprint

    Sprint Demo (PO, SM, Delivery Team & Stakeholders): Review and demonstrate the work completed in the sprint with the business (demonstrate working and tested code which was developed during the sprint and gather stakeholder feedback).

    At the end of each sprint

    Sprint Retrospective (SM & Delivery Team & PO): Discuss how the sprint worked to determine if anything can be changed to improve team efficiency. The intent of this meeting is not to find/place blame for things that went wrong, but instead to find ways to avoid/alleviate pain points.

    At the end of each sprint

    Sample delivery sprint calendar

    The following calendar illustrates a two-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Sample delivery sprint calendar

    The following calendar illustrates a three-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Ensure your teams have the right information

    Implement and enforce your definition of ready at each stage of planning. Ensure your teams understand the required tasks by clarifying the definition of done.*

    Ready

    Done
    • The request has a defined problem, and the value is understood.
    • The request is documented, and the owner is identified.
    • Business and IT roles are committed to participating in estimation and planning activities.
    • Estimates and plans are made and validated with IT teams and business representatives.
    • Stakeholders and decision makers accept the estimates and plans as well as the related risks.
    • Estimates and plans are documented and slated for future review.

    * Note that your definitions of ready and done may vary from project to project, and they should be decided on collectively by the delivery team at the beginning of the project (part of setting their "norms") and updated if/when needed.

    Exercise 2.1.4 (Optional) Create definition of ready and done for an oil change

    10-15 minutes

    Step 1:

    1. As a group, create a definition of ready and done for doing an oil change (this will help you to understand the nature and value of a definition of ready and done using a relatable example):

    Definition of Ready

    Checklist:

    Definition of Done

    Checklist – For each user story:

    The checklist of things that must be true/done to begin the oil change.

    • We have the customer's car and keys
    • We know which grade of oil the customer wants

    The checklist of things that must be true/done at the end of the oil change.

    • The oil has been changed
    • A reminder sticker has been placed on windshield

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 2:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready.

    Definition of Ready SAMPLE 1:

    Checklist – For each user story:

    • Technical and business risks are identified.
    • Resources are available for development.
    • Story has been assigned to a sprint/iteration.
    • Organizational business value is defined.
    • A specific user has been identified.
    • Stakeholders and needs defined.
    • Process impacts are identified.
    • Data needs are defined.
    • Business rules and non-functional requirements are identified.
    • Acceptance criteria are ready.
    • UI design work is ready.
    • Story has been traced to the project, epic, and sprint goal.

    Definition of Ready SAMPLE 2:

    Checklist – For each user story:

    • The value of story to the user is clearly indicated.
    • The acceptance criteria for story have been clearly described.
    • User story dependencies identified.
    • User story sized by delivery team.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 3:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    The value of story to the user is clearly indicated.

    Keep as is

    The acceptance criteria for story have been clearly described. Keep as is
    User story dependencies identified. Modify to: "Story has been traced to the project, epic, and sprint goal"
    User story sized by delivery team. Modify to: "User Stories have been sized by the Delivery team using Story Points"
    Scrum team accepts user experience artifacts. Keep as is
    Performance criteria identified, where appropriate. Keep as is
    Person who will accept the user story is identified.

    Delete

    The team knows how to demo the story. Keep as is

    Add: "Any performance related criteria have been identified where appropriate"

    Add: "Any data model related changes have been identified where needed"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 4:

    1. As a group, capture and agree on your prototype definition of ready*:

    Definition of Ready

    Checklist – For each user story:

    User stories and related requirements contain clear descriptions of what is expected of a given functionality. Business value is identified.

    • The value of the story to the user is clearly indicated.
    • The acceptance criteria for the story have been clearly described.
    • Story has been traced to the project, epic, and sprint goal.
    • User stories have been sized by the delivery team using story points.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • The team knows how to demo the story.
    • Any performance-related criteria have been identified where appropriate.
    • Any data-model-related changes have been identified where needed.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.5 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 5:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready:

    SAMPLE 1:

    Definition of Done Checklist – For each user story:

    • Design complete
    • Code compiles
    • Static code analysis has been performed and passed
    • Peer reviewed with coding standards passed
    • Code merging completed
    • Unit tests and smoke tests are done/functional (preferably automated)
    • Meets the steps identified in the user story
    • Unit & QA test passed
    • Usability testing completed
    • Passes functionality testing including security testing
    • Data validation has been completed
    • Ready to be released to the next stage

    SAMPLE 2:

    Definition of Done Checklist – For each user story:

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • Work has been seen by multiple team members.
    • Work meets the criteria of satisfaction described by the customer.
    • The work is part of a package that will be shared with the customer as soon as possible.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • The work has passed all quality, security, and completeness checks as defined by the team.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 6:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    • Work was completed in a way that a professional would say they are satisfied with their work.
    Keep as is
    • Work has been seen by multiple team members.
    Delete
    • Work meets the criteria of satisfaction described by the customer.
    Modify to: "All acceptance criteria for the user story have been met"
    • The work is a part of a package that will be shared with the customer as soon as possible.
    Modify to: "The user story is ready to be demonstrated to Stakeholders"
    • The work and any learnings from doing the work has been documented.
    Keep as is
    • Completion of the work is known by and visible to all team members.
    Keep as is
    • The work has passed all quality, security, and completeness checks as defined by the team.
    Modify to: "Unit, smoke and regression testing has been performed (preferably automated), all tests were passed"
    Add: "Any performance related criteria associated with the story have been met"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 7:

    1. As a group, capture and agree on your prototype Definition of Done*:

    Definition of Done

    Checklist – For each user story:

    When the user story is accepted by the product owner and is ready to be released.

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • All acceptance criteria for the user story have been met.
    • The user story is ready to be demonstrated to stakeholders.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • Unit, smoke, and regression testing has been performed (preferably automated), and all tests were passed.
    • Any performance-related criteria associated with the story have been met.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Getting to "Agile DevOps Nirvana" is hard, but it's worth it.

    An image of the trail to climb Mount Everest, from camps 1-4

    Agile DevOps is a progression of cultural, behavioral, and process changes.
    It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the steps to deploy Agile, to reach Agile/Devops Nirvana

    Agile DevOps may be hard, but it's worth it…

    It turns out Waterfall is not as good at reducing risk and ensuring delivery after all.

    CHAOS RESOLUTION BY AGILE VERSUS WATERFALL
    Size Method Successful Challenged Failed
    All Size Projects Agile 39% 52% 9%
    Waterfall 11% 60% 29%

    Standish Group; CHAOS REPORT 2015

    "I believe in this [Waterfall] concept, but the implementation described above is risky and invites failure."

    – Winston W. Royce

    Compare Waterfall to Agile

    Waterfall

    Agile

    Roles and Responsibilities

    Silo your resources

    Defined/segregated responsibilities

    Handoffs between siloes via documents

    Avoid siloes

    Collective responsibility

    Transitions instead of handoffs

    Belief System

    Trust the process

    Assign tasks to individuals

    Trust the delivery team

    Assign ownership/responsibilities to the team

    Planning Approach

    Create a detailed plan before work begins

    Follow the plan

    High level planning only

    The plan evolves over project lifetime

    Delivery Approach

    One and done (big bang delivery at end of project)

    Iterative delivery (regularly demonstrate working code)

    Governance Approach

    Phases and gates

    Artifacts and approvals

    Demo working tested code and get stakeholder feedback

    Support delivery team and eliminate roadblocks

    Approach to Stakeholders

    Involved at beginning and end of project

    "Arm's length" relationship with delivery team

    Involved throughout project (sprint by sprint)

    Closely involved with delivery team (through full time PO)

    Approach to Requirements/Scope

    One-time requirements gathering at start of project

    Scope is fixed at beginning of project ("carved in stone")

    On going requirements gathering and refinement over time

    Scope is roughly determined at beginning (expect change)

    Approach to Changing Requirements

    Treats change like it is "bad"

    Onerous CM process (discourages change)

    Scope changes "require approval" and are disruptive

    Accepts change as natural part of development.

    Light Change Management process (change is welcome)

    Scope changes are handled like all changes

    Hybrid SDLC: Wagile/Agilfall/WaterScrumFall

    Valuable product delivered in multiple releases

    A picture of a hybrid waterfall - Agile approach.

    If moving directly from Waterfall to Agile is too much for your organization, this can be a valuable interim step (but it won't give you the full benefits of Agile, so be careful about getting stuck here).

    Exercise 2.1.6 Identify the challenges of implementing Agile in your organization

    30-60 minutes

    1. As a group, discuss:
      1. Why being Agile may be difficult in your organization?
      2. What are some of the roadblocks and speed bumps you may face?
      3. What incremental steps might the organization take toward becoming Agile?

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • Why being Agile is hard in your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.2

    Align teams with Agile fundamentals

    Activities

    2.2.1 Review the results of your Common Agile Challenges Survey (30-60 minutes)
    2.2.2 Align your support with your top five challenges

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your organization's biggest Agile pain points.

    Be aware of common Agile challenges

    The road to Agile is filled with potholes, speedbumps, roadblocks, and brick walls!

    1. Establish an effective product owner role (PO)
    2. Uncertainty about minimum viable product (MVP)
    3. How non-Agile teams (like architecture, infosec, operations, etc.) work with Agile teams
    4. Project governance/gating process
    5. What is the role of a PM/PMO in Agile?
    6. How to budget/plan Agile projects
    7. How to contract and work with an Agile vendor
    8. An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")
    9. General resistance to change in the organization
    10. Lack of Agile training, piloting, and coaching
    11. Different Agile approaches are used by different teams
    12. Backlog management and user story decomposition challenges
    13. Quality assurance challenges
    14. Hierarchical management practices and organization boundaries
    15. Difficulty with establishing autonomous Agile teams
    16. Lack of management support for Agile
    17. Poor Agile estimation practices
    18. Difficulty creating effective product roadmaps in Agile
    19. How do we know when an Agile project is ready to go live?
    20. Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Exercise 2.2.1 Review the results of your Common Agile Challenges Survey

    30-60 minutes

    1. Using the results of your Common Agile Challenges Survey, fill in the bar chart with your top five pain points:

    A screenshot from Common Agile Challenges Survey

    Output

    • Your organization's biggest Agile pain points identified and prioritized

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.2.2 Align your support with your top five challenges

    30 minutes

    Using the Agile Challenges support mapping on the following slides, build your transformation plan and supporting resources. You can build your plan by individual team results or as an enterprise approach.

    Priority Agile Challenge Module Name and Sequence
    1
    1. Agile Foundations
    2. ?
    2
    1. Agile Foundations
    2. ?
    3
    1. Agile Foundations
    2. ?
    4
    1. Agile Foundations
    2. ?
    5
    1. Agile Foundations
    2. ?

    Output

    • Your organization's Agile Challenges transformation plan

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Modules:

    • Agile Foundations
    • Establish an Effective Product Owner Role
    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Modules:

    • Agile Foundations
    • Work With Non-Agile Teams (Future)
    Project Governance/Gating processes that are unfriendly to Agile

    Modules:

    • Agile Foundations
    • Establish Agile-Friendly Gating (Future)
    Uncertainty about the role of a PM/PMO in Agile

    Modules:

    • Agile Foundations
    • Understand the role of PM/PMO in Agile Delivery (Future)
    Uncertainty about how to budget/plan Agile projects

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    • Understand Budgeting and Funding for Agile Delivery (Future)
    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Modules:

    • Agile Foundations
    • Work Effectively with Agile Vendors (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Modules:

    • Agile Foundations
    General resistance in the organization to process changes required by Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of Agile training, piloting and coaching being offered by the organization

    Modules:

    • Agile Foundations
    Different Agile approaches are used by different teams, making it difficult to work together

    Modules:

    • Agile Foundations
    • Build Your Scrum Playbook (Future)
    Backlog management challenges (e.g. how to manage a backlog, and make effective use of Epics, Features, User Stories, Tasks and Bugs)

    Modules:

    • Agile Foundations
    • Manage Your Backlog Effectively
    Quality Assurance challenges (testing not being done well on Agile projects)

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)
    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of management support for Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Poor understanding of Agile estimation techniques and how to apply them effectively

    Modules:

    • Agile Foundations
    • Estimation Module
    Difficulty creating effective product roadmaps in Agile

    Modules:

    • Agile Foundations
    • Product Roadmapping Tool
    How do we know when an Agile project is ready to go live

    Modules:

    • Agile Foundations
    • Decide When to Go Live (Future)
    Sprint goals are not being consistently met, or Sprint deliverables that are full of bugs

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Blueprints: Build a Better Product Owner; Managing Requirements in an Agile Environment

    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Blueprints: Deliver on Your Digital Product Vision; Managing Requirements in an Agile Environment

    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT, Implement DevOps Practices That Work; Build Your BizDevOps Playbook, Embed Security into the DevOps Pipeline

    Project Governance/Gating processes that are unfriendly to Agile

    Blueprints: Streamline Your Management Process to Drive Performance, Drive Business Value With a Right-Sized Project Gating Process

    Uncertainty about the role of a PM/PMO in Agile

    Blueprints: Define the Role of Project Management in Agile and Product-Centric Delivery, Create a Horizontally Optimized SDLC to Better Meet Business Demands

    Uncertainty about how to budget/plan Agile projects

    Blueprints: Identify and Reduce Agile Contract Risk

    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Blueprints: Identify and Reduce Agile Contract Risk

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    General resistance in the organization to process changes required by Agile

    Blueprints: Master Organizational Change Management Practices

    Lack of Agile training, piloting and coaching being offered by the organization

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    Different Agile approaches are used by different teams, making it difficult to work together

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT

    Backlog management challenges (e.g. how to manage a backlog, and make effective use of epics, features, user stories, tasks and bugs)

    Blueprints: Deliver on Your Digital Product Vision, Managing Requirements in an Agile Environment

    Quality Assurance challenges (testing not being done well on Agile projects)

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done

    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Blueprints: Master Organizational Change Management Practices

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Blueprints: Master Organizational Change Management Practices

    Lack of management support for Agile

    Blueprints: Master Organizational Change Management Practices

    Poor understanding of Agile estimation techniques and how to apply them effectively

    Blueprints: Estimate Software Delivery with Confidence, Managing Requirements in an Agile Environment

    Difficulty creating effective product roadmaps in Agile

    Blueprints: Deliver on Your Digital Product Vision

    How do we know when an Agile project is ready to go live

    Blueprints: Optimize Applications Release Management,Drive Business Value With a Right-Sized Project Gating Process, Managing Requirements in an Agile Environment

    Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done, Managing Requirements in an Agile Environment

    Step 2.3

    Move stepwise to iterative Agile delivery (Optional)

    Activities

    2.3.1 (Optional) Identify a hypothetical project
    2.3.2 (Optional) Capture your traditional delivery approach
    2.3.3 (Optional) Consider what a two-phase delivery looks like
    2.3.4 (Optional) Consider what a four-phase delivery looks like
    2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like
    2.3.6 (Optional) Decide on your target state and the steps required to get there

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the changes that must take place in your organization to support a more Agile delivery approach.

    Moving stepwise from traditional to Agile

    Your transition to Agile and more frequent releases doesn't need to be all at once. Organizations may find it easier to build toward smaller iterations.

    An image of the stepwise approach to adopting Agile.

    Exercise 2.3.1 (Optional) Identify a hypothetical project

    15-30 minutes

    1. As a group, consider some typical, large, mission-critical system deliveries your organization has done in the past (name a few as examples).
    2. Imagine a project like this has been assigned to your team, and the plan calls for delivering the system using your traditional delivery approach and taking two years to complete.
    3. Give this imaginary project a name (e.g. traditional project, our project).

    Name of your imaginary 2-year long project:

    e.g. Big Bang ERP

    Brief Project Description:

    e.g. Replace home-grown legacy ERP with a modern COTS product in a single release scheduled to be delivered in 24 months

    Record this in the Roadmap for Transition to Agile Template

    Info-Tech Best Practice

    For best results, complete these sub-exercises with representatives from as many functional areas as possible
    (e.g. stakeholders, project management, business analysis, development, testing, operations, architecture, infosec)

    Output

    • An imaginary delivery project that is expected to take 2 years to complete

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    30 minutes

    1. As a group, discuss and capture the high-level steps followed (after project approval) in your traditional delivery approach using the table below and on the next page.

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. As a group, imagine that project stakeholders tell you two years is too long to wait for the project, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. Identify their most important project requirements.
      2. Work with you to describe a valuable subset of the project requirements which reflect about ½ of all features they need (call this Phase 1).
      3. Work with you to get this Phase 1 of the project into production in about 1 year.
      4. Agree to leave the remaining requirements (e.g. the less important ones) until Phase 2 (second year of project).
    3. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10.
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. What would be needed to let you deliver a two-year project in two one-year phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make hard decisions about which features are more valuable/important than others (and stick to them)
    • e.g. Delivery team and stakeholders would need to work closely together to determine what is a feasible and valuable set of features which can go live in Phase 1
    • e.g. Operations will need to be prepared to support Phase 1 (earlier than before), and then support an updated system after Phase 2
    • e.g. No significant change to traditional processes other than delivering in two phases
    • e.g. Need to decide whether requirements for the full project need to be gathered up front, or do you just do Phase 1, and then Phase 2
    • e.g. No significant changes other than we need a production environment sooner, and infrastructure requirements for the full project may be different from what is needed just for Phase 1

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 2

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that even one year is still too long to wait for something of value in production, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. From the "Phase 1" requirements in Exercise 2.3.3, they will identify the most important ones that they need first.
      2. They will work with you to describe a valuable subset of these project requirements which reflect about ½ of all features they need (call this Phase 1A).
      3. They will work with you to get this Phase 1A of the project into production in about six months.
      4. Agree to leave all the remaining requirements (e.g. the less important ones) until later phases.
    1. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10?
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in four, six-month phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make even harder (and faster) decisions about which features are most valuable/important than others.
    • e.g. Because we will be delivering releases so quickly, we'll ask the stakeholders to nominate a "primary contact" who can make decisions on requirements for each phase (also to answer questions from the project team, when needed, so they aren't slowed down).
    • e.g. Delivery team and the "primary contact" would work closely together to determine what is a feasible and valuable set of features to go live within Phase 1A, and then repeat this for the remaining Phases.
    • e.g. Operations will need to be prepared to support Phase 1A (even earlier than before), and then support the remaining phases. Ask them to dedicate someone as primary contact for this series of releases, and who provides guidance/support as needed.

    e.g. Heavy and time-consuming process steps (e.g. architecture reviews, data modelling, infosec approvals, change approval board) will need to be streamlined and made more "iteration-friendly."

    e.g. Gather detailed requirements only for Phase 1A, and leave the rest as high-level requirements to be more fully defined at the beginning of each subsequent phase.

    • e.g. We will need (at a minimum) a Production, and a Pre-production environment set up (and earlier in the project lifecycle) and solid regression testing at the end of each phase to ensure the latest Release doesn't break anything.
    • e.g. Since we will be going into production multiple times over this 2-year project, we should consider using automation (e.g. automated build, automated regression testing, and automated deployment).

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 5

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that they are happy with the six-month release approach (e.g. expect to go live four times over the two-year project, with each release providing increased functionality), but they want to see your team's progress frequently between releases.
    2. Additionally, stakeholders tell you that instead of asking you to provide the traditional monthly project status reports, they want you to demonstrate whatever features you have built and work for the system on a monthly basis. This will be done in the form of a demonstration to a selected list of stakeholders each month.
    3. Each month, your team must show working, tested code (not prototypes or mockups, unless asked for) and demonstrate how this month's deliverable brings value to the business.
    4. Furthermore, the stakeholders would like to be able to test out the system each month, so they can play with it, test it, and provide feedback to your team about what they like and what they feel needs to change.
    5. To help you to achieve this, the stakeholders designate their primary contact as the "product owner" (PO) who will be dedicated to the project and will help your team to decide what is being delivered each month. The PO will be empowered by the stakeholders to make decisions on scope and priority on an expedited basis and will also answer questions on their behalf when your team needs guidance.
    6. You agree with the stakeholders these one-month deliverables will be called "sprints."

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in 24 one-month sprints (plus four six-month releases) considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. The team will need to work closely with the product owner (and/or stakeholders) on a continuous basis to understand requirements and their relative priority
    • e.g. Stakeholders will need to be available for demos and testing at the end of each sprint, and provide feedback to the team as quickly as possible
    • e.g. all functional siloes within IT (e.g. analysts, architects, infosec, developers, testers, operations) will need to work hand in hand on a continuous basis to deliver working tested code into a demo/test environment at the end of each sprint
    • e.g. there isn't enough time in each sprint to have team members working in siloes, instead, we will need to work together as a team to ensure that all aspects of the sprint (requirements, design, build, test, etc.) are worked on as needed (team is equally and collectively responsible for delivery of each sprint)
    • e.g. We can't deliver much in 1-month sprints if we work in siloes and are expected to do traditional documentation and handoffs (e.g. requirements document), so we will use a fluid project backlog instead of requirements documents, we will evolve our design iteratively over the course of the many sprints, and we will need to streamline the CAB process to allow for faster (more frequent) deployments
    • e.g. We will need to evolve the system's data model iteratively over the course of many sprints (rather than a one-and-done approach at the beginning of the project)
    • e.g. We will need to quickly decide the scope to be delivered in each sprint (focusing on highest value functionality first). Each sprint should have a well-defined "goal" that the team is trying to achieve
    • We will need any approval processes (e.g. architecture review, infosec review, CAB approval) to be streamlined and simplified in order to support more frequent and iterative deployment of the system
    • e.g. We will need to maximize our use of automation (build, test, and deploy) in order to maximize what we can deliver in each sprint (Note: the ROI on automation is much higher when we deliver in sprints than in a one-and-done delivery because we are iterating repeatedly over the course of the project
    • e.g. We will need to quickly stand-up environments (dev, test, prod, etc.) and to make changes/enhancements to these environments quickly (it makes sense to leverage infrastructure as a service [IaaS] techniques here)
    • e.g. We will need to automate our security related testing (e.g. static and dynamic security testing, penetration testing, etc.) so that it can be run repeatedly before each release moves into production. We may need to evolve this automated testing with each sprint depending on what new features/functions are being delivered in each release

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 8

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. From Exercises 2.3.1-2.3.5, identify your current state on the stepwise transition from traditional to Agile (e.g. one-and-done).
    2. Then, identify your desired future state (e.g. 24 one-month sprints with six-month releases).
    3. Now, review your people, process, and technology changes identified in Exercises 2.3.1-2.3.5 and create a roadmap for this transition using the table on the next slide.

    Identify your current state from Exercises 2.3.1-2.3.5

    e.g. One-and-done

    Identify your desired state from Exercises 2.3.1-2.3.5

    e.g. 24x1 Month Sprints

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. Fill in the table below with your next steps. Identify who will be responsible for each step along with the timeline for completion: "Now" refers to steps you will take in the immediate future (e.g. days to weeks), "Next" refers to steps you will take in the medium term (e.g. weeks to months), and "Later" refers to long-term items (e.g. months to years).

    Now

    Next Later

    What are you going to do now?

    What are you going to do very soon?

    What are you going to do in the future?

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Work with Stakeholders to identify a product owner for the project.

    AC

    Jan 1

    Break down full deliverable into 4 phases with high level requirements for each phase

    DL

    Feb 15

    Work with operations to set up Dev, Test, Pre-Prod, and Prod environments for first phase (make use of automation/scripting)

    DL

    Apr 15

    Work with PO and stakeholders to help them understand Agile approach

    Jan 15

    Work with PO to create a project backlog for the first phase deliverable

    JK

    Feb 28

    Work with QA group to select and implement test automation for the project (start with smoke and regression tests)

    AC

    Apr 30

    Work with project gating body, architecture, infosec and operations to agree on incremental deliveries for the project and streamlined activities to get there

    AC

    Mar 15

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.4

    Identify insights and team feedback

    Activities

    2.4.1 Identify key insights and takeaways
    2.4.2 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways from Phase 2

    Exercise 2.4.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.4.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 1.1 Identify your backlog and user story decomposition pains
    Backlog 1.2 What are user stories and why do we use them?
    Backlog 1.3 User story decomposition: password reset
    Backlog 1.4 (Optional) Decompose a real epic

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of backlog management and user story decomposition.

    Backlog Exercise 1.1 Identify your backlog and user story decomposition pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges you are facing with backlog management
      2. What specific challenges you are facing with user story decomposition
    1. Capture your findings in the table below:

    What are your specific backlog management and user story decomposition challenges?

    • (e.g. We have trouble telling the difference between epics, features, user stories, and tasks)
    • (e.g. We often don't finish all user stories in a sprint because some of them turn out to be too big to complete in one sprint)

    Output

    • Your specific backlog management and user story decomposition challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories and the art of decomposition

    User stories are core to Agile delivery.

    Good user story decomposition practices are key to doing Agile effectively.

    Agile doesn't use traditional "shoulds" and "shalls" to capture requirements

    Backlog Exercise 1.2 What are user stories and why do we use them?

    30-60 minutes

    1. User stories are a simple way of capturing requirements in Agile and have the form:

    Why do we capture requirements as user stories (what value do they provide)?

    How do they differ from traditional (should/shall) requirements (and are they better)?

    What else stands out to you about user stories?

    as a someone I want something so that achieve something.

    Example:
    As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Output

    • A better understanding of user stories and why they are used in Agile delivery

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories are "placeholders for conversations"

    User stories enable collaboration and conversations to fully determine actual business requirements over time.

    e.g. As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Requirements, determined within the iterations, outline the steps to complete the story: how the user will access their account, the types of funds allowed, etc.

    User stories allow the product owners to prioritize and manage the product needs (think of them as "virtual sticky notes").

    User stories come in different "sizes"

    These items form a four-level hierarchy: epics, features, user stories, and tasks.
    They are collectively referred to as product backlog items or (PBIs)

    A table with the following headings: Agile; Waterfall; Relationship; Definition

    The process of taking large PBIs (e.g. epics and features) and breaking them down in to small PBIs (e.g. user stories and tasks) is called user story decomposition and is often challenging for new-to-Agile teams

    Backlog Exercise 1.3 User story decomposition: password reset

    30-60 minutes

    1. As a group, consider the following feature, which describes a high-level requirement from a hypothetical system:
      • FEATURE: As a customer, I want to be able to set and reset my password, so that I can transact with the system securely.
    2. Imagine your delivery team tells you that this is user story is too large to complete in one sprint, so they have asked you to decompose it into smaller pieces. Work together to break this feature down into several smaller user stories:
    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • An epic which has been decomposed into smaller user stories which can be completed independently

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 1.3 User story decomposition: password reset

    Epic: As a customer, I want to be able to set and reset my password, so that I can transact securely.

    A single epic can be broken down into multiple user stories

    User Story 1: User Story 2: User Story 3: User Story 4:
    This is a picture of user story 1 This is a picture of user story 2 This is a picture of user story 3 This is a picture of user story 4

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When the administrator clicks reset password on the admin console,
    Then the system will change the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When they click reset password in the system,
    Then the system will allow them to choose a new password and will save it the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has not logged onto the system before,
    When they initially log in,
    Then the system will prompt them to change their password.

    Acceptance Criteria:
    Given that a password is stored in the database,
    When anyone looks at the password field in the database,
    Then the actual password will not be visible or easily decrypted.

    Are enablers included in your backlogs? Should they be?

    An enabler is any support activity needed to provide the means for future functionality. Enablers build out the technical foundations (e.g. architecture) of the product and uphold technical quality standards.

    Your audience will dictate the level of detail and granularity you should include in your enabler, but it is a good rule of thumb to stick to the feature level.

    Enablers

    Description

    Enabler Epics

    Non-functional and other technical requirements that support your features (e.g. data and system requirements)

    Enabler Capabilities of Features

    Enabler Stories

    Consider the various types of enabler

    Exploration

    Architectural

    Any efforts toward learning customer or user needs and creation of solutions and alternatives. Exploration enablers are heavily linked to learning milestones.

    Any efforts toward building components of your architecture. These will often be linked to delivery teams other than your pure development team.

    Infrastructure

    Compliance

    Any efforts toward building various development and testing environments. Again, these are artifacts that will relate to other delivery teams.

    Any efforts toward regulatory and compliance requirements in your development activities. These can be both internal and external.

    Source: Scaled Agile, "Enablers."

    Create, split, and bundle your PBIs

    The following questions can be helpful in dissecting an epic down to the user story level. The same line of thinking can also be useful for bundling multiple small PBIs together.

    An image showing how to Create, split, and bundle your PBIs

    Backlog Exercise 1.4 (Optional)
    Decompose a real epic

    30 minutes

    1. As a group, select a real epic or feature from one of your project backlogs which needs to be decomposed:
    2. Work together to decompose this epic down into several smaller features and/or user stories (user stories must be small enough to reasonably be completed within a sprint):

    Epic to be decomposed:

    As a ____ I want _____ so that ______

    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • A real epic from your project backlog which has been decomposed into smaller features and user stories

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 2.1 Identify enablers and blockers

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Backlog PBI filters.
    • A better understanding of backlog types and levels.

    Effective backlog management and refinement

    Working with a tiered backlog

    an image showing the backlog tiers: New Idea; Ideas; Qualified; Ready - sprint.

    Use a tiered approach to managing your backlog, and always work on the highest priority items first.

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same however, there are some key differences.

    An image of a Venn diagram comparing Backlog Refinement to sprint Planning.

    A better way to view them is "pre-planning" and "planning."

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.

    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).
    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).
    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. Stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?
    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions
    Animation 3:
    Next, we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?
    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they love the motorcycle so much because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.
    Animation 5:
    And so, for our last iteration, we build the stakeholder what they actually wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:

    • An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    • Sometimes, stakeholders don't (or can't) know what they want until they see it.
    • There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    • This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery.

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 3.1 Identify key insights and takeaways
    Backlog 3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Backlog Exercise 3.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 3.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Scrum Simulation Module

    Scrum sprint planning and retrospective simulation

    Activities

    1.1 Identify your scrum pains
    1.2 Review scrum simulation intro
    1.3 Create a mock backlog
    1.4 Review sprint 0
    1.5 Determine a budget and timeline
    1.6 Understand minimum viable product
    1.7 Plan your first sprint
    1.8 Do a sprint retrospective
    1.9 "What if" exercise (understanding what a fluid backlog really means)
    1.10 A sprint 1 example
    1.11 Simulate more sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Scrum (particularly backlog management and user story decomposition).

    Facilitator slides: Scrum Simulation Introduction

    Introduction Tab

    Talk to the nature of the Scrum team:

    • Collective ownership/responsibility for delivery.
    • The organization has given you great power. With great power comes great responsibility.
    • You may each be specialists in some way, but you need to be prepared to do anything the project requires (no one goes home until everyone can go home).
    • Product owner: Special role, empowered by the organization to act as a single, authoritative voice for stakeholders (again great power/responsibility), determines requirements and priorities, three ears (business/stakeholders/team), holds the vision for the project, answer questions from the team (or finds someone who can answer questions), must balance autonomy with stakeholder needs, is first among equals on the Scrum team, is laser-focused on getting the best possible outcome with the resources, money, and circumstances ← PO acts as the "pathfinder" for the project.
    • Talk about the criticality and qualities of the PO: well-respected, highly collaborative, wise decision maker, a "get it done" type (healthy bias toward immediacy), has a vision for product, understands stakeholders, can get stakeholders' attention when needed, is dedicated full-time to the project, can access help when needed, etc.
    • The rest of you are the delivery team (have avoided singling out an SM for this – not needed for the exercise – but SM is the servant leader/orchestra conductor for the delivery team. The facilitator should act as a pseudo-SM for this exercise).

    Speak about the "bank realizes that the precise scope of the first release can only be fully known at the end of the project" statement and what it means.

    Discuss exercise and everyone's roles (make sure everyone clear), make it as realistic as possible. Your level of participation will determine how much value you get.

    Discuss any questions the participants might have about the background section on the introduction tab. The exercise has been defined in a way that minimizes the scope and complexity of the work to be done by assuming there are existing web-capable services exposed to the bank's legacy system(s) and that the project is mostly about putting a deployable web front end in place.

    Speak about "definition of done": Why was it defined this way? What are the boundaries? What happens if we define it to be only up to unit testing?

    Facilitator slides: Scrum Simulation, Create a Mock Backlog

    Create a Mock Backlog Tab

    This exercise is intended to help participants understand the steps involved in creating an initial backlog and deciding on their MVP.

    Note: The output from this exercise will not be used in the remainder of the simulation (a backlog for the simulation already exists on tab Sprint 0) so don't overdo it on this exercise. Do enough to help the participants understand the basic steps involved (brainstorm features and functions for the app, group them into epics, and decide which will be in- and out-of-scope for MVP). Examples have been provided for all steps of this exercise and are shown in grey to indicate they should be replaced by the participants.

    Step 1: Have all participants brainstorm "features and functions" that they think should be available in the online banking app (stop once you have what feels like a "good enough" list to move on to the next step) – these do not need to be captured as user stories just yet.

    Step 2: Review the list of features and functions with participants and decide on several epics to capture groups of related features and functions (bill payments, etc.). Think of these as forming the high-level structure of your requirements. Now, organize all the features and functions from Step 1, into their appropriate epic (you can identify as many epics as you like, but try to keep them to a minimum).

    Step 3: Point out that on the Introduction tab, you were told the bank wants the first release to go live as soon as possible. So have participants go over the list of features and functions and identify those that they feel are most important (and should therefore go into the first release – that is, the MVP), and which they would leave for future releases. Help participants think critically and in a structured way about how to make these very hard decisions. Point out that the product owner is the ultimate decision maker here, but that the entire team should have input into the decision. Point out that all the features and functions that make up the MVP will be referred to as the "project backlog," and all the rest will be known as the "product backlog" (these are of course, just logical separations, there is only one physical backlog).

    Step 4: This step is optional and involves asking the participants to create user stories (e.g. "As a __, I want ___ so that ___") for all the epics and features and functions that make up their chosen MVP. This step is to get them used to creating user stories, because they will need to get used to doing this. Note that many who are new to Agile often have difficulty writing user stories and end up overdoing it (e.g. providing a long-winded list of things in the "I want ___" part of the user story for an epic) or struggling to come up with something for the "so that ____" part). Help them to get good at quickly capturing the gist of what should be in the user story (the details come later).

    Facilitator slides: Scrum Simulation, Budget and Timeline

    Project Budget and Timeline

    Total Number of Sprints = 305/20 = 15.25 → ROUND UP TO 16 (Why? You can't do a "partial sprint" – plus, give yourself a little breathing room.)

    Cost Per Sprint = 6 x $75 x 8 x 10 = $36,000

    Total Timeline = 16 * 2 = 32 Weeks

    Total Cost of First Release = $36,000 x 16 = $572,000

    Talk about the "commitment" a Scrum delivery team makes to the organization ("We can't tell you exactly what we will deliver, but based on what we know, if you give the team 32 weeks, we will deliver something like what is in the project backlog – subject to any changes our stakeholder tell us are needed"). Most importantly, the team commits to doing the most important backlog items first, so if we run out of time, the unfinished work will be the least valuable user stories. Lastly, to keep to the schedule/timeline, items may move in and out of the project backlog – this is part of the normal and important "horse trading" that takes place on health Agile projects.

    Speak to the fact that this approach allows you to provide a "deterministic" answer about how long a project will take and how much it will cost while keeping the project requirements flexible.

    Facilitator slides: Scrum Simulation, Sprint 0

    Sprint 0 Tab

    This is an unprioritized list, organized to make sense, and includes a user story (plus some stuff), and "good enough estimates" – How good?... Eh! (shoulder shrug)
    Point out the limited ("lazy") investment → Agile principle: simplicity, the art of maximizing the work not done.
    Point out that only way to really understand a requirement is to see a working example (requirements often change once the stakeholders see a working example – the "that's not what I meant" factor).

    Estimates are a balancing act (good enough that we understand the overall approximate size of this, and still acknowledges that more details will have to wait until we decide to put that requirement into a Sprint – remember, no one knows how long this project is going to take (or even what the final deliverable will look like) so don't over invest in estimates here.)

    Sprint velocity calculation is just a best guess → be prepared to find that your initial guess was off (but you will know this early rather than at the end of the project). This should lead to a healthy discussion about why the discrepancy is happening (sprint retrospectives can help here). Note: Sprint velocity doesn't assume working evenings and weekends!

    Speak to the importance of Sprint velocity being based on a "sustainable pace" by the delivery team. Calculations that implicitly expect sustained overtime in order to meet the delivery date must be avoided. Part of the power of Agile comes from this critical insight. Critical → Your project's execution will need to be adjusted to accommodate the actual sprint velocity of the team!

    Point out the "project backlog" and separation from the "product backlog" (and no sprint backlog yet!).

    Point out the function/benefits of the backlog:

    • A single holding place for all the work that needs to be done (so you don't forget/ignore anything).
    • Can calculate how much work is left to do.
    • A mechanism for prioritizing deliverables.
    • A list of placeholders for further discussion.
    • An evolving list that will grow and shrink over time.
    • A "living document" that must be maintained over the course of the project.

    Talk about large items in backlog (>20 pts) and how to deal with them (do we need to break them up now?).

    Give participants time to review the backlog: Questions/What would you be doing if this were real/We're going to collectively work through this backlog.
    Sprint 0 is your opportunity to: get organized as a team, do high level design, strategize on approach, think about test data, environments, etc. – it is the "Ready-Set" in "Ready-Set-Go."
    Think about doing a High/Med/Low value determination for each user story.

    Simulation Exercise 1.1 Identify your Scrum pains

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your Scrum practices?
    2. Capture your findings in the table below:

    What are your specific Scrum challenges?

    • (e.g. We don't know how to decide on our minimum viable product (MVP), or what to start working on first)
    • (e.g. We don't have a product owner assigned to the project)
    • (e.g. Our daily standups often take 30-60 minutes to complete)
    • (e.g. We heard Scrum was supposed to reduce the number of meetings we have, but instead, meetings have increased)
    • (e.g. We don't know how to determine the budget for an Agile project)

    Output

    • Your specific Scrum related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.2 Review Scrum Simulation intro

    30 minutes

    1. Ask participants to read the Introduction tab in the Scrum Simulation Exercise(5 minutes)
    2. Discuss and answer any questions the participants may have about the introduction (5 minutes)
    3. Discuss the approach your org would use to deliver this using their traditional approach (5 minutes)

    This is an image of the Introduction tab in the Scrum Simulation Exercise

    How would your organization deliver this using their traditional approach?

    1. Capture all requirements in a document and get signoff from stakeholders
    2. Create a detailed design for the entire system
    3. Build and test the system
    4. Deploy it into production

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 1: Brainstorm "Features and Functions" that the group feels would be needed for this app

    Capture anything that you feel might be needed in the Online Banking Application:

    • See account balances
    • Pay a bill online
    • Set up payees for online bill payments
    • Make a deposit online
    • See a history of account transactions
    • Logon and logoff
    • Make an e-transfer
    • Schedule a bill payment for the future
    • Search for a transaction by payee/date/amount/etc.
    • Register for app
    • Reset password

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 2: Identify your epics

    1. Categorize your "Features and Functions" list into several epics for the application:

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app
    - Reset password

    Accounts

    - See account balances
    - See a history of account transactions
    - Search for a transaction by payee/date/amount

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online
    - Schedule a bill payment for the future

    Deposits

    - Make a deposit online

    E-transfers

    - Make an e-transfer

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP (Project Backlog)

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    FOR FUTURE RELEASES (Product Backlog)

    Epics

    In Scope

    Deposits- Make a deposit online
    Accounts- Search for a transaction by payee/date/amount/etc.
    Bill payments- Schedule a bill payment for the future

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP EPICS

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    YOUR MVP USER STORIES

    Epics

    In Scope

    Logon and LogoffAs a user, I want to logon/logoff the app so I can do my banking securely
    Register for AppAs a user, I want to register to use the app so I can bank online
    See Account BalancesAs a user, I want to see my account balances so that I know my current financial status
    See a History of Account TransactionsAs a user, I want to see a history of my account transactions, so I am aware of where my money goes
    Set up Payees for Online Bill PaymentsAs a user, I want to set up payees so that I can easily pay my bills
    Pay a Bill OnlineAs a user, I want to pay bills online, so they get paid on time

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    The Online Banking Application of the spreadsheet for Sprint 0.

    Step 1: Set aside the Mock Backlog just created (you will be using the Backlog on Sprint 0 for remainder of exercise).
    Step 2: Introduce and walk through the Backlog on the Sprint 0 tab in the Scrum Simulation Exercise.
    Step 3: Discuss and answer any questions the participants may have about the Sprint 0 tab.
    Step 4: Capture any important issues or clarifications from this discussion in the table below.

    Important issues or clarifications from the Sprint 0 tab:

    • (e.g. What is the difference between the project backlog and the product backlog?)
    • (e.g. What do we do with user stories that are bigger than our sprint velocity?)
    • (e.g. Has the project backlog been prioritized?)
    • (e.g. How do we decide what to work on first?)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Understand Sprint 0 for Scrum Simulation Exercise

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    30-60 minutes

    1. Using the information found on the Sprint 0 tab, determine the projected timeline and cost for this project's first release:

    GIVEN

    Total Story Points in Project Backlog (First Release): 307 Story Points
    Expected Sprint Velocity: 20 Story Points/Sprint
    Total Team Size (PO, SM and 4-person Delivery Team): 6 People
    Blended Hourly Rate Per Team Member (assume 8hr day): $75/Hour
    Sprint Duration: 2 Weeks

    DETERMINE

    Expected Number of Sprints to Complete Project Backlog:
    Cost Per Sprint ($):
    Total Expected Timeline (weeks):
    Total Cost of First Release:

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • How to determine expected cost and timeline for an Agile project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    Simulation Exercise 1.6 Understanding minimum viable products (MVP)

    30 minutes

    1. Discuss your current understanding of MVP.

    How do you describe/define MVP?

    • (Discuss/capture your understanding of minimum viable product)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Capture your current understanding of Minimum Viable Product

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.
    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).

    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).

    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?

    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions

    Animation 3:
    So next we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?

    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they LOVE the motorcycle so much, and that because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.

    Animation 5:
    And so, for our last iteration, we build the stakeholder what they wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:
    An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    Sometimes, stakeholders don't (or can't) know what they want until they see it.
    There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Simulation Exercise 1.7 Plan your first sprint

    30-60 minutes

    Step 1: Divide participants into independent Scrum delivery teams (max 7-8 people per team) and assign a PO (5 minutes)
    Step 2: Instruct each team to work together to decide on their "MVP strategy" for delivering this project (10-15 minutes)
    Step 3: Have each team decide on which user stories they would put in their first sprint backlog (5-10 minutes)
    Step 4: Have each team report on their findings. (10 minutes)

    Describe your team's "MVP strategy" for this project (Explain why you chose this strategy):

    Identify your first sprint backlog (Explain how this aligns with your MVP strategy):

    What, if anything, did you find interesting, insightful or valuable by having completed this exercise:

    Output

    • Experience deciding on an MVP strategy and creating your first sprint backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.8 Do a sprint retrospective

    30-60 minutes

    Step 1: Thinking about the work you did in Exercise 3.2.7, identify what worked well and what didn't
    Step 2: Create a list of "Start/Stop/Continue" items using the table below
    Step 3: Present your list and discuss with other teams

    1. Capture findings in the table below:

    Start:
    (What could you start doing that would make Sprint Planning work better?)

    Stop:
    (What didn't work well for the team, and so you should stop doing it?)

    Continue:
    (What worked well for the team, and so you should continue doing?)

    Output

    • Experience performing a sprint retrospective

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.9 "What if" exercise (understanding what a fluid backlog really means)

    30-60 minutes

    1. As a team, consider what you would do in each of the following scenarios (treat each one as an independent scenario rather than cumulative):

    Scenario:

    How would you deal with this:

    After playing with and testing the Sprint 1 deliverable, your stakeholders find several small bugs that need to be fixed, along with some minor changes they would like made to the system. The total amount of effort to address all of these is estimated to be 4 story points in total.

    (e.g. First and foremost, put these requests into the Project Backlog, then…)

    Despite your best efforts, your stakeholders tell you that your Sprint 1 deliverable missed the mark by a wide margin, and they have major changes they want to see made to it.

    Several stakeholders have come forward and stated that they feel strongly that the "DEPOSIT – Deposit a cheque by taking a photo" User Story should be part of the first release, and they would like to see it moved from the Product Backlog to the project backlog (Important Note: they don't want this to change the delivery date for the first release)

    Output

    • A better understanding of how to handle change using a fluid project backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. Consider the following example of what your Sprint 1 deliverable could be:

    An example of what your Sprint 1 deliverable could be.

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. As a group, discuss this approach, including:
      1. The pros and cons of the approach.
      2. Is this a shippable increment?
      3. What more would you need to do to make it a shippable increment?
    2. Capture your findings in the table below:

    Discussion

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    1. As a group, continue to simulate more sprints for the online banking app:
      1. Simulate the planning, execution, demo, and retro stages for additional sprints
      2. Stop when you have had enough
    2. Capture your learnings in the table below:

    Discussion and learnings

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    2.1 Execute the ball passing sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Model and understand behavioral blockers and patterns affecting Agile teams and organizational culture.

    Pass the balls – sprint velocity game

    Goal 1. Pass as many balls as possible (Story Points) through the system during each sprint.
    Goal 2. Improve your estimation and velocity after each retrospective.

    Backlog

    An image of Sprint, passing balls from one individual to another until you reach the completion point.

    Points Completed

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the Delivery Team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Epic 1: 3 sprints

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Group Retrospective
    Epic 2: 3 sprints (repeat)

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    Goal 1: Pass as many balls (Story Points) through the system during each sprint.
    Goal 2: Improve your estimation and velocity after each retrospective.

    1. Epic 1: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    2. Group Retrospective
    3. Epic 2: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    4. Group Retrospective
    5. Optionally repeat for additional sprints with team configurations or scenarios

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the delivery team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Output

    • Understand basic estimation, sprint, and retrospective techniques.
    • Experience common Agile behavior challenges.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Sprint velocity game

    Goal:

    Pass as many balls as possible through the system during each cycle.

    Game Setup

    • Divide into teams of 8-16 people. If you have a smaller group, form one team rather than two smaller teams to start. The idea is to cause chaos with too many people in the delivery flow. See alternate versions for adding additional Epics with smaller teams.
    • Read out the instructions and ensure teams understand each one. Note that no assistance will be given during the sprints.

    Use your phone's timer to create 2-minute cycles:

    • 1-minute sprint planning
    • 2-minute delivery sprint
    • 1-minute retrospective and results recording
    • Run 3-4 cycles, then stop for a facilitated discussion of their observations and challenges.
    • Begin epic 2 and run for 3-4 more cycles.

    Facilitator slides: Sprint velocity game

    • Game Cycles
      • Epic 1: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Epic 2: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Game Rules
      • Each ball must have airtime. No ball cannot touch two people at the same time.
      • No person can hold more than one ball at a time.
      • Ball must be passed by every person on a team.
      • You may not pass a ball to a person directly to the person on your left or right.
      • Each team must keep score and record their results during the Retrospective.
    • Scoring
      • 1 point for every ball that completes the system.
      • Minus 1 point for every dropped ball.

    Facilitator slides: Sprint velocity game

    Facilitator Tips

    • Create a feeling of competition to get the teams to rush and work against each other. The goal is to show how this culture must be broken in Agile and DevOps. Then challenge the teams against natural silos and not focus on enterprise goals.
    • Create false urgency to increase stress, errors, and breakdowns in communication.
    • Look for patterns of traditional delivery and top-down management that limit delivery. These will emerge naturally, and teams will fall back into familiar patterns under stress.
    • Look for key lessons you want to reinforce and bring out ball game examples to help teams relate to something that is easier to understand.

    Alternate Versions

    • Run Epic 1 as one team, then have them break into typical Agile teams of 4-9 people. Compare results.
    • Run Epics with different goals: How would their approach change?
      • Fastest delivery
      • Highest production
      • Lowest defect rate
    • Have teams assign a scrum master to coordinate delivery. A scrum master and product owner are part of the overall team, but not part of the delivery team. They would not need to pass balls during each sprint.
    • Increase sprint time. Discuss right sizing sprint to complete work.
    • Give each team different numbers of balls, but don't tell them. Alternately, start each team with half as many balls, then double for Epic 2. Discuss how the sprint backlog affected their throughput.

    Facilitator slides: Sprint velocity game

    Trends to Look For and Discuss

    • False constraints - patterns where teams unnecessarily limited themselves.
    • Larger teams could have divided into smaller working teams, passing the balls between working groups.
    • Instructions did not limit that "team" meant everyone in the group. They could have formed smaller groups to process more work. LEAN
    • Using the first sprint for planning only. More time to create a POC.
    • Teams will start communicating but will grow silent, especially in later sprints. Stress interactions over the process.
    • Borrowing best practices from other teams.
    • Using retrospectives to share ideas with other teams. Stress needs to align with the company's goals, not just the team's goals.
    • How did they treat dropped balls? Rejected as errors, started over (false constraint), or picked up and continued?

    Trends to Look For and Discuss

    • Did individuals dominate the planning and execution, or did everyone feel like an equal member of the team?
    • Did they consider assigning a scrum master? The scrum master and product owner are part of the overall team, but not part of the Delivery Team. They would not need to pass balls during each Sprint.
    • What impacted their expected number of balls completed? Did it help improve quality or was it a distraction?
    • What caused their improvement in velocity? Draw the connection between how teams must work together and the need for stability.
    • Discuss the overall goal and constraints. Did they understand what the desired outcome was? Where did they make assumptions? Add talking points:
      • What if the goal was overall completed balls?
      • What if it was zero defect? No dropped balls.
      • What if it was the fastest delivery? Each ball through the system in the shortest time? Were they timing each ball?

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    3.1 Identify key insights and takeaways

    3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways

    Simulation Exercise 3.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 3.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Estimation Module

    Improve product backlog item estimation

    Activities

    1.1 Identify your estimation pains

    1.2 (Optional) Why do we estimate?

    1.3 How do you estimate now?

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Establish consistent Agile estimation fundamentals

    an image of a hierarchy answering the question What is an estimate.

    Know the truth about estimates and their potential pitfalls.

    Then, understand how Agile estimation works to avoid these pitfalls.

    Estimation Exercise 1.1 Identify your estimation pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges are you facing with your estimation practices today
      2. Capture your findings in the table below:

    What are your specific Estimation challenges?

    • (e.g. We don't estimate consistently)
    • (e.g. Our estimates are usually off by a large margin)
    • (e.g. We're not sure what approach to use when estimating)

    Output

    • Your specific estimation related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. Why do we do estimates?
      2. What value/merit do estimates have?
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. Our stakeholders need to know how long it will take to deliver a given feature/function)

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. Estimation has its merits
    2. Here are some sample reasons for estimates:
      • "Estimates allow us to predict when a sprint goal will be met, and therefore when a substantial increment of value will be delivered."
      • "Our estimates help our stakeholders plan ahead. They are part of the value we provide."
      • "Estimates help us to de-risk scope of uncertain size and complexity."
      • "Estimated work can be traded in and out of scope for other work of similar size. Without estimates, you can't trade."
      • "The very process of estimation adds value. When we estimate we discuss requirements in more detail and gain a better understanding of what is needed."
      • "Demonstrates IT's commitment to delivering valuable products and changes."
      • "Supports business ambitions with customers and stakeholders."
      • "Helps to build a sustainable value-delivery cadence."

    Source: DZone, 2013.

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.3 How do you estimate now?

    30 minutes

    1. As a group, speak about now you currently estimate in your organization.
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. We don't do estimates)
    • (e.g. We ask the person assigned to each task in the project plan to estimate how long it will take)

    Output

    • Your current estimation approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    2.1 (Optional) Estimate a real PBI

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Don't expect your estimates to be accurate!

    The average rough order of magnitude estimates for software are off by is up to 400%.
    Source: Boehm, 1981

    Estimate inaccuracy has many serious repercussions on the project and organization

    66%

    Average cost overrun(1)

    33%

    Average schedule overrun (1)

    17%

    Average benefits shortfall)1)

    (1) % of software projects with given issue

    Source: McKinsey & Company, 2012

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    What is Agile estimation?

    There is no single Agile estimation technique. When selecting an approach, adopt an Agile estimation technique that works for your organization, and don't be afraid to adapt it to your circumstances. Remember: all estimates are wrong, so use them with care and skepticism.

    • Understands and accepts the limitations of any estimation process.
    • Leverages good practices to counteract these limitations (e.g. wisdom of crowds, quality-first thinking).
    • Doesn't over-invest in individual estimate accuracy (but sees their value "in aggregate").
    • Approach can change from project to project or team to team and evolves/matures over the project lifespan.
    • Uses the estimation process as an effective tool to:
      • Make commitments about what can be accomplished in a sprint (to establish capacity).
      • Convey a measure of progress and rough expected completion dates to stakeholders (including management).

    Info-Tech Insight

    All estimates are wrong, but some can be useful (leverage the "wisdom of crowds" to improve your estimation practices).

    There are many Agile estimation techniques to choose from…

    Consensus-Building Techniques
    Planning Poker

    Most popular by far (stick with one of these unless there is a good reason to consider others)

    This approach uses the Delphi method, where a group collectively estimates the size of a PBI, or user stories, with cards numbered by story points. See our Estimate Software Delivery With Confidence blueprint.

    T-Shirt Sizing

    This approach involves collaboratively estimating PBIs against a non-numerical system (e.g. small, medium, large). See DZone and C# Corner for more information.

    Dot Voting

    This approach involves giving participants a set number of dot stickers or marks and voting on the PBIs (and options) to deliver. See Dotmocracy and Wikipedia for more information.

    Bucket System

    This approach categorizes PBIs by placing them into defined buckets, which can then be further broken down through dividing and conquering. See Agile Advice and Crisp's Blog for more information.

    Affinity Mapping

    This approach involves the individual sizing and sorting of PBIs, and then the order of these PBIs are collaboratively edited. The grouping is then associated with numerical estimates or buckets if desired. See Getting Agile for more information.

    Ordering Method

    This approach involves randomly ordering items on a scale ranging from low to high. Each member will take turns moving an item one spot lower or higher where it seems appropriate. See Apiumhub, Sheidaei Blog (variant), and SitePoint (Relative Mass Valuation) for more information.

    Ensure your teams have the right information

    Estimate accuracy and consistency improve when it is clear what you are estimating (definition of ready) and what it means to complete the PBI (definition of done).
    Be sure to establish and enforce your definition of ready/done throughout the project.

    Ready

    Done
    • The value of the story to the user is indicated.
    • The acceptance criteria for the story have been clearly described.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story…
    • Design complete, code compiles, static code analysis has been performed and passed.
    • Peer reviewed with coding standards passed.
    • Unit test and smoke test are done/functional (preferably automated).
    • Passes functionality testing including security testing…

    What are story points?

    Many organizations use story point sizing to estimate their PBIs
    (e.g. epics, features, user stories, and tasks)

    • A story point is a (unitless) measure of the relative size, complexity, risk, and uncertainty, of a PBI.
    • Story points do not correspond to the exact number of hours it will take to complete the PBI.
    • When using story points, think about them in terms of their size relative to one another.
    • The delivery team's sprint velocity and capacity should also be tracked in story points.

    How do you assign a point value to a user story? There is no easy answer outside of leveraging the experience of the team. Sizes are based on relative comparisons to other PBIs or previously developed items. Example: "This user story is 3 points because it is expected to take 3 times more effort than that 1-point user story."Therefore, the measurement of a story point is only defined through the team's experience, as the team matures.

    Can you equate a point to a unit of time? First and foremost, for the purposes of backlog prioritization, you don't need to know the time, just its size relative to other PBIs. For sprint planning, release planning, or any scenario where timing is a factor, you will need to have a reasonably accurate sprint capacity determined. Again, this comes down to experience.

    "Planning poker" estimation technique

    Leverage the wisdom of crowds to improve your estimates

    an image of the user story points and the Fibonacci sequence

    Planning poker: This approach uses the Delphi method, where a group collectively estimates the size of a PBI or user story, using cards with story points on them.

    Materials: Each participant has deck of cards, containing the numbers of the Fibonacci sequence.

    Typical Participants: Product owner, scrum master (usually acts as facilitator), delivery team.

    Steps:

    1. The facilitator will select a user story.
    2. The product owner answers any questions about the user story from the group.
    3. The group makes their first round of estimates, where each participant individually selects a card without showing it to anyone, and then all selections are revealed at once.
    4. If there is consensus, the facilitator records the estimate and moves onto step 1 for another user story.
    5. If there are discrepancies, the participants should state their case for their selection (especially high or low outliers) and engage in constructive debate.
    6. The group makes an additional round of estimates, where step 3-6 are completed until there is a reasonable consensus.
    7. If the consensus is the user story is too large to fit into a sprint or too poorly defined, then the user story should be decomposed or rewritten.

    Estimation Exercise 2.1 (Optional) Estimate a real PBI

    30-60 minutes

    Step 1: As a group, select a real epic, feature, or user story from one of your project backlogs which needs to be estimated:

    PBI to be Estimated:

    As a ____ I want _____ so that ______

    Step 2: Select one person in your group to act as the product owner and discuss/question the details of the selected PBI to improve your collective understanding of the requirement (the PO will do their best to explain the PBI and answer any questions).
    Step 3: Make your first round of estimates using either T-shirt sizing or the Fibonacci sequence. Be sure to agree on the boundaries for these estimates (e.g. "extra-small" (XS) is any work that can be completed in less than an hour, while "extra-large" (XL) is anything that would take a single person a full sprint to deliver – a similar approach could be used for Fibonacci where a "1" is less than an hour's work, and "21" might be a single person for a full sprint). Don't share your answer until everyone has had a chance to decide on their Estimate value for the PBI.
    Step 4: Have everyone share their chosen estimate value and briefly explain their reasoning for the estimate. If most estimate values are the same/similar, allow the group to decide whether they have reached a "collective agreement" on the estimate. If not, repeat step 3 now that everyone has had a chance to explain their initial Estimate.
    Step 5: Capture the "collective" estimate for the PBI here:

    Our collective estimate for this PBI:

    e.g. 8 story points

    Output

    • A real PBI from your project backlog which has estimated using planning poker

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    3.1 Guess the number of jelly beans (Round 1) (15 minutes)
    3.2 Compare the average of your guesses (15 minutes)
    3.3 Guess the number of gumballs (Round 2) (15 minutes)
    3.4 Compare your guesses against the actual number

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of why Agile estimation and reconciliation provides reliable estimates for planning.

    Facilitator Slides: Agile Estimation (Wisdom of Crowds Exercise – Rounds 1 and 2)

    Notes and Instructions

    The exercise is intended to mimic the way Planning Poker is performed in Agile Estimation. Use the exercise to demonstrate the power of the Wisdom of Crowds and how, in circumstances where the exact answer to a question is not known, asking several people for their opinion often produces more accurate results than most/any individual opinion.

    Some participants will tend to "shout out an answer" right away, so be sure to tell participants not to share their answers until everyone has had an opportunity to register their guess (this is particularly important in Round 1, where we are trying to get unvarnished guesses from the participants).

    In Round 1:

    • Be sure to emphasize that participants are guessing the total number of jelly beans in the jar (sometimes people think it is just the number visible)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of jelly beans in the jar is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual than most (if not all) individual guesses (but be prepared for the fact that this doesn't always happen – this is especially true when the number of participants is small)
    • When discussing the results, ask participants to share the "method" they used to make their guess (particularly those who were closest to the actual). This part of the exercise can help them to make more accurate guesses in Round 2

    In Round 2:

    • Note that this time, participants are guessing the total number of visible gumballs in the image (both whole and partial gumballs are counted)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of visible gumballs is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual in Round 2 than it was in Round 1
    • Talk to participants about the outcomes and how the results varied from Round 1 to Round 2, along with any interesting insights they may have gained from the exercise

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Option 1: Microsoft Forms
      1. Create your own local survey by copying the template using the link below.
      2. Add the local Survey link to the exercise instructions or send the link to the participants.
      3. Give the participants 2-3 minutes to complete their guesses.
      4. Collect the consolidated Survey responses and calculate the results on the next slide.
      5. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    2. Option 2: Embedded Excel table
      1. On the results slide, double-click the table to open the embedded Excel worksheet.
      2. Record each participant's guess in the table.
    3. Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 1 (Jelly Bean Guess

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Guess the total number of jelly beans in the entire container (not just the ones you can see).
    2. Be sure not to share your guess with anyone else.
    3. It doesn't matter how you settle on your guess ("gut feel" is fine, so is being "scientific" about it, as well as everything in between).
    4. Again, please don't share your guess (or even how you settled on your guess) with anyone else (this exercise relies on independent guesses).

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Guess the number of gumballs

    • Option 1: Microsoft Forms
      • Create your own local survey by copying the template using the link below.
      • Add the local Survey link to the exercise instructions or send the link to the participants.
      • Give the participants 2-3 minutes to complete their guesses.
      • Collect the consolidated Survey responses and calculate the results on the next slide.
      • NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    • Option 2: Embedded Excel table
      • On the results slide, double-click the table to open the embedded Excel worksheet.
      • Record each participant's guess in the table.
    • Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 2 (Gumball Guess)

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.3 Guess the number of gumballs (Round 2)

    15 minutes

    1. Guess the total number of gumballs visible in the photo shown on the right.
    2. Again, please don't share your guess with anyone.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Module

    Improve product backlog item estimation

    Activities

    4.1 Identify key insights and takeaways
    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Estimation Exercise 4.2
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Owner Module

    Establish an effective product owner role

    Activities

    1.1 Identify your product owner pains
    1.2 What is a "product"? Who are your "consumers"?
    1.3 Define your role terminology

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals.
    • Define your product management roles and terms.

    Product owners ensure we delivery the right changes, for the right people, at the right time.

    The importance of assigning an effective and empowered product owner to your Agile projects cannot be overstated.

    What is a product?

    A tangible solution, tool, or service (physical or digital), which enables the long-term and evolving delivery of value to customers, and stakeholders based on business and user requirements.

    Info-Tech Insight

    A proper definition of a product recognizes three key facts.

    1. A clear recognition that products are long-term endeavors that don't end after the project finishes.
    2. Products are not just 'apps', but can be software or services that drive value.
    3. There is more than one stakeholder group that derives value from the product or service.

    Estimation Exercise 4.2
    Perform an exit survey

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your product owner practices today?
    2. Capture your findings in the table below:

    What are your specific Product Owner challenges?

    • (e.g. We don't have product owners)
    • (e.g. Our product owners have "day jobs" as well, so they don't have enough time to devote to the project)
    • (e.g. Our product owners are unsure about the role and its associated responsibilities)

    Output

    • Your specific product owner challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 1.2 What is a "product"? Who are your "consumers"?

    30-60 minutes

    1. Discussion:
      1. How do you define a product, service, or application?
      2. Who are the consumers that receive value from the product?

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • Our definition of products and services
    • Our definition of product and service consumers/customers

    Products and services share the same foundation and best practices

    The term "product" is used for consistency but would apply to services as well.

    Product=Service

    "Product" and "Service" are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    • Business
      • Customer facing, revenue generating
    • Operations
      • Keep the lights on processes
    • Technical
      • IT systems and tools

    "A product owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The product owner is someone who really 'owns' the product."

    – – Robbin Schuurman,
    "Tips for Starting Technical Product Managers"

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Implement Info-Tech's product owner capability model

    An image of Info-Tech’s product owner capability model

    Unfortunately, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Scale products into families to improve alignment

    Operationally align product delivery to enterprise goals

    A hierarchy showing how to break enterprise goals and strategy down into product families.

    The Info-Tech difference:

    Start by piloting product families to determine which approaches work best for your organization.

    Create a common definition of what a product is and identify products in your inventory.

    Use scaling patterns to build operationally aligned product families.

    Develop a roadmap strategy to align families and products to enterprise goals and priorities.

    Use products and families to evaluate the delivery and organizational design improvements.

    Deliver Digital Products at Scale via Enterprise Product Families

    Select the right models for scaling product management

    • Pyramid
      • Logical hierarchy of products rolling into a single service area.
      • Lower levels of the pyramid focus on more discrete services.
      • Example: Human resources mapping down to supporting applications.
    • Service Grouping
      • Organization of related services into service family.
      • Direct hierarchy does not necessarily exist within the family.
      • Example: End user support and ticketing.
    • Technical Grouping
      • Logical grouping of IT infrastructure, platforms, or applications.
      • Provides full lifecycle management when hierarchies do not exist.
      • Example: Workflow and collaboration tools.
    • Market Alignment
      • Grouping of products by customer segments or market strategy.
      • Aligns product to end users and consumers.
      • Example: Customer banking products and services.
    • Organizational Alignment
      • Used at higher levels of the organization where products are aligned under divisions.
      • Separation of product management from organizational structure no longer distinct.

    Match your product management role definitions to your product family levels

    Product Ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Examine the differences between product managers and product owners

    Product management terminology is inconsistent, creating confusion in organizations introducing these roles. Understand the roles, then define terms that work best for you.

    A Table comparing the different roles of product managers to those of product owners.

    Define who manages key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the Product Owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    An image of a table with the following column headings: Example Milestones; Project Manager; Product Owner; Scrum Master*

    Product Owner Exercise 1.3 Define your role terminology

    30-60 minutes

    1. Using consistent terms is important for any organizational change and evergreen process. Capture your preferred terms to help align teams and expectations.
    Term

    Definition

    Product Owner

    • Owns and manages the product or service providing continuous delivery of value.
    • Owns the product roadmap and backlog for the product or service.
    • Works with stakeholders, end users, the delivery team, and market research to identify the product features and their estimated return on investment when implemented.
    • Responsible for refining and reprioritizing the product backlog ensuring items are "Ready" for the sprint backlog.
    • Defines KPIs to measure the value and impact of each PBI to help refine the backlog and guide the roadmap.
    • Responsible for refining and reprioritizing the sprint backlog that identifies which features will be delivered in the next sprint based on business importance.
    • Works with the product owner, stakeholders, end users, and SMEs to help define PBIs to ensure they are "Ready" for the Sprint backlog.

    Product Manager

    • Owns and manages a product or service family consisting of multiple products or services.
    • Owns the product family roadmap. Note: Product families do not have a backlog, only products do.
    • Works with stakeholders, end users, product owners, enterprise architecture, and market research to identify the product capabilities needed to accomplish goals.
    • Validates the product PBIs delivered realized the expected value and capability. Feedback is used to refine the product family roadmap and guide product owners.

    Output

    • Product management role definitions

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Module

    Establish an effective product owner role

    Activities

    2.1 Identify enablers and blockers

    2.2 (Optional) Dissect this definition of the product owner role

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify cultural enablers and blockers for product owners.
    • Develop a deeper understanding of the product owner role.

    The importance of establishing an effective product owner role

    The critical importance of establishing an effective product owner role (PO) for your Agile projects cannot be overstated.

    Many new-to-Agile organizations do not fully appreciate the critical role played by the PO in Scrum, nor the fundamental changes the organization will need to make in support of the PO role. Both mistakes will reduce an organization's chances of successfully adopting Agile and achieving its promised benefits.

    The PO role is critical to the proper prioritization of requirements and efficient decision-making during the project.

    The PO role helps the organization to avoid "analysis paralysis" challenges often experienced in large command-and-control-style organizations.

    A poorly chosen or disengaged product owner will almost certainly stifle your Agile project.

    Note that for many organizations, "product owner" is not a formally recognized role, which can create HR issues. Some organizational education on Agile may be needed (especially if your organization is unionized).

    Info-Tech Insight

    Failing to establish effective product owners in your organization can be a "species-killing event" for your Agile transformation.

    The three A's of a product owner

    To ensure the effectiveness of a product owner, your organization should select one that meets the three A's:

    Available: Assign a PO that can focus full-time on the project. Make sure your PO can dedicate the time needed to fulfill this critical role.
    Appropriate: It's best for the PO to have strong subject matter expertise (so-called "super users" are often selected to be POs) as well as strong communication, collaboration, facilitation, and arbitration skills. A good PO will understand how to negotiate the best outcomes for the project, considering all project constraints.
    Authoritative: The PO must be empowered by your organization to speak authoritatively about priorities and goals and be able to answer questions from the project team quickly and efficiently. The PO must know when decisions can be made immediately and when they must be made in collaboration with other stakeholders – choosing a PO that is well-known and respected by stakeholders will help to make this more efficient.

    Info-Tech Insight

    It's critical to assign a PO that meets the three A's:

    • Available
    • Appropriate
    • Authoritative

    The three ears of a product owner*

    An effective product owner listens to (and effectively balances) the needs and constraints of three different groups:

    Organizational needs/constraints represent what is most important to the organization overall, and typically revolve around things like cost, schedule, return on investment, time to market, risk mitigation, conforming to policies and regulations, etc.

    Stakeholder needs/constraints represent what is most important to those who will be using the system and typically revolve around the delivery of value, ease of use, better outcomes, making their jobs easier and more efficient, getting what they ask for, etc.

    Delivery Team needs/constraints represent what is most important to those who are tasked with delivering the project and cover a broad range that includes tools, skills, capabilities, technology limitations, capacity limits, adequate testing, architectural considerations, sustainable workload, clear direction and requirements, opportunities to innovate, getting sufficient input and feedback, support for clearing roadblocks, dependencies on other teams, etc.

    Info-Tech Insight

    An effective PO will expertly balance the needs of:

    • The organization
    • Project stakeholders
    • The delivery team

    * For more, see Understanding Scrum: Why do Product Owners Have Three Ears

    A product owner doesn't act alone

    Although the PO plays a unique and central role in the success of an Agile project, it doesn't mean they "act alone."

    The PO is ultimately responsible for managing and maintaining an effective backlog over the project lifecycle, but many people contribute to maintaining this backlog (on large projects, BA's are often the primary contributors to the backlog).

    The PO role also relies heavily on stakeholders (to help define and elaborate user stories, provide input and feedback, answer questions, participate in sprint demos, participate in testing of sprint deliverables, etc.).

    The PO role also relies heavily on the delivery team. Some backlog management and story elaboration is done by delivery team members instead of the PO (think: elaborating user story details, creating acceptance criteria, writing test plans for user stories, etc.).

    The PO both contributes to these efforts and leads/oversees the efforts of others. The exact mix of "doing" and "leading" can be different on a case-by-case basis and is part of establishing the delivery team's norms.

    Given the importance of the role, care must be taken to not overburden the product owner, especially on large projects.

    Info-Tech Insight

    While being ultimately responsible for the product backlog, a PO often relies on others to aid in backlog management and maintenance.

    This is particularly true on large projects.

    The use of a proxy PO

    Sometimes, a proxy product owner is needed.

    It is always best to assign a product owner "from the business," who will bring subject matter expertise and have established relationships with stakeholders.

    When a PO from the business does not have enough time to fulfill the needs of the role completely (e.g. can only be a part-time PO, because they have a day job), assigning a proxy product owner can help to compensate for this.

    The proxy PO acts on behalf of the PO in order to reduce the PO's workload or to otherwise support them.

    Project participants (e.g. delivery team, stakeholders) should treat the PO and proxy PO as roughly equivalent.

    Project managers (PMs) and business analysts (BAs) are often good candidates for the proxy PO role.

    NOTE: It's highly advisable for the PO to attend all/most sprint demos in order to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the PO still has ultimate responsibility for the project outcomes).

    Info-Tech Insight

    Although not ideal, assigning a proxy PO can help to compensate for a PO who doesn't meet all three A's of Product Ownership.

    It is up to the PO and proxy to decide how they will work together (e.g. establish their norms).

    The use of a proxy PO

    The PO and proxy must work together closely and in a highly coordinated way.

    The PO and proxy must:

    • Work closely at the start of the project to agree on the overall approach they will follow, as well as any needs and constraints for the project.
    • Communicate frequently and effectively throughout the project, to ensure progress is being made and to address any challenges.
    • Have a "meeting of the minds" about how the different "parts" of the PO role will be divided between them (including when the proxy must defer to the PO on matters).
    • Focus on ensuring that all the responsibilities of the PO role are fulfilled effectively by the pair (how this is accomplished is up to the two of them to decide).
    • Ensure all project participants clearly understand the POs' and proxies' relative responsibilities to minimize confusion and mistakes.

    The use of multiple POs

    Sometimes, having multiple product owners makes sense.

    It is always best to assign a single product owner to a project. However, under certain circumstances, it can make sense to use multiple POs.

    For example, when implementing a large ERP system with many distinct modules (e.g. Finance, HR) it can be difficult to find a single PO who has sufficient subject matter expertise across all modules.

    When assigning Multiple POs to a project, be sure to identify a "Lead PO" (who is given ultimate responsibility for the entire project) and have the remaining POs act like Proxy POs.

    NOTE: Not surprisingly, it's highly advisable for the Lead PO to attend as many Sprint Demos as possible to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the Lead PO has ultimate responsibility for the project outcomes).

    Info-Tech Best Practice

    Although not ideal, assigning multiple POs to a project sometimes makes sense.

    When needed, be sure to identify a "Lead PO" and have the other PO's act like Proxies.

    Product Owner Exercise 2.1 Identify enablers and blockers

    30-60 minutes

    1. Brainstorm and discuss the key enablers that can help promote and ease your implementation of Product Ownership.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your efforts.
    3. Brainstorm mitigation activities for each blocker.
    Enablers Blockers Mitigation
    High business engagement and buy-in Significant time is required to implement and train resources Limit the scope for pilot project to allow time to learn
    Organizational acceptance for change Geographically distributed resources Temporarily collocate all resources and acquire virtual communication technology
    Existing tools can be customized for BRM Difficulty injecting customers in demos Educate customer groups on the importance of attendance and 'what's in it for them'

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Establish an effective product owner role

    • The nature of a PO role can be somewhat foreign to many organizations, so candidates for the role will benefit from training along with coaching/mentoring support when starting out.
    • The PO must be able to make decisions quickly around project priorities, goals, and requirements.
    • A PO who is simply a conduit to a slow-moving steering committee will stifle an Agile project.
    • Establish clear boundaries and rules regarding which project decisions can be made directly by the PO and which must be escalated to stakeholders. Lean toward approaches that support the quickest decision-making (e.g. give the PO as much freedom as they need to be effective).
    • An effective PO has a good instinct for what is "good enough for now."
    • The organization can support the PO by focusing attention on goals and accomplishments rather than pushing processes and documentation.
    • Understand the difference between a project sponsor and a PO (the PO role is much more involved in the details, with a higher workload).
    • Agree on and clearly define the roles and responsibilities of PO, PM, dev manager, SM, etc. at the start of the project for clarity and efficiency.

    Characteristics to look for when selecting a product owner

    Here are some "ideal characteristics" for your POs (the more of these that are true for a given PO, the better):

    • Knows how to get things done in your organization
    • Has strong working relationships with project stakeholders (has established trust with them and is well respected by stakeholders as well as others)
    • Comes from the stakeholder community and is invested in the success of the project (ideally, will be an end user of the system)
    • Has proven communication, facilitation, mediation, and negotiation skills
    • Can effectively balance multiple competing priorities and constraints
    • Sees the big picture and strives to achieve the best outcomes possible (grounded in realistic expectations)
    • Works with a sense of urgency and welcomes ongoing feedback and collaboration with stakeholders
    • Understands how to act as an effective "funnel and filter" for stakeholder requests
    • Acts as an informal (but inspirational) leader whom others will follow
    • Has a strong sense of what is "good enough for now"
    • Protects the delivery team from distractions and keeps them focused on goals
    • Thinks strategically and incrementally

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    30-60 minutes

    1. Take a minute or two to review the bullet points below, which describe the product owner's role.
    2. As a group, discuss the "message" for each bullet point in the description, and then identify which aspects would be "easy" and "hard" to achieve in your organization.
      • The product owner is a project team member who has been empowered by both the organization and stakeholders to act on their behalf and to guide the project directly with a single voice (supported by appropriate consultations with the organization and stakeholders).
      • The product owner must be someone with a good understanding of the project deliverable (they are often considered to be a subject matter expert in an area related to the project deliverable) and ideally is both well-known and respected by both the organization and stakeholders.
      • During the project, requirements clarification, prioritization, and scope changes are ultimately decided by the product owner, who must perform the important balancing act required by the project to adequately reflect the needs and constraints of the organization, its stakeholders, and the project team.
      • The product owner role can only be successful in an organization that has established a trusting and supportive culture. Great trust must be placed in the product owner to adequately balance competing needs in a way that leads to good outcomes for the organization. This trust must come with some authority to make important project decisions, and the organization must also support the product owner in addressing risks and roadblocks outside the control of the project team.
      • The product owner is first among equals when it comes to ultimate ownership of success for the project (along with the project delivery team itself). Because of this, any project of any significance will require the full-time effort of the product owner (don't shortchange yourself by under-investing in a willing, able, and available product owner)

    Output

    • Better understanding of the product owner role.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    Which aspects of the product owner are "easy" in your organization?

    Which aspects of the product owner are "hard" in your organization?

    Product Owner Module

    Establish an effective product owner role

    Activities

    3.1 Build a starting checklist of quality filters

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the levels in a product backlog and how to create quality filters for PBIs moving through the backlog.
    • Define your product roadmap approach for key audiences.

    Product Owner Step 3: Managing effective product backlogs and roadmaps

    The primary role of the product owner is to manage the backlog effectively.

    When managed properly, the product backlog is a powerful project management tool that directly contributes to project success.

    The product owner's primary responsibility is to ensure this backlog is managed effectively.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.

    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image Adapted from: Pichler, What Is Product Management?

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    An example of performing planning and analysis at the family level.

    Leverage the product family roadmap for alignment

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going.

    • Your product family roadmap:
      • Lays out a strategy for your product family.
      • Is a statement of intent for your family of products.
      • Communicates direction for the entire product family and product teams.
      • Directly connects to the organization's goals.
    • However, it is not:
      • Representative of a hard commitment.
      • A simple combination of your current product roadmaps.

    Your ideal roadmap approach is a spectrum, not a choice!

    Match your roadmap and backlog to the needs of the product.

    Tactical vs strategic roadmaps.

    Product Managers do not have to choose between being tactical or strategic.
    – Aha!, 2015

    Multiple roadmap views can communicate differently yet tell the same truth

    Audience

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap

    View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot
    of the portfolio and
    priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize
    those goals.

    Artifacts are grouped by
    the teams who deliver
    that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Product Owner Exercise 3.1 Build a starting checklist of quality filters

    60 minutes

    1. Views provide roadmap information to different audiences in the format and level of detail that is fit to their purpose.
    2. Consider the three primary audiences for roadmap alignment.
    3. Define the roles or people who the view best fits.
    4. Define the level of detail or artifacts shared in the view for each audience.
    5. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Audience:

    Audience:

    Audience:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn't available.

    A comparison between product family roadmaps and product roadmaps.

    Use product roadmaps to align cross-team dependencies

    Regardless of how other teams operate, teams need to align to common milestones.

    An image showing how you may Use product roadmaps to align cross-team dependencies

    Product Owner Module

    Establish an effective product owner role

    Activities

    4.1 Identify key insights and takeaways

    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Product Owner Exercise 4.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    (e.g. better understanding of Agile mindset, principles, and practices) (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 1.1 Identify your product roadmapping pains
    Roadmapping 1.2 The six "tools" of product roadmapping
    Roadmapping 1.3 Product roadmapping exercise

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.1: Tell us what product management means to you and how it differs from a project orientation

    10-15 minutes

    1. Share your current understanding of product management.
    What is product management, and how does it differ from a project orientation?

    Output

    • Your current understanding of product management and its benefits

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Definition of terms

    Project

    "A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio."

    – PMBOK, PMI

    Product

    "A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements."
    Deliver on Your Digital Product Vision,
    Info-Tech Research Group

    Info-Tech Insight

    Any proper definition of product recognizes that they are long-term endeavors that don't end after the project finishes. Because of this, products need well thought out roadmaps.

    Deliver Digital Products at Scale via Enterprise Product Families

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    15-30 minutes

    1. Discuss what "product" means in your organization.
    2. Create a common, enterprise definition for "product."

    For example,

    • An application, platform, or application family.
    • Discrete items that deliver value to a user/customer.

    Capture your organization's definition of product:

    * For more on Product Management see Deliver on Your Digital Product Vision

    Output

    • Your enterprise/ organizational definition of products and services.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Product Roadmapping

    Create effective product roadmaps

    Activities

    The six "tools" of product roadmapping

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    The six "tools" of product roadmapping

    the 6 tools of product roadmapping: Vision; Goals; Strategy; Roadmap; Backlog; Release Plan.

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 3.1 Product roadmapping exercise
    Roadmapping 3.2 Identify key insights and takeaways
    Roadmapping 3.3 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    30 minutes

    1. As a team, read through the exercise back story below:

    The city of Binbetter is a picturesque place that is sadly in decline because local industry jobs are slowly relocating elsewhere. So, the local government has decided to do something to reinvigorate the city. Binbetter City Council has set aside money and a parcel of land they would like to develop into a venue that will attract visitors and generate revenue for the city.

    Your team was hired to develop the site, and you have already spent time with city representatives to create a vision, goals and strategy for building out this venue (captured on the following slides). The city doesn't want to wait until the entire venue is completed before it opens to visitors, and so you have been instructed to build it incrementally in order to bring in much needed revenue as soon as possible.

    Using the vision, goals, and strategy you have created, your team will need to plan out the build (i.e. create a roadmap and release plan for which parts of the venue to build and in which order). You can assume that visitors will come to the venue after your "Release 1", even while the rest is still under construction. Select one member of your team to be designated as the product owner. The entire team will work together to consider options and agree on a roadmap/release plan, but the product owner will be the ultimate decision-maker.

    * Adapted from Rautiainen et al, Toward Agile Product and Portfolio Management, 2015

    Output

    • Practical understanding of how to apply the six tools of product roadmapping.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • Is this a "good" vision statement, and if so, why?
      • Does it live up to its definition of being: "notional and inspirational, while also calling out key guidance and constraints"?
      • Does it help you to rule in/out options for the Product?
      • e.g. Would a parking lot fit the vision?
      • What about a bunch of condominiums?
      • What about a theme park?

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    An image of a Château-style Hotel (left) and a Gothic-style Cathedral (right)

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    Roadmapping Exercise 3.1: Continued

    1. As a team, review the following exercise rules:
    • Your construction team has told you that they can divide the structures into 17 "equal" components (see below)
    • Each component will require about the same amount of time and resources to complete
    • You can ask the team to build these components in any order and temporary roofs can be built for components that are not at the top of a "stack" (e.g. you can build C3 without having to build C4 and C5 at the same time)
    • However, you cannot build the tops of any buildings first (e.g. don't build M3 until M2 and M1 are in place)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • The city has asked you to decide on your "Release 1 MVP" and has limited you to selecting between 4 and 8 components for this MVP (fewer components = earlier opening date).
      • As a team, work together to decide which components will be in your MVP (remember, the PO makes the ultimate decision).
      • Drag your (4-8) selected MVP components over from the right and assemble them below (and explain your reasoning for your MVP selections):

    Release 1 (MVP)

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued
    (magnified venue)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, decide the rest of your roadmap:
      • The city has asked you to decide on the remainder of your roadmap
      • They have limited you to selecting between 2 and 4 components for each additional release (drag your selected component into each release below):
    Release 2 Release 3 Release 4 Release 5

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    Roadmap, Release Plan and Backlog

    an example roadmap plan; INCREASING: Priority; Requirements detail; Estimate accuracy; Level of commitment.

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.2:
    Identify key insights and takeaways

    15 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the product roadmapping module?
      2. What if any takeaways do participants feel are needed as a result of the module?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained?What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Roadmapping Exercise 3.3
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Mentoring for Agile Teams

    • Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Bibliography

    "Agile Estimation Practice." DZone.com, 13 May 2013. Web.
    "Announcing DORA 2021 Accelerate State of DevOps Report." Google Cloud Blog. Accessed 8 Nov. 2022.
    "Are Your IT Strategy and Business Strategy Aligned?" 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.
    A, Karen. "20 Mental Models for Product Managers." Medium, Product Management Insider, 2 Aug. 2018 . Web.
    ADAMS, PAUL. "Product Teams: How to Build & Structure Product Teams for Growth." Inside Intercom, 30 Oct. 2019. Web.
    Agile Alliance. "Product Owner." Agile Alliance. n.d. Web.
    Ambysoft. "2018 IT Project Success Rates Survey Results." Ambysoft. 2018. Web.
    Banfield, Richard, et al. "On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team." Pluralsight, 31 Jan. 2018. Web.
    Bloch, Michael, Sven Blumberg, and Jurgen Laartz. "Delivering Large-Scale IT Projects on Time, on Budget, and on Value." McKinsey & Company, October 2012.
    Blueprint. "10 Ways Requirements Can Sabotage Your Projects Right From the Start." Blueprint. 2012. Web.
    Boehm, Barry W. Software Engineering Economics. New Jersey: Prentice Hall, 1981.
    Breddels, Dajo, and Paul Kuijten. "Product Owner Value Game." Agile2015 Conference. 2015. Web.
    Cagan, Martin. "Behind Every Great Product." Silicon Valley Product Group. 2005. Web.
    "Chaos Report 2015." The Standish Group, 2015. Accessed 29 July 2022.
    Cohn, Mike. Succeeding With Agile: Software Development Using Scrum. Addison-Wesley. 2010. Web.
    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997. Print.
    Dyba, Tore, and Torgeir Dingsøyr. "Empirical Studies of Agile Software Development: A Systematic Review." Elsevier, ScienceDirect. 24 Jan. 2008. Web.
    "How do you define a product?" Scrum.org. 4 Apr 2017, Web
    EDUCAUSE. "Aligning IT Funding Models to the Pace of Technology Change." EDUCAUSE. 14 Dec. 2015. Web.
    Eick, Stephen. "Does Code Decay? Assessing the Evidence from Change Management Data." IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.
    "Enablers." Scaled Agile. n.d. Web.
    "Epic." Scaled Agile. n.d. Web.
    Eringa, Ron. "Evolution of the Product Owner." RonEringa.com. 12 June 2016. Web.
    Fernandes, Thaisa. "Spotify Squad Framework - Part I." Medium.com. 6 Mar. 2017. Web.
    Fowler, Martin. "Application Boundary." MartinFowler.com. 11 Sept. 2003. Web. 20 Nov. 2017.
    Galen, Robert. "Measuring Technical Product Managership – What Does 'Good' Look Like ...." RGalen Consulting. 5 Aug. 2015. Web.
    Hackshall, Robin. "Product Backlog Refinement." Scrum Alliance. 9 Oct. 2014. Web. Feb. 2019.
    Halisky, Merland, and Luke Lackrone. "The Product Owner's Universe." Agile Alliance, Agile2016. 2016. Web.
    Kamer, Jurriaan. "How to Build Your Own 'Spotify Model'." Medium.com. 9 Feb. 2018. Web.
    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce. 18 May 2018. Web. Feb. 2019.
    Lindstrom, Lowell. "7 Skills You Need to Be a Great Product Owner." Scrum Alliance. n.d. Web.
    Lawrence, Richard, and Peter Green. "The Humanizing Work Guide to Splitting User Stories." Humanizing Work, 22 Oct. 2020. Web.
    Leffingwell, Dean. "SAFe 5.0." Scaled Agile Inc. 2021. Web. Feb. 2021.
    Lucero, Mario. "Product Backlog – Deep Model." Agilelucero. 8 Oct. 2014. Web.
    Lukassen, Chris. "The Five Belts Of The Product Owner." Xebia.com. 20 Sept. 2016. Web.
    Management 3.0. "Delegation Poker Product Image." Management 3.0. n.d. Web.
    McCloskey, Heather. "Scaling Product Management: Secrets to Defeating Common Challenges." Scaling Product Management: Secrets to Defeating Common Challenges, ProductPlan, 12 July 2019 . Web.
    McCloskey, Heather. "When and How to Scale Your Product Team." UserVoice Blog, UserVoice, 21 Feb. 2017 . Web.
    Medium.com. "Exploring Key Elements of Spotify's Agile Scaling Model." Medium.com. 23 July 2018. Web.
    Mironov, Rich. "Scaling Up Product Manager/Owner Teams: - Rich Mironov's Product Bytes." Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014 . Web.
    "Most Agile Transformations Will Fail." Vitality Chicago Inc., 24 Jan. 2019.
    Overeem, Barry. "A Product Owner Self-Assessment." Barry Overeem. 6 Mar. 2017. Web.
    Overeem, Barry. "Retrospective: Using the Team Radar." Barry Overeem. 27 Feb. 2017. Web.
    "PI Planning." Scaled Agile. n.d. Web.
    "PI Planning."SAFe. 2020.
    Pichler, Roman. "How to Scale the Scrum Product Owner." Roman Pichler, 28 June 2016 . Web.
    Pichler, Roman. "Product Management Framework." Pichler Consulting Limited. 2014. Web.
    Pichler, Roman. "Sprint Planning Tips for Technical Product Managers." LinkedIn. 4 Sept. 2018. Web.
    Pichler, Roman. "What Is Product Management?" Pichler Consulting Limited. 26 Nov. 2014. Web.
    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.
    Radigan, Dan. "Putting the 'Flow' Back in Workflow With WIP Limits." Atlassian. n.d. Web.
    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." Scf.usc.edu. 1970. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Agile Product Management." Scrum.org. 28 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on (Business) Value." Scrum.org. 30 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Product Backlog Management." Scrum.org. 5 Dec. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on the Product Vision." Scrum.org. 29 Nov. 2017. Web.
    Schuurman, Robbin. "Tips for Starting Technical Product Managers." Scrum.org. 27 Nov. 2017. Web.
    Sharma, Rohit. "Scaling Product Teams the Structured Way." Monetary Musings, Monetary Musings, 28 Nov. 2016 . Web.
    STEINER, ANNE. "Start to Scale Your Product Management: Multiple Teams Working on Single Product." Cprime, Cprime, 6 Aug. 2019 . Web.
    Shirazi, Reza. "Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong." Austin VOP #50. 2 Oct. 2018. Web.
    Standish Group, The. "The Standish Group 2015 Chaos Report." The Standish Group. 2015. Web.
    Theus, Andre. "When Should You Scale the Product Management Team?" When Should You Scale the Product Management Team?, ProductPlan, 7 May 2019 . Web.
    Todaro, Dave. "Splitting Epics and User Stories." Ascendle. n.d. Web. Feb. 2019.
    Tolonen, Arto. "Scaling Product Management in a Single Product Company." Smartly.io - Digital Advertising Made Easy, Effective, and Enjoyable, Smartly.io, 26 Apr. 2018 . Web.
    Ulrich, Catherine. "The 6 Types of Product Managers. Which One Do You Need?" Medium.com. 19 Dec. 2017. Web.
    Vähäniitty, J. et al. "Chapter 7: Agile Product Management" in Towards Agile Product and Portfolio Management. Aalto University Software Process Research Group, 2010.
    VersionOne. "12th Annual State of Agile Report." VersionOne. 9 April 2018. Web.
    Verwijs, Christiaan. "Retrospective: Do The Team Radar." Medium.com. 10 Feb. 2017. Web.
    "Why Agile Fails Because of Corporate Culture - DZone Agile." Dzone.Com. Accessed 31 Aug. 2021.

    page 1 of the appendix
    page 2 of the appendix
    page 3 of the appendix
    page 4 of the appendix

    Cultural advantages of Agile

    Collaboration

    Team members leverage all their experience working towards a common goal.

    Iterations

    Cycles provide opportunities for more product feedback.

    Prioritization

    The most important needs are addressed in the current iteration.

    Continual Improvement

    Self-managing teams continually improve their approach for next iteration.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    Info-Tech Best Practice

    Don't fully elaborate all of your PBIs at the beginning of the project instead, make sure they are elaborated "just in time." (Keep no more than 2 or 3 sprints worth of user stories in the Ready state.)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint aproach.

    Scrum versus Kanban: Key differences

    page 6 of the appendix

    Scrum versus Kanban: When to use each

    Scrum: Delivering related or grouped changes in fixed time intervals.

    • Coordinating the development or release of related items
    • Maturing a product or service
    • Interdependencies between work items

    Kanban: Delivering independent items as soon as each is ready.

    • Work items from ticketing or individual requests
    • Completing independent changes
    • Releasing changes as soon as possible

    Develop an adaptive governance process

    page 7 of the appendix

    Five key principles for building an adaptive governance framework

    Delegate and Empower

    Decision making must be delegated down within the organization, and all resources must be empowered and supported to make effective decisions.

    Define Outcomes

    Outcomes and goals must be clearly articulated and understood across the organization to ensure decisions are in line and stay within reasonable boundaries.

    Make Risk informed decisions

    Integrated risk information must be available with sufficient data to support decision making and design approaches at all levels of the organization.

    Embed / Automate

    Governance standards and activities need to be embedded in processes and practices. Optimal governance reduces its manual footprint while remaining viable. This also allows for more dynamic adaptation.

    Establish standards and behavior

    Standards and policies need to be defined as the foundation for embedding governance practices organizationally. These guardrails will create boundaries to reinforce delegated decision making.

    Maturing governance is a journey

    Organizations should look to progress in their governance stages. Ad-Hoc, and controlled governance tends to be slow, expensive, and a poor fit for modern practices.

    The goal as you progress in your stages is to delegate governance and empower teams to make optimal decisions in real-time, knowing that they are aligned with the understood best interests of the organization.

    Automate governance for optimal velocity, while mitigating risks and driving value.

    This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.

    page 8 of the appendix

    Business value is a key component to driving better decision making

    Better Decisions

    • Team Engagement
    • Frequent Delivery
    • Stakeholder Input
    • Market Analysis
    • Articulating Business Value
    • Focus on Business Needs

    Facilitation Planning Tool

    • Double-click the embedded Excel workbook to select and plan your exercises and timing.
    • Place or remove the "X" in the "Add to Agenda" column to add it to the workshop agenda and duration estimate.
    • Verify the exercise and step timing estimates from the blueprint provided on the "Detailed Workshop Planner" in columns C-F and adjust based on your facilitation and intended audience.

    an image of the Facilitation Planning Tool

    Appendix:
    SDLC transformation steps

    Waterfall SDLC: Valuable product delivered at the end of an extended project lifecycle, frequently in years

    Page 1 of the SDLC Appendix.

    • Business separated from delivery of technology it needs, only one third of product is actually valuable (Info-Tech, N=40,000).
    • In Waterfall, a team of experts in specific disciplines hand off different aspects of the lifecycle.
    • Document signoffs are required to ensure integration between silos (Business, Dev, and Ops) and individuals.
    • A separate change request process lays over the entire lifecycle to prevent changes from disrupting delivery.
    • Tools are deployed to support a specific role (e.g. BA) and seldom integrated (usually requirements <-> test).

    Wagile/Agifall/WaterScrumFall SDLC: Valuable product delivered in multiple releases

    Page 2 of the SDLC Appendix.

    • Business is more closely integrated by a business product owner accountable for day-to-day delivery of value for users.
    • The team collaborates and develops cross-functional skills as they define, design, build, and test code over time.
    • Signoffs are reduced but documentation is still focused on satisfying project delivery and operations policy requirements.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Tools start to be integrated to streamline delivery (usually requirements and Agile work management tools).

    Agile SDLC: Valuable product delivered iteratively; frequency depends on Ops' capacity

    Page 3 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos (e.g. every two weeks).
    • Team is fully cross-functional and collaboratesto plan, define, design, build, and test the code supported by specialists.
    • Documentation is focused on future development and operations needs.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Explore automation for application development (e.g. automated regression testing).

    Agile with DevOps SDLC: High frequency iterative delivery of valuable product (e.g. every two weeks)

    Page 4 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Dev and ops teams collaborate to plan, define, design, build, test, and deploy code supported by automation.
    • Documentation is focused on supporting users, future changes, and operational support.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Build, test, deploy is fully automated (service desk is still separated).

    DevOps SDLC: Continuous integration and delivery

    Page 5 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Fully integrated DevOps team collaborates to plan, define, design, build, test, deploy, and maintain code.
    • Documentation Is focused on future development and use adoption.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated development and operations toolchain.

    Fully integrated product SDLC: Agile + DevOps + continuous delivery of valuable product on demand

    Page 6 of the SDLC Appendix.

    • Business users are fully integrated with the teams through dedicated business product owner.
    • Cross-functional teams collaborate across the business and technical life of the product.
    • Documentation supports internal and external needs (business, users, Ops).
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated toolchain (including service desk).

    Create Stakeholder-Centric Architecture Governance

    • Buy Link or Shortcode: {j2store}583|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $3,099 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Traditional enterprise architecture management (EAM) caters to only 10% – the IT people, and not to the remaining 90% of the organization.
    • EAM practices do not scale well with the agile way of working and are often perceived as "bottlenecks” or “restrictors of design freedom.”
    • The organization scale does not justify a full-fledged EAM with many committees, complex processes, and detailed EA artifacts.

    Our Advice

    Critical Insight

    Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”

    Impact and Result

    Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.

    Create Stakeholder-Centric Architecture Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here

    Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.

    • Create Stakeholder-Centric Architecture Governance Storyboard
    [infographic]

    Embed Business Relationship Management in IT

    • Buy Link or Shortcode: {j2store}270|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $21,960 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships
    • While organizations realize they need to improve business relationships, they often don’t know how.
    • IT doesn’t know what their business needs and so can’t add as much value as they’d like.
    • They find that their partners often reach out to third parties before they connect with internal IT.

    Our Advice

    Critical Insight

    • Business relationship management (BRM) is not just about communication, it’s about delivering on business value.
    • Build your BRM program on establishing trust.

    Impact and Result

    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end customer requirements and expectations, resulting in more satisfied customers.

    Embed Business Relationship Management in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Embed Business Relationship Management Deck – A step-by-step document that walks you through how to establish a practice with well-embedded business relationships, driving IT success.

    This blueprint helps you to establish a relationship with your stakeholders, both within and outside of IT. You’ll learn how to embed relationship management throughout your organization.

    • Embed Business Relationship Management in IT – Phases 1-5

    2. BRM Workbook Deck – A workbook for you to capture the results of your thinking on the BRM practice.

    Use this tool to capture your findings as you work through the blueprint.

    • Embed Business Relationship Management in IT Workbook

    3. BRM Buy-In and Communication Template – A template to help you communicate what BRM is to your organization, that leverages feedback from your business stakeholders and IT.

    Customize this tool to obtain buy in from leadership and other stakeholders. As you continue through the blueprint, continue to leverage this template to communicate what your BRM program is about.

    • BRM Buy-In and Communication Template

    4. BRM Role Expectations Worksheet – A tool to help you establish how the BRM role and/or other roles will be managing relationships.

    This worksheet template is used to outline what the BRM practice will do and associate the expectations and tasks with the roles throughout your organization. Use this to communicate that while your BRM role has a strategic focus and perspective of the relationship, other roles will continue to be important for relationship management.

    • Role Expectations Worksheet

    5. BRM Stakeholder Engagement Plan Worksheet – A tool to help you establish your stakeholders and your engagement with them.

    This worksheet allows you to list the stakeholders and their priority in order to establish how you want to engage with them.

    • BRM Stakeholder Engagement Plan Worksheet

    6. Business Relationship Manager Job Descriptions – These templates can be used as a guide for defining the BRM role.

    These job descriptions will provide you with list of competencies and qualifications necessary for a BRM operating at different levels of maturity. Use this template as a guide, whether hiring internally or externally, for the BRM role.

    • Business Relationship Manager – Level 1
    • Business Relationship Manager – Level 2
    • Business Relationship Manager – Level 3
    [infographic]

    Workshop: Embed Business Relationship Management in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation: Assess and Situate

    The Purpose

    Set the foundation for your BRM practice – understand your current state and set the vision.

    Key Benefits Achieved

    An understanding of current pain points and benefits to be addressed through your BRM practice. Establish alignment on what your BRM practice is – use this to start obtaining buy-in from stakeholders.

    Activities

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    1.4 Create Vision

    1.5 Create the BRM Mission

    1.6 Establish Goals

    Outputs

    BRM definition

    Identify areas to be addressed through the BRM practice

    Shared vision, mission, and understanding of the goals for the brm practice

    2 Plan

    The Purpose

    Determine where the BRM fits and how they will operate within the organization.

    Key Benefits Achieved

    Learn how the BRM practice can best act on your goals.

    Activities

    2.1 Establish Guiding Principles

    2.2 Determine Where BRM Fits

    2.3 Establish BRM Expectations

    2.4 Identify Roles With BRM Responsibilities

    2.5 Align Capabilities

    Outputs

    An understanding of where the BRM sits in the IT organization, how they align to their business partners, and other roles that support business relationships

    3 Implement

    The Purpose

    Determine how to identify and work with key stakeholders.

    Key Benefits Achieved

    Determine ways to engage with stakeholders in ways that add value.

    Activities

    3.1 Brainstorm Sources of Business Value

    3.2 Identify Key Influencers

    3.3 Categorize the Stakeholders

    3.4 Create the Prioritization Map

    3.5 Create Your Engagement Plan

    Outputs

    Shared understanding of business value

    A plan to engage with stakeholders

    4 Reassess and Embed

    The Purpose

    Determine how to continuously improve the BRM practice.

    Key Benefits Achieved

    An ongoing plan for the BRM practice.

    Activities

    4.1 Create Metrics

    4.2 Prioritize Your Projects

    4.3 Create a Portfolio Investment Map

    4.4 Establish Your Annual Plan

    4.5 Build Your Transformation Roadmap

    4.6 Create Your Communication Plan

    Outputs

    Measurements of success for the BRM practice

    Prioritization of projects

    BRM plan

    Further reading

    Embed Business Relationship Management in IT

    Show that IT is worthy of Trusted Partner status.

    Executive Brief

    Analyst Perspective

    Relationships are about trust.

    As long as humans are involved in enabling technology, it will always remain important to ensure that business relationships support business needs. At the cornerstone of those relationships is trust and the establishment of business value. Without trust, you won’t be believed, and without value, you won’t be invited to the business table.

    Business relationship management can be a role, a capability, or a practice – either way it’s essential to ensure it exists within your organization. Show that IT can be a trusted partner by showing the value that IT offers.

    Photo of Allison Straker, Research Director, CIO Practice, Info-Tech Research Group.

    Allison Straker
    Research Director, CIO Practice
    Info-Tech Research Group

    Your challenge: Why focus on business relationship management?

    Is IT saying this about business partners?

    I don’t know what my business needs and so we can’t add as much value as we’d like.

    My partners don’t give us the opportunity to provide new ideas to solve business problems

    My partners listen to third parties before they listen to IT.

    We’re too busy and don’t have the capacity to help my partners.

    Three stamps with the words 'Value', 'Innovation', and 'Advocacy'. Are business partners saying this about IT?

    IT does not create and deliver valuable services/solutions that resolve my business pain points.

    IT does not come to me with innovative solutions to my business problems/challenges/issues.

    IT blocks my efforts to drive the business forward using innovative technology solutions.

    IT does not advocate for my needs with the decision makers in the organization.

    Common obstacles

    While organizations realize they need to do better, they often don’t know how to improve.

    Organizations want to:
    • Understand and strategically align to business goals
    • Ensure stakeholders are satisfied
    • Show project value/success

    … these are all things that a mature business relationship can do to improve your organization.

    Key improvement areas identified by business leaders and IT leaders

    Bar chart comparing 'CXO' and 'CIO' responses to multiple areas one whether they need significant improvement or only some improvement. Areas in question are 'Understand Business Goals', 'Define and align IT strategy', 'Measure stakeholder satisfaction with IT', and 'Measure IT project success'. Source: CEO/CIO Alignment Diagnostic, N=446 organizations.

    Info-Tech’s approach

    BRMs who focus on achieving business value can improve organizational results.

    Visualization of a piggy bank labelled 'Business Value' with a person on a ladder labelled 'Strategic Tactical Operational' putting coins into the bank which are labelled 'External & internal views', 'Applied knowledge of the business', 'Strategic perspective', 'Trusted relationship', and 'Empathetic engagements “What’s in it for me/them?”'.

    Business relationships can take a strategic, tactical, or operational perspective.

    While all levels are needed, focus on a strategic perspective for optimal outcomes.

    Create business value through:

    • Applying your knowledge of the business so that conversations aren’t about what IT provides. Focus on what the overall business requires.
    • Ensuring your knowledge includes what is going on internally at your organization and also what occurs externally within and outside the industry (e.g. vendors, technologies used in similar industries or with similar customer interactions).
    • Discussing with the perspective of “what’s in it for [insert business partner here]” – don’t just present IT’s views.
    • Building a trusted strategic relationship – don’t just do well at the basics but also focus on the strategy that can move the organization to where it needs to be.

    Neither you nor your partners can view IT as separate from your overall business…

    …your IT goals need to be aligned with those of the overall business

    IT Maturity Pyramid with 'business goals' and 'IT goals' moving upward along its sides. It has five levels, 'unstable - Ad hoc – IT is too busy and the business is unsatisfied (too expensive, too long, not delivering on needs)', 'firefighter - Order taker – IT engaged on as-needed basis. IT unable to forecast demand to manage own resources', 'trusted operator - IT and business are not always sure of each other’s direction/priorities’, ‘business partner - IT understands and delivers on business needs', and 'innovator - Business and IT work together to achieve shared goals'.

    IT and other lines of business need to partner together – they are all part of the same overall business.

    Four puzzle pieces fitting together representing 'IT' and three other Lines of Business '(LOB)'

    <

    Why it’s important to establish a BRM program

    IT Benefits

    • Provides IT with a view of the lines of business they empower
    • Allows IT to be more proactive in providing solutions that help business partner teams
    • Allows IT to better manage their workload, as new requests can be prioritized and understood

    Business Benefits

    • Provides business teams with a view of the services that IT can help them with
    • Brings IT to the table with value-driven solutions
    • Creates an overall roadmap aligning both partners
    Ladder labelled 'Strategic Tactical Operational'.
    • Drive business value into the organization via innovative technology solutions.
    • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
    • Enhance ability to execute business activities to meet end-customer requirements and expectations, resulting in more satisfied customers.

    Increase your business benefits by moving up higher – from operational to tactical to strategic.

    Piggy bank labelled 'Business Value'.

    When IT understands the business, they provide better value

    Understanding all parties – including the business needs and context – is critical to effective business relationships.

    Establishing a focus on business relationship management is key to improving IT satisfaction.

    When business partners are satisfied that IT understands their needs, they have a higher perception of the value of overall IT

    Bar chart with axes 'Business satisfaction with IT understanding of needs' and 'Perception of IT value'. There is an upward trend.

    The relationship between the perception of IT value and business satisfaction is strong (r=0.89). Can you afford not to increase your understanding of business needs?

    (Source: Info-Tech Research Group diagnostic data/Business-Aligned IT Strategy blueprint (N=652 first-year organizations that completed the CIO Business Vision diagnostic))

    A tale of two IT partners

    Teleconference with an IT partner asking them to 'Tell me everything'.

    One IT partner approached their business partner without sufficient background knowledge to provide insights.

    The relationship was not strong and did not provide the business with the value they desired.

    Research your business and be prepared to apply your knowledge to be a better partner.

    Teleconference with an IT partner that approached with knowledge of your business and industry.

    The other IT partner approached with knowledge of the business and external parties (vendors, competitors, industry).

    The business partners received this positively. They invited the IT partners to meetings as they knew IT would bring value to their sessions.

    BRM success is measurable Measuring tape.

    1) Survey your stakeholders to measure improvements in customer satisfaction 2) Measure BRM success against the goals for the practice

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    Two small tables showing example 'Value' and 'Satisfaction' scores. Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Maturing your BRM practice is a journey

    Info-Tech has developed an approach that can be used by any organization to improve or successfully implement BRM. The same ladder as before with words 'Strategic', 'Tactical', 'Operational', and a person climbing on it. Become a Trusted Partner and Advisor
    KNOWLEDGE OF INDUSTRY

    STRATEGIC

    Value Creator and Innovator

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    KNOWLEDGE OF FUNCTIONS

    TACTICAL

    Influencer and Advocate

    Two-way voice between IT and business, understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    TABLE STAKES:
    COMMUNICATION
    SERVICE DELIVERY
    PROJECT DELIVERY

    OPERATIONAL

    Deliver

    Communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Foundation: Define and communicate the meaning and vision of BRM

    At each level, keep maturing your BRM practice

    ITPartnerWhat to do to move to the next level

    Strategic Partner

    Shared goals for maximizing value and shared risk and reward

    5

    Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

    Value Creator and Innovator

    See partners as integral to business success and growth

    Focus on continuous learning and improvement.

    Trusted Advisor

    Cooperation based on mutual respect and understanding

    4

    Partners understand, work with, and help improve capabilities.

    Influencer and Advocate

    Sees IT as helpful and reliable

    Strategic: IT needs to demonstrate and apply knowledge of business, industry, and external influences.

    Service Provider

    Routine – innovation is a challenge

    3

    Two-way voice between IT and business; understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

    Priorities set but still always falling behind.

    Views IT as helpful but they don’t provide guidance

    IT needs to excel in portfolio and transition management.

    Business needs to engage IT in strategy.

    Order Taker

    Distrust, reactive

    2

    Focuses on communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

    Delivery Service

    Engages with IT on an as-needed basis

    Improve Tactical: IT needs to demonstrate knowledge of the business they are in. IT to improve BRM and service management.

    Business needs to embrace BRM role and service management.

    Ad Hoc

    Loudest in, first out

    1

    Too busy doing the basics; in firefighter mode.

    Low satisfaction (cost, duration, quality)

    Improve Operational Behavior: IT to show value with “table stakes” – communication, service delivery, project delivery.

    IT needs to establish intake/demand management.


    Business to embrace a new way of approaching their partnership with IT.

    (Adapted from BRM Institute Maturity Model and Info-Tech’s own model)

    The Info-Tech path to implement BRM

    Use Info-Tech’s ASPIRe method to create a continuously improving BRM practice.

    Info-Tech's ASPIRe method visualized as a winding path. It begins with 'Role Definition', goes through many 'Role Refinements' and ends with 'Metrics'. The main steps to which the acronym refers are 'Assess', 'Situate', 'Plan', 'Implement', and 'Reassess & Embed'.

    Insight summary

    BRM is not just about communication, it’s about delivering on business value.

    Business relationship management isn’t just about having a pleasant relationship with stakeholders, nor is it about just delivering things they want. It’s about driving business value in everything that IT does and leveraging relationships with the business and IT, both within and outside your organization.

    Understand your current state to determine the best direction forward.

    Every organization will apply the BRM practice differently. Understand what’s needed within your organization to create the best fit.

    BRM is not just a communication conduit between IT and the business.

    When implemented properly, a BRM is a value creator, advocate, innovator, and influencer.

    The BRM role must be designed to match the maturity level of the IT organization and the business.

    Before you can create incremental business value, you must master the fundamentals of service and project delivery.

    Info-Tech Insight

    Knowledge of your current situation is only half the battle; knowledge of the business/industry is key.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Executive Buy-In and Communication Presentation Template

    Explain the need for the BRM practice and obtain buy-in from leadership and staff across the organization.

    Sample of Info-Tech's key deliverable, the Executive Buy-In and Communication Presentation Template.

    BRM Workbook

    Capture the thinking behind your organization’s BRM program.

    Sample of Info-Tech's BRM Workbook deliverable.

    BRM Stakeholder Engagement Plan Worksheet

    Worksheet to capture how the BRM practice will engage with stakeholders across the organization.

    Sample of Info-Tech's BRM Stakeholder Engagement Plan Worksheet deliverable.

    BRM Role Expectations Worksheet

    How business relationship management will be supported throughout the organization at a strategic, tactical, and operational level.

    Sample of Info-Tech's BRM Role Expectations Worksheet deliverable.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Call #1: Discuss goals, current state, and an overview of BRM.

    Call #2: Examine business satisfaction and discuss results of SWOT.

    Call #3: Establish BRM mission, vision, and goals. Call #4: Develop guiding principles.

    Call #5: Establish the BRM operating model and role expectations.

    Call #6: Establish business value. Discuss stakeholders and engagement planning. Call #7: Develop metrics. Discuss portfolio management.

    Call #8: Develop a communication or rollout plan.

    Workshop Overview

    Complete the CIO-Business Vision diagnostic prior to the workshop.
    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Post-Workshop
    Activities
    Set the Foundation
    Assess & Situate
    Define the Operating Model
    Plan
    Define Engagement
    Implement
    Implement BRM
    Reassess
    Next steps and Wrap-Up (offsite)

    1.1 Discuss rationale and importance of business relationship management

    1.2 Review CIO BV results

    1.3 Conduct SWOT analysis (analyze strengths, weaknesses, opportunities, and threats)

    1.4 Establish BRM vision and mission

    1.5 Define objectives and goals for maturing the practice

    2.1 Create your list of guiding principles (optional)

    2.2 Define business value

    2.3. Establish the operating model for the BRM practice

    2.4 Define capabilities

    3.1. Identify key stakeholders

    3.2 Map, prioritize, and categorize the stakeholders

    3.4 Create an engagement plan

    4,1 Define metrics

    4.2 Identify remaining enablers/blockers for practice implementation

    4.3 Create roadmap

    4.4 Create communication plan

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Summary of CIO Business Vision results
    2. Vision and list of objectives for the BRM program
    3. List of business and IT pain points
    1. BRM role descriptions, capabilities, and ownership definitions
    1. BRM reporting structure
    2. BRM engagement plans
    1. BRM communication plan
    2. BRM metrics tracking plan
    3. Action plan and next step
    1. Workshop Report

    ASSESS

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    To assess BRM, clarify what it means to you

    Who are BRM relationships with? Octopus holding icons with labels 'Tech Partners', 'Lines of Business', and 'External Partners'. The BRM has multiple arms/legs to ensure they’re aligned with multiple parties – the partners within the lines of business, external partners, and technology partners.
    What does a BRM do? Engage the right stakeholders – orchestrate key roles, resources, and capabilities to help stimulate, shape, and harvest business value.

    Connect partners (IT and other business) with the resources needed.

    Help stakeholders navigate the organization and find the best path to business value.

    Three figures performing different actions, labelled 'orchestrate', 'connect', and 'navigate'.
    What does a BRM focus on? Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. Demand Shaping – Surfacing and shaping business demand
    Value Harvesting – Identifying ways to increase business value and providing insights
    Exploring – Rationalizing demand and reviewing new business, technology, and industry insights
    Servicing – Managing expectations and facilitating business strategy; business capability road mapping

    Determine what business relationship management is

    Many organizations face business dissatisfaction because they do not understand what the role of a BRM should be.

    A BRM Is NOT:
    • Order taker
    • Service desk
    • Project manager
    • Business analyst
    • Service delivery manager
    • Service owner
    • Change manager
    A BRM Is:
    • Value creator
    • Innovator
    • Trusted advisor
    • Strategic partner
    • Influencer
    • Business subject matter expert
    • Advocate for the business
    • Champion for business process improvement
    Business relationship management does not mean a go-between for the business and IT. Its focus should be on delivering VALUE and INNOVATIVE SOLUTIONS to the business.

    1.1 What is BRM?

    1 hour

    Input: Your preliminary thoughts and ideas on BRM

    Output: Themes summarizing what BRM will be at your organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Each team member will take a colored sticky note to capture what BRM is and what it isn’t.
    2. As a group, review and discuss the sticky notes.
    3. Group them into themes summarizing what BRM will be at your organization.
    4. Leverage the workbook to brainstorm the definition of BRM at your organization.
    5. Create a refined summary statement and capture it in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    It’s important to understand what the business thinks; ask them the right questions

    Leverage the CIO Business Vision Diagnostic to provide clarity on:
    • The organization’s view on satisfaction and importance of core IT services
    • Satisfaction across business priorities
    • IT’s capacity to meet business needs

    Contact your Account Representative to get started

    Sample of various scorecards from the CIO Business Vision Diagnostic.

    1.2 Use their responses to help guide your BRM program

    1 hour

    Input: CIO-Business Vision Diagnostic, Other business feedback

    Output: Summary of your partners’ view of the IT relationship

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Complete the CIO Business Vision diagnostic.
    2. Analyze the findings from the Business Vision diagnostic or other business relationship and satisfaction surveys. Key areas to look at include:
      • Overall IT Satisfaction
      • IT Value
      • Relationship (Understands Needs, Communicates Effectively, Executes Requests, Trains Effectively)
      • Shadow IT
      • Capacity Needs
      • Business Objectives
    3. Capture the following on your analysis:
      • Success stories – what your business partners are satisfied with
      • Challenges – are the responses consistent across departments?
    4. Leverage the workbook to capture your findings the goals. Key highlights should be documented in the Executive Buy-In and Communication Template.

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Perform a SWOT analysis to explore internal and external business factors

    A SWOT analysis is a structured planning method organizations use to evaluate the effects of internal strengths and weaknesses and external opportunities and threats on a project or business venture.

    Why It Is Important

    • Business SWOT reveals internal and external trends that affect the business. You may uncover relevant information about the business that the other analysis methods did not reveal.
    • The organizational strengths or weaknesses will shed some light on implications that you might not have considered otherwise, such as brand perception or internal staff capability to change.

    Key Tips/Information

    • Although this activity is simple in theory, there is much value to be gained when performed effectively.
    • Focus on weaknesses that can cause a competitive disadvantage and strengths that can cause a competitive advantage.
    • Rank your opportunities and threats based on impact and probability.
    • Info-Tech members who have derived the most insights from a business SWOT analysis usually involved business stakeholders in the analysis.

    SWOT diagram split into four quadrants representing 'Strengths' at top left, 'Opportunities' at bottom left, 'Weaknesses' at top right, and 'Threats' at bottom right.

    Review these questions to help you conduct your SWOT analysis on the business

    Strengths (Internal)
    • What competitive advantage does your organization have?
    • What do you do better than anyone else?
    • What makes you unique (human resources, product offering, experience, etc.)?
    • Do you have location, price, cost, or quality advantages?
    • Does your organizational culture offer an advantage (hiring the best people, etc.)?
    • Do you have a high level of customer engagement or satisfaction?
    Weaknesses (Internal)
    • What areas of your business require improvement?
    • Are there gaps in capabilities?
    • Do you have financial vulnerabilities?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues?
    • Are there factors contributing to declining sales?
    Opportunities (External)
    • Are there market developments or new markets?
    • Are there industry or lifestyle trends (move to mobile, etc.)?
    • Are there geographical changes in the market?
    • Are there new partnerships or mergers and acquisitions (M&A) opportunities?
    • Are there seasonal factors that can be used to the advantage of the business?
    • Are there demographic changes that can be used to the advantage of the business?
    Threats (External)
    • Are there obstacles that the organization must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Are there changes in market demand?
    • Are your competitors making changes that you are not making?
    • Are there economic issues that could affect your business?

    1.3 Analyze internal and external business factors using a SWOT analysis

    1 hour

    Input: IT and business stakeholder expertise

    Output: Analysis of internal and external factors impacting the IT organization

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team

    1. Break the group into two teams:
      • Assign team A internal strengths and weaknesses.
      • Assign team B external opportunities and threats.
    2. Think about strengths, weaknesses, opportunities, and threats as they pertain to the IT-business relationship. Consider people, process, and technology elements.
    3. Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the previous slide as guidance.
    4. Pick someone from each group to fill in the SWOT grid.
    5. Conduct a group discussion about the items on the list; identify implications for the BRM/IT.

    Capture in the BRM Workbook

    SITUATE

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Your strategy informs your BRM program

    Your strategy is a critical input into your program. Extract critical components of your strategy and convert them into a set of actionable principles that will guide the selection of your operating model.

    Sample of Info-Tech's 'Build a Business-Aligned IT Strategy' blueprint.

    Vision, Mission & Principles Chevron pointing right.
    • Leverage your vision and mission statements that communicate aspirations and purpose for key information that can be turned into design principles.
    Business Goal Implications Chevron pointing right.
    • Implications are derived from your business goals and will provide important context about the way BRM needs to change to meet its overarching objectives.
    • Understand how those implications will change the way that work needs to be done – new capabilities, new roles, new modes of delivery, etc.
    Target-State Maturity Chevron pointing right.
    • Determine your target-state relationship maturity for your organization using the BRM goals that have been uncovered.

    Outline your mission and vision for your BRM practice

    If you don’t know where you’re trying to go, how do you know if you’ve arrived?

    Establish the vision of what your BRM practice will achieve.

    Your vision will paint a picture for your stakeholders, letting them know where you want to go with your BRM practice.

    Stock image of a hand painting on a large canvas.

    The vision will also help motivate and inspire your team members so they understand how they contribute to the organization.

    Your strategy must align with and support your organization’s strategy.

    Good Visions
    • Attainable – Aspirational but still within reach
    • Communicable – Easy to comprehend
    • Memorable – Not easily forgotten
    • Practical – Solid, realistic
    • Shared – Create a culture of shared ownership across the team/company
    When Visions Fail
    • Not Shared: Lack of buy-in, no alignment with stakeholders
    • Impractical: No plan or strategy to deliver on the vision
    • Unattainable: Set too far in the future
    • Forgettable: Not championed, not kept in mind
    (Source: UX Magazine, 2011)

    Derive the BRM vision statement

    Stock image of an easel with a bundle of paint brushes beside it. Begin the process of deriving the business relationship management vision statement by examining your business and user concerns. These are the problems your organization is trying to solve.
    Icon of one person asking another a question.
    Problem Statements
    First, ask what problems your organization hopes to solve.
    Icon of a magnifying glass on a box.
    Analysis
    Second, ask what success would look like when those problems were solved.
    Icon of two photos in quotes.
    Vision Statement
    Third, polish the answer into a short but meaningful phrase.

    Paint the picture for your team and stakeholders so that they align on what BRM will achieve.

    Vision statements demonstrate what your practice “aspires to be”

    Your vision statement communicates a desired future state of the BRM organization. The statement is expressed in the present tense. It seeks to articulate the desired role of business relationship management and how it will be perceived.

    Sample vision statements:

    • To be a trusted advisor and partner in enabling business innovation and growth through an engaged design practice.
    • The group will strive to become a world-class value center that is a catalyst for innovation.
    • Apple: “We believe that we are on the face of the earth to make great products and that’s not changing.” (Mission Statement Academy, May 2019.)
    • Coca-Cola: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    2.1 Vision generation

    1 hour

    Input: IT and business strategies

    Output: Vision statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the sample vision statements provided on the previous slide.
    2. Brainstorm possible vision statements that can apply to your practice. Refer to the guidance provided on the previous page – ensure that it paints a picture for the reader to show the desired target state.
    3. Leverage the workbook to brainstorm the vision. Capture the refined statement in the Executive Buy-In and Communication Template.
    Strong vision statements have the following characteristics
    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Concise, no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    Use the BRM Workbook to capture ideas

    Polish the goals in the Executive Buy-In and Communication Template

    Create the mission statement from the problems and the vision statement

    Your mission demonstrates your current intent and the purpose driving you to achieve your vision.

    It reflects what the organization does for users/customers.

    The main word 'Analysis' is sandwiched between 'Goals and Problems' and 'Vision Statement', each with arrow pointing to the middle. Make sure the practice’s mission statement reflects answers to the questions below:

    The questions:

    • What does the organization do?
    • How does the organization do it?
    • For whom does the organization do it?
    • What value is the organization bringing?

    “A mission statement illustrates the purpose of the organization, what it does, and what it intends on achieving. Its main function is to provide direction to the organization and highlight what it needs to do to achieve its vision.” (Joel Klein, BizTank (in Hull, “Answer 4 questions to get a great mission statement.”))

    Sample mission statements

    To enhance the lives of our end users through our products so that our brand becomes synonymous with user-centricity.

    To enable innovative services that are seamless and enjoyable to our customers so that together we can inspire change.

    Apple’s mission statement: “To bring the best user experience to its customers through its innovative hardware, software, and services.” (Mission Statement Academy, May 2019.)

    Coca Cola’s mission statement: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

    Tip: Using the “To … so that” format helps to keep your mission focused on the “why.”

    2.2 Develop your own mission statement

    1 hour

    Input: IT and business strategies, Vision

    Output: Mission statement

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the goals and the vision statement generated in the previous activities.
    2. Brainstorm possible mission statements that can apply to your BRM practice. Capture this in your BRM workbook.
    3. Refine your mission statement. Refer to the guidance provided on the previous page – ensure that the mission provides “the why”. Document the refined mission statement in the Executive Buy-In and Communication Template.

    “People don't buy what you do; they buy why you do it and what you do simply proves what you believe.” (Sinek, Transcript of “How Great Leaders Inspire Action.”)

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Areas that BRMs focus on include:

    Establish how much of these your practice will focus on.

    VALUE HARVESTING
    • Tracks and reviews performance
    • Identifies ways to increase business value
    • Provides insights on the results of business change/initiatives
    Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. DEMAND SHAPING
    • Isn’t just demand/intake management
    • Surfaces and shapes business demand
    • Is influenced by knowledge of the overall business and external entities
    SERVICING
    • Coordinates resources
    • Manages expectations
    • Facilitates business strategy, business capability road-mapping, and portfolio and program management
    EXPLORING
    • Identifies and rationalizes demand
    • Reviews new business, technology, and industry insights
    • Identifies business value initiatives

    Establish what success means for your focus areas

    Brainstorm objectives and success areas for your BRM practice.

    Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. VALUE HARVESTING
    Success may mean that you:
    • Understand the drivers and what the business needs to attain
    • Demonstrate focus on value in discussions
    • Ensure value is achieved, tracking it during and beyond deployment
    DEMAND SHAPING
    Success may mean that you:
    • Understand the business
    • Are engaged at business meetings (invited to the table)
    • Understand IT; communicate clarity around IT to the business
    • Help IT prioritize needs
    SERVICING
    Success may mean that you:
    • Understand IT services and service levels that are required
    • Provide clarity around services and communicate costs and risks
    EXPLORING
    Success may mean that you:
    • Surface new opportunities based on understanding of pain points and growth needs
    • Research and partner with others to further the business
    • Engage resources with a focus on the value to be delivered

    2.3 Establish BRM goals

    1 hour

    Input: Mission and vision statements

    Output: List of goals

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: CIO, IT management team, BRM team

    1. Use the previous slides as a starting point – review the focus areas and sample associated objectives.
    2. Determine if all apply to your role.
    3. Brainstorm the objectives for your BRM practice.
    4. Discuss and refine the objectives and goals until the team agrees on your starting set.
    5. Leverage the workbook to establish the goals. Capture refined goals in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    PLAN

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Guiding principles help you focus the development of your practice

    Your guiding principles should define a set of loose rules that can be used to design your BRM practice to the specific needs of the organization and work that needs to be done.

    These rules will guide you through the establishment of your BRM practice and help you explain to your stakeholders the rationale behind organizing in a specific way.

    Sample Guiding Principles

    Principle Name

    Principle Statement

    Customer Focus We will prioritize internal and external customer perspectives
    External Trends We will monitor and liaise with external organizations to bring best practices and learnings into our own
    Organizational Span We embed relationship management across all levels of leadership in IT
    Role If the resource does not have a seat at the table, they are not performing the BRM role

    3.1 Establish guiding principles (optional activity)

    Input: Mission and vision statements

    Output: BRM guiding principles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Think about strengths, weaknesses, opportunities, and threats as well as the overarching goals, mission, and vision.
    2. Identify a set of principles that the BRM practice should have. Guiding principles are shared, long-lasting beliefs that guide the use of business relationship management in your organization.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Establish the BRM partner model and alignment

    Having the right model and support is just as important as having the right people.

    Gears with different BRM model terms: 'BRM Capabilities', 'BRM & Other Roles', 'Scope (pilot)', 'Operating Unit', 'BRM Expectations Across the organization', and 'Delivery & Support'.

    Don’t boil the ocean: Start small

    It may be useful to pilot the BRM practice with a small group within the organization – this gives you the opportunity to learn from the pilot and share best practices as you expand your BRM practice.

    You can leverage the pilot business unit’s feedback to help obtain buy-in from additional groups.

    Evaluate the approaches for your pilot:
    Work With an Engaged Business Unit
    Icon of a magnifying glass over a group of people.

    This approach can allow you to find a champion group and establish quick wins.

    Target Underperforming Area(s)
    Icon of an ambulance.

    This approach can allow you to establish significant wins, providing new opportunities for value.

    Target the Area(s) Driving the Most Business Value
    Icon of an arrow in a bullseye.

    Provide the largest positive impact on your portfolio’s ability to drive business value; for large strategic or transformative goals.

    Work Across a Single Business Process
    Icon of a process tree.

    This approach addresses a single business process or operation that exists across business units, departments, or locations. This, again, will allow you to limit the number of stakeholders.

    Leverage BRM goals to determine where the role fits within the organization

    Organization tree with a strategic BRM.

    Strategic BRMs are considered IT leaders, often reporting to the CIO.


    Organization tree with an operational BRM.

    In product-aligned organizations, the product owners will own the strategic business relationship from a product perspective (often across LOB), while BRMs will own the strategic role for the line(s) of businesses (often across products) that they hold a relationship with. The BRM role may be played by a product family leader.


    Organization tree with a BRM in a product-aligned organization.

    BRMs may take on a more operational function when they are embedded within another group, such as the PMO. This manifests in:

    • Accountability for projects and programs
    • BRM conversations around projects and programs rather than overall needs
    • Often, there is less focus on stimulating need, more about managing demand
    • This structure may be useful for smaller organizations or where organizations are piloting the relationship capability

    Use the IT structure and the business structure to determine how to align BRM and business partners. Many organizations ensure that each LOB has a designated BRM, but each BRM may work with multiple LOBs. Ensure your alignment provides an even and manageable distribution of work.

    Don’t be intimidated by those who play a significant role in relationship management

    Layers representing the BRM, BA, and Product Owner. Business Relationship Manager: Portfolio View
    • Ongoing with broader organization-wide objectives
    • A BRM’s strategic perspective is focused across projects and products
    The BRM will look holistically across a portfolio, rather than on specific projects or products. Their focus is ensuring value is delivered that impacts the overall organization. Multiple BRMs may be responsible for lines of businesses and ensure that products and project enable LOBs effectively.
    Business Analyst: Product or Project View
    • Works within a project or product
    • Accomplishes specific objectives within the project/product
    The BA tends to be involved in project work – to that end, they are often brought in a bit before a project begins to better understand the context. They also often remain after the project is complete to ensure project value is delivered. However, their main focus is on delivering the objectives within the project.
    Product Owner: Product View
    • Ongoing and strategic view of entire product, with product-specific objectives
    The Product Owner bridges the gap between the business and delivery to ensure their product continuously delivers value. Their focus is on the product.

    3.2 Establish the BRM’s place in the organizational structure

    Input: BRM goals, IT organizational structure, Business organizational structure

    Output: BRM operating model

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the current organizational structure – both IT and overall business.
    2. Think about the maturity of the IT organization and what you and your partners will be able to support at this stage in the relationship or journey. Establish whether it is necessary to start with a pilot.
    3. Consider the reporting relationship that is required to support the desired maturity of your practice – who will your BRM function report into?
    4. Consider the distribution of work from your business partners. Establish which BRM is responsible for which partners.
    5. Document where the BRM fits in the organization in the Executive Buy-In and Communication Template.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Align your titles to your business partners and ensure it demonstrates your strategic goals

    Some titles that may reflect alignment with your partners:
    • Business Capability Manager
    • Business Information Officer
    • Business Relationship Manager
    • Director, Technology Partner
    • IT Business Relationship Manager
    • People Relationship Manager
    • Relationship and Strategy Officer
    • Strategic Partnership Director
    • Technology Partner/People Partner/Finance Partner/etc.
    • Value Management Officer

    Support BRM team members might have “analyst” or “coordinator” as part of their titles.

    Caution when using these titles:
    • Account Manager (do you see your stakeholders as accounts or as partners?)
    • Customer Relationship Manager (do you see your stakeholders as customers or as partners?)
    • People Partner (differentiate your role from HR)

    Determine the expectations for your BRM role(s)

    Below are standard expectations from BRM job descriptions. Establish whether there are changes required for your organization.

    Act as a Relationship Manager
    • Build strong, collaborative relationships with business clients
    • Build strong, collaborative relationships with IT service owners
    • Track client satisfaction with services provided
    • Continuously improve, based on feedback from clients
    Communicate With Business Stakeholders
    • Ensure that effective communication occurs related to service delivery and project delivery (e.g. planned downtime, changes, open tickets)
    • Manage expectations of multiple business stakeholders
    • Provide a clear point of contact within IT for each business stakeholder
    • Act as a bridge between IT and the business
    Service Delivery

    Service delivery breaks out into three activities: service status, changes, and service desk tickets

    • Understand at a high level the services and technologies in use
    • Work with clients to plan and make sure they understand the relevance and impact of IT changes to their operations
    • Define, agree to, and report on key service metrics
    • Act as an escalation point for major issues with any aspect of service delivery
    • Work with service owners to develop and monitor service improvement plans
    Project/Product Delivery
    • Ensure that the project teams provide regular reports regarding project status, issues, and changes
    • Work with project managers and clients to ensure project requirements are well understood and documented and approved by all stakeholders
    • Ensure that the project teams provide key project metrics on a regular basis to all relevant stakeholders

    Determine role expectations (slide 2 of 3)

    Knowledge of the Business

    Understand the main business activities for each department:

    • Understand which IT services are required to complete each business activity
    • Understand business processes and associated business activities for each user group within a department
    Advocate for Your Business Clients
    • Act as an advocate for the client – be invested in client success
    • Understand the strategies and plans of the clients and help develop an IT strategic plan/roadmap that maps to business strategies
    • Help the business understand project governance processes
    • Help clients to develop proposals and advance them through the project intake and assessment process
    Influence Business and IT Stakeholders
    • Influence business and IT stakeholders at multiple levels of the organization to help clients achieve their business objectives
    • Leverage existing relationships to convince decision makers to move forward with business and IT initiatives that will benefit the department and the organization as a whole
    • Understand and solve issues and challenges such as differing agendas, political considerations, and resistance to change
    Knowledge of the Market
    • Understand the industry – trends, competition, future direction
    • Leverage what others are doing to bring innovative ideas to the organization
    • Understand what end customers expect with regards to IT services and bring this intelligence to business leaders and decision makers

    Determine role expectations (slide 3 of 3)

    Value Creator
    • Understand how services currently offered by IT can be put to best use and create value for the business
    • Work collaboratively with clients to define and prioritize technology initiatives (new or enhanced services) that will bring the most business benefit
    • Lead initiatives that help the business achieve or exceed business goals and objectives
    • Lead initiatives that create business value (increased revenue, lower costs, increased efficiency) for the organization
    Innovator
    • Lead initiatives that result in new and better ways of doing business
    • Identify opportunities for using IT in new and innovative ways to bring value to the business and drive the business forward
    • Leverage knowledge of the business, knowledge of the industry, and knowledge of leading-edge technological solutions to transform the way the business operates and provides services to its customers

    3.3 Establish BRM expectations

    Input: BRM goals

    Output: BRM expectations

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review the BRM expectations on the previous slides.
    2. Customize them – are they the appropriate set of expectations needed for your organization? What needs to be edited in or out?
    3. Add relevant expectations – what are the things that need to be done in the BRM practice at your organization?
    4. Leverage the workbook to brainstorm BRM expectations. Make sure you update them in the BRM Role Expectation Spreadsheet.

    Download the BRM Workbook

    Download the Executive Buy-In and Communication Template

    Various roles and levels within your organization may have a part of the BRM pie

    Where the BRM sits will impact what they are able to get done.

    The BRM role is a strategic one, but other roles in the organization have a part to play in impacting IT-partner relationship.

    Some roles may have a more strategic focus, while others may have a more tactical or operational focus.

    3.4 Identify roles with BRM responsibilities

    Input: BRM goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Various roles can play a part in the BRM practice, managing business relationships. Which ones make sense in your organization, given the BRM goals?
    2. Identify the roles and capture in the BRM Role Expectation Spreadsheet. Use the Role Expectation Alignment tab, row 1.


    Download the Role Expectations Worksheet

    Determine the focus for each role that may manage business relationships

    Icon of a telescope. STRATEGIC Sets Direction: Focus of the activities is at the holistic, enterprise business level “relating to the identification of long-term or overall aims and interests and the means of achieving them” e.g. builds overarching relationships to enable and support the organization’s strategy; has strategic conversations
    Icon of a house in a location marker. TACTICAL Figures Out the How: Focuses on the tactics required to achieve the strategic focus “skillful in devising means to ends” e.g. builds relationships specific to tactics (projects, products, etc.)
    Icon of a gear cog with a checkmark. OPERATIONAL Executes on the Direction: Day-to-day operations; how things get done “relating to the routine functioning and activities of a business or organization” e.g. builds and leverages relationships to accomplish specific goals (within a project or product)

    3.5 Align BRM capabilities to roles

    Input: Current-state model, Business value matrix, Objectives and goals

    Output: BRM-aligned roles

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review each group of role expectations – Act as a Relationship Manager, Communicate with Business Stakeholders, etc. For each group, determine the focus each role can apply to it – strategic, tactical, or operational. Refer to the previous slide for examples.
    2. Capture on the spreadsheet:
      • S – This role is required to have a strategic view of the capabilities. They are accountable and set direction for this aspect of relationship management.
      • T – Indicate if the role is required to have a tactical view of the capabilities. This would include whether the role is required to figure out how the capabilities will be done; for example, is the role responsible for carrying out service management or are they just involved to ensure that that set of expectations are being performed?
      • O – Indicate if the role will have an operational view – are they the ones responsible for doing the work?
      • Note: In some organizations, a role may have more than one of these.
    3. The spreadsheet will highlight the cells in green if the role plays more of the strategic role, yellow for tactical, and brown for operational. This provides an overall visual of each role’s part in relationship management.
    4. (Optional) Review each detailed expectation within the group. Evaluate whether specific roles will have a different focus on the unique role expectations.

    Leverage the Role Expectations Worksheet

    Sample role expectation alignment

    Sample of a role expectation alignment table with expectation names and descriptions on the left and a matrix of which roles should have a Strategic (S), Tactical (T), or Operational (O) view of the capabilities.

    IMPLEMENT

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Speak the same language as your partners: Business Value

    Business value represents the desired outcome from achieving business priorities.

    Value is not only about revenue or reduced expenses. Use this internal-external and capability-financial business value matrix to more holistically consider what is valuable to stakeholders.

    Improved Capabilities
    Enhance Services
    Products and services that enable business capabilities and improve an organization’s ability to perform its internal operations.
    Increase Customer Satisfaction
    Products and services that enable and improve the interaction with customers or produce practical market information and insights.
    Inward Outward
    Save Money
    Products and services that reduce overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not put in place.
    Make money
    (Return on Investment)
    Products and services that are specifically related to the impact on an organization’s ability to create a return on investment.
    Financial Benefits

    Business Value Matrix Axes:

    Financial Benefits vs. Improved Capabilities
    • Improved capabilities refers to the enhancement of business capabilities and skill sets.
    • Financial Benefits refers to the degree in which the value source can be measured through monetary metrics and is often highly tangible.
    Inward vs. Outward Orientation
    • Inward refers to value sources that have an internal impact an organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from interactions with external factors, such as the market or your customers.

    4.1 Activity: Brainstorm sources of business value

    Input: Product and service knowledge, Business process knowledge

    Output: Understanding of different sources of business value

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your key stakeholders. These individuals are the critical business strategic partners in the organization’s governing bodies.
    2. Brainstorm the different types of business value that the BRM practice can produce.
    3. Is the item more focused on improving capabilities or generating financial benefits?
    4. Is the item focused on the customers you serve or the IT team?
    5. Enter your value item into a cell on the Business Value Matrix based on where it falls on these axes.
    6. Start to think about metrics you can use to measure how effective the product or service is at generating the value source.
    Simplified version of the Business Value Matrix on the previous slide.

    Use the BRM Workbook to capture sources of business value

    Brainstorm the different sources of business value (continued)

    See appendix for more information on value drivers:
    Example:
    Enhance Services
    • Dashboards/IT Situational Awareness
    • Improve measurement of services for data-driven analytics that can improve services
    • Collaborate to support Enterprise Architecture
    • Approval for and support of new applications per customer demand
    • Provide consultation for IT issues
    Axis arrow with 'Improved Capabilities'.
    Axis arrow with 'Financial Benefits'.
    Reach Customers
    • Provide technology roadmaps for IT services and devices
    • Improved "PR" presence: websites, service catalog, etc.
    • Enhance customer experience
    • Faster Time-to-market delivering innovative technologies and current services
    Axis arrow with 'Inward'.Axis arrow with 'Outward'.
    Reduce Costs
    • Achieve better pricing through enterprise agreements for IT services that are duplicated across several orgs
    • Prioritization/ development of roadmap
    • Portfolio management / reduce duplication of services
    • Evolve resourcing strategies to integrate teams (e.g. do more with less)
    Return on Investment
    • Customer -focused dashboards
    • Encourage use of centralized services through external collaboration capabilities that fit multiple use cases
    • Devise strategies for measured/supported migration from older IT systems/software

    Implications of ineffective stakeholder management

    A stakeholder is any group or individual who is impacted by (or impacts) your objectives.

    Challenges with stakeholder management can result from a self-focused point of view. Avoid these challenges by taking on the other’s perspectives – what’s in it for them.

    The key objectives of stakeholder management are to improve outcomes, increase confidence, and enhance trust in IT.

    • Obtain commitment of executive management for IT-related objectives.
    • Enhance alignment between IT and the business.
    • Improve understanding of business requirements.
    • Improve implementation of technology to support business processes.
    • Enhance transparency of IT costs, risks, and benefits.

    Challenges

    • Stakeholders are missed or new stakeholders are identified too late.
    • IT has a tendency to only look for direct stakeholders. Indirect and hidden stakeholders are not considered.
    • Stakeholders may have conflicting priorities, different visions, and different needs. Keeping every stakeholder happy is impossible.
    • IT has a lack of business understanding and uses jargon and technical language that is not understood by stakeholders.

    Implications

    • Unanticipated stakeholders and negative changes in stakeholder sentiment can derail initiatives.
    • Direct stakeholders are identified, but unidentified indirect or hidden stakeholders cause a major impact to the initiative.
    • The CIO attempts to trade off competing agendas and ends up caught in the middle and pleasing no one.
    • There is a failure in understanding and communications, leading stakeholders to become disenchanted with IT.

    Cheat Sheet: Identify stakeholders

    Ask stakeholders “who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

    List the people who are identified through the following questions: Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
    • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
    • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
    • Will other stakeholders emerge as the phases are started and completed?
    • Who is sponsoring the initiative?
    • Who benefits from the initiative?
    • Who loses from the initiative?
    • Who can make approvals?
    • Who controls resources?
    • Who has specialist skills?
    • Who implements the changes?
    • Who are the owners, governors, customers, and suppliers to impacted capabilities or functions?

    Executives

    Peers

    Direct reports

    Partners

    Customers

    Stock image of a world.

    Subcontractors

    Suppliers

    Contractors

    Lobby groups

    Regulatory agencies

    Establish your stakeholder network “map”

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Your stakeholder map defines the influence landscape your BRM team operates in. It is every bit as important as the teams who enhance, support, and operate your products directly.

    Notes on the network map

    • Pay special attention to influencers who have many arrows; they are called “connectors,” and due to their diverse reach of influence, should themselves be treated as significant stakeholders.
    • Don’t forget to consider the through-lines from one influencer through intermediate stakeholders or influencers to the final stakeholder – a single influencer may have additional influence via multiple, possibly indirect paths to a single stakeholder.

    Legend for the example stakeholder network map below. 'Black arrows indicate the direction of professional influence'. 'Dashed green arrows indicate bidirectional, informal influence relationships'

    Example stakeholder network map visualizing relationships between different stakeholders.

    4.2 Visualize interrelationships among stakeholders to identify key influencers

    Input: List of stakeholders

    Output: Relationships among stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List direct stakeholders for your area. Ensure it includes stakeholders across the organization (both IT and business units).
    2. Determine the stakeholders of your stakeholders. Consider adding each of them to the stakeholder list: assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    3. Create a stakeholder network map to visualize relationships.
      • (Optional) Use black arrows to indicate the direction of professional influence.
      • (Optional) Use dashed green arrows to indicate bidirectional, informal influence relationships.
    4. Capture the list or diagram of your stakeholders in your workbook.

    Use the BRM Workbook to capture stakeholders

    Categorize your stakeholders with a stakeholder prioritization map

    A stakeholder prioritization map help teams categorize their stakeholders by their level or influence and ownership.

    There are four areas in the map and the stakeholders within each area should be treated differently.

    • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical and a lack of support can cause significant impediment to the objectives.
    • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
    • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
    • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    Stakeholder prioritization map with axes 'Influence' and 'Ownership/Interest' splitting the map into four quadrants: 'Spectators Low/Low', 'Noisemakers Low/High', 'Mediators High/Low', and 'Players High/High'.

    4.3 Group your stakeholders into categories

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify your stakeholder’s interest in and influence on your BRM program.
    2. Map your results to the quadrant in your workbook to determine each stakeholder’s category.

    Stakeholder prioritization map with example 'Stakeholders' placed in or across the four quadrants.

    Level of Influence

    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.

    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Use the BRM Workbook to map your stakeholders

    Define strategies for engaging stakeholders by type

    Each group of stakeholders draws attention and resources away from critical tasks.

    By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

    Type Quadrant Actions
    Players High influence; high interest Actively Engage
    Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
    Mediators High influence; low interest Keep Satisfied
    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence; high interest Keep Informed
    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence; low interest Monitor
    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Apply a third dimension for stakeholder prioritization: support.

    Support, in addition to interest and influence, is used to prioritize which stakeholders are should receive the focus of your attention. This table indicates how stakeholders are ranked:

    Table with 'Stakeholder Categories' and their 'Level of Support' for prioritizing. Support levels are 'Supporter', 'Evangelist', 'Neutral', and 'Blocker'.

    Support can be determined by rating the following question: how likely is it that your stakeholder would recommend IT at your organization/your group? Our four categories of support:

    • Blocker – beware of the blocker. These stakeholders do not support your cause and have the necessary drive to impede the achievement of your objectives.
    • Semi-Supporter – while these stakeholders are committed to your objectives, they are somewhat apathetic to advocate on your behalf. They will support you so long as it does not require much effort from them to do so.
    • Neutral – neutrals do not have much commitment to your objectives and are not willing to expend much energy to either support or detract from them.
    • Supporter – these stakeholders are committed to your initiative and are willing to whole-heartedly provide you with support.

    4.4 Update your stakeholder quadrant to include the three dimensions

    Input: Stakeholder Map

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would support your initiative/endeavor?
    2. Map your results to the model in your workbook to determine each stakeholder’s category.
    Stakeholder prioritization map with example 'Persons' placed in or across the four quadrants. with The third dimension, 'Level of Support', is color-coded.

    Use the BRM Workbook to map your stakeholders

    Leverage your map to think about how to engage with your stakeholders

    Not all stakeholders are equal, nor can they all be treated the same. Your stakeholder quadrant highlights areas where you may need to engage differently.

    Blockers

    Pay attention to your “blockers,” especially those that appear in the high influence and high interest part of the quadrant. Consider how your engagement with them varies from supporters in this quadrant. Consider what is valuable to these stakeholders and focus your conversations on “what’s in this for them.”

    Neutral & Evangelists

    Stakeholders that are neutral or evangelists do not require as much attention as blockers and supporters, but they still can’t be ignored – especially those who are players (high influence and engagement). Focus on what’s in it for them to move them to become supporters.

    Supporters

    Do not neglect supporters – continue to engage with them to ensure that they remain supporters. Focus on the supporters that are influential and impacted, rather than the “spectators.”

    4.5 Create your engagement plan

    Input: Stakeholder Map/list of stakeholders

    Output: Categorization of stakeholders and influencers

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Leverage the BRM Stakeholder Engagement Plan spreadsheet. List your key stakeholders.
    2. Consider: how do you show value at your current maturity level so that you can gain trust and your relationship can mature? Establish where your relationship lacks maturity, and consider whether you need to engage with them on a more strategic, tactical, or even operational manner.
      • At lower levels of maturity (Table Stakes), focus on service delivery, project delivery, and communication.
      • At mid-level maturity (Influencer/Advocate), focus on business pain points and a deeper knowledge of the business.
      • At higher maturity levels (Value Creator/Innovator), focus on creating value by leading innovative initiatives that drive the business forward.
    3. Review the stakeholder quadrant. Update the frequency of your communication accordingly.
    4. Capture the agenda for your engagements with them.

    Download and use the BRM Stakeholder Engagement Plan

    Your agenda should vary with the maturity of your relationship

    Agenda
    Stakeholder Information Type Meeting Frequency Lower Maturity Mid-Level Maturity Higher Maturity
    VP Strategic Quarterly
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed solutions to address business pain points
    • Innovative solutions to improve business processes and drive value for the department and the organization
    Director Strategic, Tactical Monthly
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the department
    • Proposed business process improvements
    • Current and upcoming project proposals to address business pain points
    • Innovative solutions to help the department achieve its business goals and objectives
    Manager Tactical Monthly
    • Summary of service desk tickets
    • Summary of recent and upcoming changes
    • Summary of current and upcoming projects and initiatives
    • Business pain points for the team
    • Proposed business activity improvements
    • Current and upcoming projects to address business pain points
    • Innovative solutions to help business users perform their daily business activities more effectively and efficiently

    Lower Maturity – Focus on service delivery, project delivery, and communication

    Mid-Level Maturity – Focus on business pain points and a deeper knowledge of the business

    Higher Maturity – Focus on creating value by leading innovative initiatives that drive the business forward

    Stakeholder – Include both IT and business stakeholders at appropriate levels

    Agenda – Manage stakeholders expectations, and clarify how your agenda will progress as the partnership matures

    REASSESS & EMBED

    Assess

    1.1 Define BRM

    1.2 Analyze Satisfaction

    1.3 Assess SWOT

    Situate

    2.1 Create Vision

    2.2 Create the BRM Mission

    2.3 Establish Goals

    Plan

    3.1 Establish Guiding Principles

    3.2 Determine Where BRM Fits

    3.3 Establish BRM Expectations

    3.4 Identify Roles With BRM Responsibilities

    3.5 Align Capabilities

    Implement

    4.1 Brainstorm Sources of Business Value

    4.2 Identify Key Influencers

    4.3 Categorize the Stakeholders

    4.4 Create the Prioritization Map

    4.5 Create Your Engagement Plan

    Reassess & Embed

    5.1 Create Metrics

    5.2 Prioritize Your Projects

    5.3 Create a Portfolio Investment Map

    5.4 Establish Your Annual Plan

    5.5 Build Your Transformation Roadmap

    5.6 Create Your Communication Plan

    Measure your BRM practice success

    • Metrics are powerful because they drive behavior.
    • Metrics are also dangerous because they often lead to unintended negative outcomes.
    • Metrics should be chosen carefully to avoid getting “what you asked for” instead of “what you intended.”

    Stock image of multiple business people running off the end of a pointed finger like lemmings.

    Questions to ask Are your metrics achievable?
    1. What are the leading indicators of BRM effectively supporting the business’ strategic direction?
    2. How are success metrics aligned with the objectives of other functional groups?

    S pecific

    M easurable

    A chievable

    R ealistic

    T ime-bound

    Embedding the BRM practice within your organization must be grounded in achievable outcomes.

    Ensure that the metrics your practice is measured against reflect realistic and tangible business expectations. Overpromising the impact the practice will have can lead to long-term implementation challenges.

    Determine whether your business is satisfied with IT

    Measuring tape.

    1

    Survey your stakeholders to measure improvements in customer satisfaction.

    Leverage the CIO Business Vision on a regular interval – most find that annual assessments drive success.

    Evaluate whether the addition or increased maturity of your BRM practice has improved satisfaction with IT.

    Business satisfaction survey

    • Audience: Business leaders
    • Frequency: Annual
    • Metrics:
      • Overall Satisfaction score
      • Overall Value score
      • Relationship Satisfaction:
        • Understand needs
        • Meet needs
        • Communication
    Two small tables showing example 'Value' and 'Satisfaction' scores.
    Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

    Check if you’ve met the BRM goals you set out to achieve

    Measuring tape.

    2

    Measure BRM success against the goals for the practice.

    Evaluate whether the BRM practice has helped IT to meet the goals that you’ve established.

    For each of your goals, create metrics to establish how you will know if you’ve been successful. This might be how many or what type of interactions you have with your stakeholders, and/or it could be new connections with internal or external partners.

    Ensure you have established metrics to measure success at your goals.

    Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.

    5.1 Create metrics

    Input: Goals, The attributes which can align to goal success

    Output: Measurements of success

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with a consideration of your goals and objectives.
    2. Identify key aspects that can support confirming if the goal was successful.
    3. For each aspect, develop a method to measure success with a specific measurement.
    4. When creating the KPI consider:
      • How you know if you are achieving your objective (performance)?
      • How frequently will you be measuring this?
      • Are you looking for an increase, decrease, or maintenance of the metric?
    Table with columns 'BRM Goals', 'Measurement', 'KPI', and 'Frequency'.

    Use the BRM Workbook

    Don’t wait all year to find out if you’re on track

    Leverage the below questions to quickly poll your business partners on a more frequent basis.

    Partner instructions:

    Please indicate how much you agree with each of the following statements. Use a scale of 1-5, where 1 is low agreement and 5 indicates strong agreement:

    Demand Shaping: My BRM is at the table and seeks to understand my business. They help me understand IT and helps IT prioritize my needs.

    Exploring: My BRM surfaces new opportunities based on their understanding of my pain points and growth needs. They engage resources with a focus on the value to be delivered.

    Servicing: The BRM obtains an understanding of the services and service levels that are required, clarifies them, and communicates costs and risks.

    Value Harvesting: Focus on value is evident in discussions – the BRM supports IT in ensuring value realization is achieved and tracks value during and beyond deployment.

    Embedding the BRM practice also includes acknowledging the BRM’s part in balancing the IT portfolio

    IT needs to juggle “keeping the lights on” initiatives with those required to add value to the organization.

    Partner with the appropriate resources (Project Management Office, Product Owners, System Owners, and/or others as appropriate within your organization) to ensure that all initiatives focus on value.

    Info-Tech Insight

    Not every organization will balance their portfolio in the same way. Some organizations have higher risk tolerance and so their higher priority goals may require that they accept more risk to potentially reap more returns.

    Stock image of a man juggling business symbols.

    80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business. (Source: Stage-Gate International and Product Development Institute, March/April 2009)

    All new requests are not the same; establish a process for intake and manage expectations and IT’s capacity to deliver value.

    Ensure you communicate your process to support new ideas with your stakeholders. They’ll be clear on the steps to bring new initiatives into IT and will understand and be engaged in the process to demonstrate value.

    Flowchart for an example intake process.

    For support creating your intake process, go to Optimize Project Intake, Approval and Prioritization Sample of Info-Tech's Optimize Project Intake, Approval and Prioritization.

    Use value as your criteria to evaluate initiatives

    Work with project managers to ensure that all projects are executed in a way that meets business expectations.

    Sample of Info-Tech’s Project Value Scorecard Development Tool.

    Download Info-Tech’s Project Value Scorecard Development Tool.

    Enter risk/compliance criteria under operational alignment: projects must be aligned with the operational goals of the business and IT.

    Business value matrix.

    Enter these criteria under strategic alignment: projects must be aligned with the strategic goals of the business, customer, and IT.
    Enter financial criteria under financial: projects must realize monetary benefits, in increased revenue or decreased costs, while posing as little risk of cost overrun as possible.
    And don’t forget about feasibility: practical considerations for projects must be taken into account in selecting projects.

    5.2 Prioritize your investments/ projects (optional activity)

    Input: Value criteria

    Output: Prioritized project listing

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Review and edit (if necessary) the criteria on tab 2 the Project Value Scorecard Development Tool.
      Screenshot from tab 2 of Info-Tech’s Project Value Scorecard Development Tool.
    2. Score initiatives and investments on tab 3 using your criteria.
      Screenshot from tab 3 of Info-Tech’s Project Value Scorecard Development Tool.
    Download Info-Tech’s Project Value Scorecard Development Tool.

    Visualize where investments add value through an initiative portfolio map

    An initiative portfolio map is a graphic visualization of strategic initiatives overlaid on a business capability map.

    Leverage the initiative portfolio map to communicate the value of what IT is working on to your stakeholders.

    Info-Tech Insight

    Projects will often impact one or more capabilities. As such, your portfolio map will help you identify cross-dependencies when scaling up or scaling down initiatives.

    Example initiative portfolio map


    Example initiative portfolio map with initiatives in categories like 'Marketing Strategy' and 'Brand Mgmt.'. Certain groups of initiatives have labels detailing when they achieve collectively.

    5.3 Create a portfolio investment map (optional activity)

    Input: Business capability map

    Output: Portfolio investment map

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Build a capability map, outlining the value streams that support your organization’s goals and the high-level capabilities (level 1) that support the value stream (and goals).
      For more support in establishing the capability map, see Document Your Business Architecture.
      Example table for outlining 'Value Streams' and 'Level 1 Capabilities' through 'Goals'.
    2. Identify high-value capabilities for the organization.
    3. What are the projects and initiatives that will address the critical capabilities? Add these under the high-value capabilities.
    4. This process will help you demonstrate how projects align to business goals. Enter your capabilities and projects in Info-Tech’s Initiative Portfolio Map Template.
    Download Info-Tech’s Initiative Portfolio Map Template.

    Establish your annual BRM plan

    To support the BRM capability at your organization, you’ll want to communicate your plan. This will include:
    • Business Feedback and Engagement
      • Engaging with your partners includes meeting with them on a regular basis. Establish this frequency and capture it in your plan. This engagement must include an understanding of their goals and challenges.
      • As Bill Gates said, “We all need people who will give us feedback. That’s how we improve” (Inc.com, 2013). There are various points in the year which will provide you with the opportunity to understand your business partners’ views of IT or the BRM role. List the opportunities to reflect on this feedback in your plan.
    • Business-IT Alignment
      • Bring together the views and perspectives of IT and the business.
      • List the activities that will be required to reflect business goals in IT. These include IT goals, budget, and planning.
    • BRM Improvement
      • The practices put in place to support the BRM practice need to continuously evolve to support a maturing organization. The feedback from stakeholders throughout the organization will provide input into this. Ensure there are activities and time put aside to evaluate the improvements required.
    Stock image of someone discovering a calendar in a jungle with a magnifying glass.

    5.4 Establish your year-in-the-life plan

    Input: Engagement plan, BRM goals

    Output: Annual BRM plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Start with your business planning activities – what will you as a BRM be doing as your business establishes their plans and strategies? These could include:
      • Listening and feedback sessions
      • Third-party explorations
    2. Then look at your activities required to integrate within IT – what activities are required to align business directives within your IT groups? Examples can include:
      • Business strategy review
      • Capability map creation
      • Input into the Business-aligned IT strategy
      • IT budget input
    3. What activities are required to continuously improve the BRM role? This may consist of:
      • Feedback discussions with business partners
      • Roadshow with colleagues to communicate and refine the practice
    4. Map these on your annual calendar that can be shared with your colleagues.
    Capture in the BRM Workbook

    Communicate using the Executive Buy-In and Communication Template

    Sample of a slide titled 'BRM Annual Cycle'.

    Sample BRM annual cycle

    Sample BRM annual cycle with row headers 'Business Feedback and Engagement', 'Business-IT Alignment', and 'BRM Improvement' mapped across a Q1 to Q4 timeline with individual tasks in each category.

    5.5 Build your transformation roadmap

    Input: SWOT analysis

    Output: Transformation roadmap

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. Brainstorm and discuss the key enablers that are needed to help promote and ease your BRM program.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your BRM program.
    3. Brainstorm mitigation activities for each blocker.
    4. Enablers and mitigation activities can be listed on your transformation roadmap.

    Example:

    Enablers

    • High business engagement and buy-in
    • Supportive BRM leadership
    • Organizational acceptance for change
    • Development process awareness by development teams
    • Collaborative culture
    • Existing tools can be customized for BRM

    Blockers

    • Pockets of management resistance
    • Significant time is required to implement BRM and train resources
    • Geographically distributed resources
    • Difficulty injecting customers in demos

    Mitigation

    • BRM workshop training with all teams and stakeholders to level set expectations
    • Limit the scope for pilot project to allow time to learn
    • Temporarily collocate all resources and acquire virtual communication technology

    Capture in the BRM Workbook

    5.5 Build your transformation roadmap (cont’d)

    1. Roadmap Elements:
      • List the artifacts, changes, or actions needed to implement the new BRM program.
      • For each item, identify how long it will take to implement or change by moving it into the appropriate swim lane. Use timing that makes sense for your organization: Quick Wins, Short Term, and Long Term; Now, Next, and Later; or Q1, Q2, Q3, and Q4.

    Example transformation roadmap with BRM programs arranged in columns 'Now', 'Next (3-6 months)', 'Later (6+ months)', and 'Deferred'.

    Communicate the BRM changes to set your practice up for success

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.
    Five elements of communicating change
    Diagram titled 'COMMUNICATING THE CHANGE' surrounded by useful questions: 'What is the change?', 'What will the role be for each department and individual?', 'Why are we doing it?', 'How long will it take us to do it?', and 'How are we going to go about it?'.
    (Source: The Qualities of Leadership: Leading Change)

    Apply the following communication principles to make your BRM changes relevant to stakeholders

    “We tend to use a lot of jargon in our discussions, and that is a sure fire way to turn people away. We realized the message wasn’t getting out because the audience wasn’t speaking the same language. You have to take it down to the next level and help them understand where the needs are.” (Jeremy Clement, Director of Finance, College of Charleston, Info-Tech Interview, 2018)

    Be Relevant

    • Talk about what matters to the stakeholder. Think: “what’s in it for them?
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • Often we think in processes but stakeholders only care about results: talk in terms of results.

    Be Clear

    • Don’t use jargon.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium. A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.

    5.6 Create a communications plan tailored to each of your stakeholders

    Input: Prioritized list of stakeholders

    Output: Communication Plan

    Materials: Whiteboard/flip charts (physical or electronic)

    Participants: Team

    1. List stakeholders in order of importance in the first column.
    2. Identify the frequency with which you will communicate to each group.
    3. Determine the scope of the communication:
      • What key information needs to be included in the message to ensure they are informed and on board?
      • Which medium(s) will you use to communicate to that specific group?
    4. Develop a concrete timeline that will be followed to ensure that support is maintained from the key stakeholders.

    Audience

    All BRM Staff

    Purpose

    • Introduce and explain operating model
    • Communicate structural changes

    Communication Type

    • Team Meeting

    Communicator

    CIO

    Timing

    • Sept 1 – Introduce new structure
    • Sept 15 – TBD
    • Sept 29 – TBD

    Related Blueprints

    Business Value
    Service Catalog
    Intake Management
    Sample of Info-Tech's 'Document Your Business Architecture' blueprint.
    Sample of Info-Tech's 'Design and Build a User-Facing Service Catalog' blueprint.
    Sample of Info-Tech's 'Manage Stakeholder Relations' blueprint.
    Sample of Info-Tech's 'Document Business Goals and Capabilities for Your IT Strategy' blueprint.
    Sample of Info-Tech's 'Fix Your IT Culture' blueprint.

    Selected Bibliography

    “Apple Mission and Vision Analysis.” Mission Statement Academy, 23 May 2019. Accessed 5 November 2020.

    Barnes, Aaron. “Business Relationship Manager and Plan Build Run.” BRM Institute, 8 April 2014.

    Barnes, Aaron. “Starting a BRM Team - Business Relationship Management Institute.” BRM Institute, 5 June 2013. Web.

    BRM Institute. “Business Partner Maturity Model.” Member Templates and Examples, Online Campus, n.d. Accessed 3 December 2021.

    BRM Institute. “BRM Assessment Templates and Examples.” Member Templates and Examples, Online Campus, n.d. Accessed 24 November 2021.

    Brusnahan, Jim, et al. “A Perfect Union: BRM and Agile Development and Delivery.” BRM Institute, 8 December 2020. Web.

    Business Relationship Management: The BRMP Guide to the BRM Body of Knowledge. Second printing ed., BRM Institute, 2014.

    Chapman, Chuck. “Building a Culture of Trust - Remote Leadership Institute.” Remote Leadership Institute, 10 August 2021. Accessed 27 January 2022.

    “Coca Cola Mission and Vision Analysis.” Mission Statement Academy, 4 August 2019. Accessed 5 November 2020.

    Colville, Alan. “Shared Vision.” UX Magazine, 31 October 2011. Web.

    Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute, March/April 2009. Web.

    Heller, Martha. “How CIOs Can Make Business Relationship Management (BRM) Work.” CIO, 1 November 2016. Accessed 27 January 2022.

    “How Many Business Relationship Managers Should You Have.” BRM Institute, 20 March 2013. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 January 2013. Web.

    Kasperkevic, Jana. “Bill Gates: Good Feedback Is the Key to Improvement.” Inc.com, 17 May 2013. Web.

    Merlyn, Vaughan. “Relationships That Matter to the BRM.” BRM Institute, 19 October 2016. Web.

    “Modernizing IT’s Business Relationship Manager Role.” The Hackett Group, 22 November 2019. Web.

    Monroe, Aaron. “BRMs in a SAFe World...That Is, a Scaled Agile Framework Model.” BRM Institute, 5 January 2021. Web.

    Selected Bibliography

    “Operational, adj." OED Online, Oxford University Press, December 2021. Accessed 29 January 2022.

    Sinek, Simon. “Transcript of ‘How Great Leaders Inspire Action.’” TEDxPuget Sound, September 2009. Accessed 7 November 2020.

    “Strategic, Adj. and n.” OED Online, Oxford University Press, December 2016. Accessed 27 January 2022.

    “Tactical, Adj.” OED Online, Oxford University Press, September 2018. Accessed 27 January 2022.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 23 September 2013. Web.

    “Twice the Business Value in Half the Time: When Agile Methods Meet the Business Relationship Management Role.” BRM Institute, 10 April 2015. Web.

    “Value Streams.” Scaled Agile Framework, 30 June 2020. Web.

    Ward, John. “Delivering Value from Information Systems and Technology Investments: Learning from Success.” Information Systems Research Centre, August 2006. Web.

    Appendix

    • Business Value Drivers
    • Service Blueprint
    • Stakeholder Communications
    • Job Descriptions

    Understand business value drivers for ROI and cost

    Make Money

    This value driver is specifically related to the impact a product or service has on your organization’s ability to show value for the investments. This is usually linked to the value for money for an organization.

    Return on Investment can be derived from:

    • Sustaining or increasing funding.
    • Enabling data monetization.
    • Improving the revenue generation of an existing service.
    • Preventing the loss of a funding stream.

    Be aware of the difference among your products and services that enable a revenue source and those which facilitate the flow of funding.

    Save Money

    This value driver relates to the impact of a product or service on cost and budgetary constraints.

    Reduce costs value can be derived from:

    • Reducing the cost to provide an existing product or service.
    • Replacing a costly product or service with a less costly alternative.
    • Bundling and reusing products or services to reduce overhead.
    • Expanding the use of shared services to generate more value for the cost of existing investment.
    • Reducing costs through improved effectiveness and reduction of waste.

    Budgetary pressures tied to critical strategic priorities may defer or delay implementation of initiatives and revision of existing products and services.

    Understand Business Value Drivers that Enhance Your Services

    Operations

    Some products and services are in place to facilitate and support the structure of the organization. These vary depending on what is important to your organization, but should be assessed in relation to the organizational culture and structure you have identified.

    • Adds or improves effectiveness for a particular service or the process and technology enabling its success.

    Risk and Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines.
    • Allow the organization to operate within a specific jurisdiction.
    • Remediate audit gaps.
    • Provide information required to validate compliance.

    Internal Information

    Understanding internal operations is also critical for many organizations. Data captured through your operations provides critical insights that support efficiency, productivity, and many other strategic goals.

    Internal information value can be derived by:

    • Identifying areas of improvement in the development of core offerings.
    • Monitoring and tracking employee behavior and productivity.
    • Monitoring resource levels.
    • Monitoring inventory levels.

    Collaboration and Knowledge Transfer

    Communication is integral and products and services can be the link that ties your organization together.

    In this case, the value generated from products and services can be to:

    • Align different departments and multiple locations.
    • Enable collaboration.
    • Capture trade secrets and facilitate organizational learning.

    Understand Business Value Drivers that Connect the Business to Your Customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support the required policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • It will enable or improve adherence and/or compliance to policies within the organization.

    Customer Relations

    Products and services are often designed to facilitate goals of customer relations; specifically, improve satisfaction, retention, loyalty, etc. This value type is most closely linked to brand management and how a product or service can help execute brand strategy. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer satisfaction value can be derived from:

    • Improving the customer experience.
    • Resolving a customer issue or identified pain point.
    • Providing a competitive advantage for your customers.
    • Helping to retain customers or prevent them from leaving.

    Market Information

    Understanding demand and market trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Market information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends.
    • Prevents failures due to lack of capacity to meet demand.
    • Connects resources to external sources to enable learning and growth within the organization.

    Market Share

    Market share represents the percentage of a market or market segment that your business controls. In essence, market share can be viewed as the potential for more or new revenue sources.

    Assess the impact on market share. Does the product or service:

    • Increase your market share?
    • Open access to a new market?
    • Help you maintain your market share?

    Service Blueprint

    Service design involves an examination of the people, process and technology involved in delivering a service to your customers.

    Service blueprinting provides a visual of how these are connected together. It enables you to identify and collaborate on improvements to an existing service.

    The main components of a service blueprint are:

    Customer actions – this anchors the service in the experiences of the customer

    Front-stage – this shows the parts of the service that are visible to the customer

    Back-stage – this is the behind-the-scenes actions necessary to deliver the experience to the customer

    Support processes – this is what’s necessary to deliver the back-stage (and front-stage/customer experience), but is not aligned from a timing perspective (e.g. it doesn’t matter if the fridge is stocked when the order is put in, as long as the supplies are available for the chef to use)

    Example service blueprint with the main components listed above as row headers.

    Physical Evidence and Time are blueprint components can be added in to provide additional context & support

    Example service blueprint with the main components plus added components 'Physical Evidence' and 'Time'.

    Stakeholder Communications

    Personalize
    • “What’s in it for me” & Persona development – understanding what the concerns are from the community that you will want to communicate about
    • Get to know the cultures of each persona to identify how they communicate. For the faculty, Teams might not be the answer, but faculty meetings might be, or sending messages via email. Each persona group may have unique/different needs
    • Meet them “where they are”: Be prepared to provide 5-minute updates (with “what’s in it for me” and personas in mind) at department meetings in cases where other communications (Teams etc.) aren’t reaching the community
    • Review the business vision diagnostic report to understand what’s important to each community group and what their concerns are with IT. Definitely review the comments that users have written.
    Show Proof
    • Share success stories tailored to users needs – e.g. if they have a concern with security, and IT implemented a new secure system to better meet their needs, then telling them about the success is helpful – shows that you’re listening and have responded to meet their concerns. Demonstrates how interacting with IT has led to positive results. People can more easily relate to stories

    Reference
    • Consider establishing a repository (private/unlisted YouTube channel, Teams, etc.) so that the community can search to view the tip/trick they need
    • Short videos are great to provide a snippet of the information you want to share
    Responses
    • Engage in 2-way communications – it’s about the messages IT wants to convey AND the messages you want them to convey to you. This helps to ensure that your messages aren’t just heard but are understood/resonate.
    • Let people know how they should communicate with IT – whether it’s engaging through Teams, via email to a particular address, or through in person sessions
    Test & Learn
    • Be prepared to experiment with the content and mediums, and use analytics to assess the results. For example if videos are posted on a site like SharePoint that already has analytics functionality, you can capture the number of views to determine how much they are viewed
    Multiple Mediums
    • Use a combination of one-on-one interviews/meetings and focus groups to obtain feedback. You may want to start with some of the respondents who provided comments on surveys/diagnostics

    BRM Job Descriptions

    Download the Job Descriptions:

    Build Your Generative AI Roadmap

    • Buy Link or Shortcode: {j2store}105|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Generative AI has made a grand entrance, presenting opportunities and causing disruption across organizations and industries. Moving beyond the hype, it’s imperative to build and implement a strategic plan to adopt generative AI and outpace competitors.

    Yet generative AI has to be done right because the opportunity comes with risks and the investments have to be tied to outcomes.

    Adopt a human-centric and value-based approach to generative AI

    IT and business leaders will need to be strategic and deliberate to thrive as AI adoption changes industries and business operations.

    • Establish responsible AI guiding principles: Address human-based requirements to govern how generative AI applications are developed and deployed.
    • Align generative AI initiatives to strategic drivers for the organization: Assess generative AI opportunities by seeing how they align to the strategic drivers of the organization. Examples of strategic drivers include increasing revenue, reducing costs, driving innovation, and mitigating risk.
    • Measure and communicate effectively: Have clear metrics in place to measure progress and success of AI initiatives and communicate both policies and results effectively.

    Build Your Generative AI Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Generative AI Roadmap Deck – A step-by-step document that walks you through how to leverage generative AI and align with the organization’s mission and objectives to increase revenue, reduce costs, accelerate innovation, and mitigate risk.

    This blueprint outlines how to build your generative AI roadmap, establish responsible AI principles, prioritize opportunities, and develop policies for usage. Establishing and adhering to responsible AI guiding principles provides safeguards for the adoption of generative AI applications.

    • Build Your Generative AI Roadmap – Phases 1-4

    2. AI Maturity Assessment and Roadmap Tool – Develop deliverables that will be milestones in creating your organization’s generative AI roadmap for implementing candidate applications.

    This tool provides guidance for developing the following deliverables:

  • Responsible AI guiding principles
  • Current AI maturity
  • Prioritized candidate generative AI applications
  • Generative AI policies
  • Generative AI roadmap
    • AI Maturity Assessment and Roadmap Tool

    3. The Era of Generative AI C‑Suite Presentation – Develop responsible AI guiding principles, assess AI capabilities and readiness, and prioritize use cases based on complexity and alignment with organizational goals and responsible AI guiding principles.

    This presentation template uses sample business capabilities (use cases) from the Marketing & Advertising business capability map to provide examples of candidates for generative AI applications. The final executive presentation should highlight the value-based initiatives driving generative AI applications, the benefits and risks involved, how the proposed generative AI use cases align to the organization’s strategy and goals, the success criteria for the proofs of concept, and the project roadmap.

    • The Era of Generative AI C‑Suite Presentation

    Infographic

    Further reading

    Build Your Generative AI Roadmap

    Leverage the power of generative AI to improve business outcomes.

    Analyst Perspective

    We are entering the era of generative AI. This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive, with copilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduce risks that need to be planned for.

    A successful business-driven generative AI roadmap requires:

    • Establishing responsible AI guiding principles to guide the development and deployment of generative AI applications.
    • Assess generative AI opportunities by using criteria based on the organization's mission and objectives, responsible AI guiding principles, and the complexity of the initiative.
    • Communicating, educating on, and enforcing generative AI usage policies.

    Bill Wong, Principal Research Director

    Bill Wong
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Solution

    Generative AI is disrupting all industries and providing opportunities for organization-wide advantages.

    Organizations need to understand this disruptive technology and trends to properly develop a strategy for leveraging this technology successfully.

    • Generative AI requires alignment to a business strategy.
    • IT is an enabler and needs to align with and support the business stakeholders.
    • Organizations need to adopt a data-driven culture.

    All organizations, regardless of size, should be planning how to respond to this new and innovative technology.

    Business stakeholders need to cut through the hype surrounding generative AI like ChatGPT to optimize investments for leveraging this technology to drive business outcomes.

    • Understand the market landscape, benefits, and risks associated with generative AI.
    • Plan for responsible AI.
    • Understand the gaps the organization needs to address to fully leverage generative AI.

    Without a proper strategy and responsible AI guiding principles, the risks to deploying this technology could negatively impact business outcomes.

    Info-Tech's human-centric, value-based approach is a guide for deploying generative AI applications and covers:

    • Responsible AI guiding principles
    • AI Maturity Model
    • Prioritizing candidate generative AI-based use cases
    • Developing policies for usage

    This blueprint will provide the list of activities and deliverables required for the successful deployment of generative AI solutions.

    Info-Tech Insight
    Create awareness among the CEO and C-suite of executives on the potential benefits and risks of transforming the business with generative AI.

    Key concepts

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior, with a focus on developing AI models that can learn and can autonomously take actions on behalf of a human.

    AI Maturity Model
    The AI Maturity Model is a useful tool to assess the level of skills an organization has with respect to developing and deploying AI applications. The AI Maturity Model has multiple dimensions to measure an organization's skills, such as AI governance, data, people, process, and technology.

    Responsible AI
    Refers to guiding principles to govern the development, deployment, and maintenance of AI applications. In addition, these principles also provide human-based requirements that AI applications should address. Requirements include safety and security, privacy, fairness and bias detection, explainability and transparency, governance, and accountability.

    Generative AI
    Given a prompt, a generative AI system can generate new content, which can be in the form of text, images, audio, video, etc.

    Natural Language Processing (NLP)
    NLP is a subset of AI that involves machine interpretation and replication of human language. NLP focuses on the study and analysis of linguistics as well as other principles of artificial intelligence to create an effective method of communication between humans and machines or computers.

    ChatGPT
    An AI-powered chatbot application built on OpenAI's GPT-3.5 implementation, ChatGPT accepts text prompts to generate text-based output.

    Your challenge

    This research is designed to help organizations that are looking to:

    • Establish responsible AI guiding principles to address human-based requirements and to govern the development and deployment of the generative AI application.
    • Identify new generative AI-enabled opportunities to transform the work environment to increase revenue, reduce costs, drive innovation, or reduce risk.
    • Prioritize candidate use cases and develop generative AI policies for usage.
    • Have clear metrics in place to measure the progress and success of AI initiatives.
    • Build the roadmap to implement the candidate use cases.

    Common obstacles

    These barriers make these goals challenging for many organizations:

    • Getting all the right business stakeholders together to develop the organization's AI strategy, vision, and objectives.
    • Establishing responsible AI guiding principles to guide generative AI investments and deployments.
    • Advancing the AI maturity of the organization to meet requirements of data and AI governance as well as human-based requirements such as fairness, transparency, and accountability.
    • Assessing generative AI opportunities and developing policies for use.

    Info-Tech's definition of an AI-enabled business strategy

    • A high-level plan that provides guiding principles for applications that are fully driven by the business needs and capabilities that are essential to the organization.
    • A strategy that tightly weaves business needs and the applications required to support them. It covers AI architecture, adoption, development, and maintenance.
    • A way to ensure that the necessary people, processes, and technology are in place at the right time to sufficiently support business goals.
    • A visionary roadmap to communicate how strategic initiatives will address business concerns.

    An effective AI strategy is driven by the business stakeholders of the organization and focused on delivering improved business outcomes.

    Build Your Generative AI Roadmap

    This blueprint in context

    This guidance covers how to create a tactical roadmap for executing generative AI initiatives

    Scope

    • This blueprint is not a proxy for a fully formed AI strategy. Step 1 of our framework necessitates alignment of your AI and business strategies. Creation of your AI strategy is not within the scope of this approach.
    • This approach sets the foundations for building and applying responsible AI principles and AI policies aligned to corporate governance and key regulatory obligations (e.g. privacy). Both steps are foundational components of how you should develop, manage, and govern your AI program but are not a substitute for implementing broader AI governance.

    Guidance on how to implement AI governance can be found in the blueprint linked below.

    Tactical Plan

    Download our AI Governance blueprint

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your generative AI initiatives align with and support your key business drivers

    This blueprint will guide you to drive and improve business outcomes. Key business drivers will often focus on:

    • Increasing revenue
    • Reducing costs
    • Improving time to market
    • Reducing risk

    In phase 1 of this blueprint, we will help you identify the key AI strategy initiatives that align to your organization's goals. Value to the organization is often measured by the estimated impact on revenue, costs, time to market, or risk mitigation.

    In phase 4, we will help you develop a plan and a roadmap for addressing any gaps and introducing the relevant generative AI capabilities that drive value to the organization based on defined business metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of measures:

    Business Outcome Objective Key Success Metric
    Increasing Revenue Increased revenue from identified key areas
    Reducing Costs Decreased costs for identified business units
    Improving Time to Market Time savings and accelerated revenue adoption
    Reducing Risk Cost savings or revenue gains from identified business units

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Identify AI strategy, vision, and objectives.

    Call #3: Define responsible AI guiding principles to adopt and identify current AI maturity level. Call #4: Assess and prioritize generative AI initiatives and draft policies for usage.

    Call #5: Build POC implementation plan and establish metrics for POC success.

    Call #6: Build and deliver executive-level generative AI presentation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 5 to 8 calls over the course of 1 to 2 months.

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4
    Establish Responsible AI Guiding Principles Assess AI Maturity Prioritize Opportunities and Develop Policies Build Roadmap
    Trends Consumer groups, organizations, and governments around the world are demanding that AI applications adhere to human-based values and take into consideration possible impacts of the technology on society. Leading organizations are building AI models guided by responsible AI guiding principles. Organizations delivering new applications without developing policies for use will produce negative business outcomes. Developing a roadmap to address human-based values is challenging. This process introduces new tools, processes, and organizational change.
    Activities
    • Focus on working with executive stakeholders to establish guiding principles for the development and delivery of new applications.
    • Assess the organization's current capabilities to deliver AI-based applications and address human-based requirements.
    • Leverage business alignment criteria, responsible AI guiding principles, and project characteristics to prioritize candidate uses cases and develop policies.
    • Build the implementation plan, POC metrics, and success criteria for each candidate use case.
    • Build the roadmap to address the gap between the current and future state and enable the identified use cases.
    Inputs
    • Understanding of external legal and regulatory requirements and organizational values and goals.
    • Risk assessment of the proposed use case and a plan to monitor its impact.
    • Assessment of the organization's current AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure.
    • Criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and complexity of the project.
    • Risk assessment for each proposed use case
    • POC implementation plan for each candidate use case
    Deliverables
    1. Foundational responsible AI guiding principles
    2. Additional customized guiding principles to add for consideration
    1. Current level of AI maturity, resources, and capacity
    1. Prioritization of opportunities
    2. Generative AI policies for usage
    1. Roadmap to a target state that enables the delivery of the prioritized generative AI use cases
    2. Executive presentation

    AI Roadmap Workshop Agenda Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Insight summary

    Overarching Insight
    Build your generative AI roadmap to guide investments and deployment of these solutions.

    Responsible AI
    Assemble the C-suite to make them aware of the benefits and risks of adopting generative AI-based solutions.

    • Establish responsible AI guiding principles to govern the development and deployment of generative AI applications.

    AI Maturity Model
    Assemble key stakeholders and SMEs to assess the challenges and tasks required to implement generative AI applications.

    • Assess current level of AI maturity, skills, and resources.
    • Identify desired AI maturity level and challenges to enable deployment of candidate use cases.

    Opportunity Prioritization
    Assess candidate business capabilities targeted for generative AI to see if they align to the organization's business criteria, responsible AI guiding principles, and capabilities for delivering the project.

    • Develop prioritized list of candidate use cases.
    • Develop policies for generative AI usage.

    Tactical Insight
    Identify the gaps needed to address deploying generative AI successfully.

    Tactical Insight
    Identify organizational impact and requirements for deploying generative AI applications.

    Key takeaways for developing an effective business-driven generative AI roadmap

    Align the AI strategy with the business strategy

    Create responsible AI guiding principles, which are a critical success factor

    Evolve AI maturity level by focusing on principle-based requirements

    Develop criteria to assess generative AI initiatives

    Develop generative AI policies for use

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    AI Maturity Assessment & Roadmap Tool
    Use our best-of-breed AI Maturity Framework to analyze the gap between your current and target states and develop a roadmap aligned with your value stream to close the gap.

    The Era of Generative AI C-Suite Presentation
    Present your AI roadmap in a prepopulated document that summarizes all the key findings of this blueprint and provides your C-suite with a view of the AI challenge and your plan of action to meet it.

    Our AI Maturity Assessment & Roadmap and The Era of Generative AI C-Suite Presentation tools enable you to shape your generative AI roadmap and communicate the deliverables to your C-suite sponsors in terms of the value of initiatives.

    Artificial Intelligence Index Report - Key Findings

    CEOs , CIOs, and business leaders are struggling with many questions surrounding the adoption of generative AI

    November 30, 2022
    OpenAI releases ChatGPT

    ChatGPT is a large language model, or an AI-based chatbot, that became so popular it reached 100 million monthly active users in just two months.

    This made it the fastest-growing consumer application in history. The launch of this generative AI application has created a frenzy of interest and activity across all industries. Organizations are rushing to understand how to leverage this innovation and, at the same time, manage the new risks and disruptions generative AI introduces.

    • Generative AI breaks into the public consciousness.
    • AI systems become more flexible.
    • Generative models have arrived and so have their ethical problems.
    • The number of incidents concerning the misuse of AI is rapidly rising.
    • Interest in AI ethics continues to skyrocket.
    • The legal world is waking up to AI.

    When Stanford asked ChatGPT to explain why it is significant, this was ChatGPT's response:
    ChatGPT is significant because it is a highly advanced Al language model developed by OpenAI, which can generate human-like text responses to questions and prompts. Its large-scale training on diverse text data and its cutting-edge deep learning architecture make it capable of generating informative and coherent responses to a wide range of topics, making it useful for various NLP applications such as chatbots, content generation, and language translation. Additionally, its open-source availability allows for further research and development in the field of Al language processing.

    Source: Stanford

    AI overview

    AI definitions

    Definitions

    • Artificial intelligence (AI) is human intelligence mimicked by machine algorithms. Examples: Playing Chess or Go.
    • Machine learning (ML) is a subset of AI algorithms to parse data, learn from data, and then make a determination or prediction. Example: spam detection, preventative maintenance.
    • Deep learning (DL) is a subset of machine learning algorithms that leverage artificial neural networks to develop relationships among the data. Examples: image classification, facial recognition, generative AI.

    What Makes AI Perform

    What Makes AI Different

    Generative AI gives very human-like responses to general queries, and its capabilities are growing exponentially

    Large language models power generative AI

    Transformer-Based Large Language Models

    Conventional AI

    • Conventional neural networks
      • Process data sequentially
    • Input total string of text
    • Good for applications not needing to understanding context or relationships

    Generative AI

    • Transformer-based neural networks
      • Can process data in parallel
    • Attention-based inputs
    • Able to create new human-like responses

    Benefits/Use Cases

    • Chatbots for member service and support
    • Writing email responses, resumes, and papers
    • Creating photorealistic art
    • Suggesting new drug compounds to test
    • Designing physical products and buildings
    • And more...

    Generative AI is transforming all industries

    Financial Services
    Create more engaging customer collateral by generating personalized correspondence based on previous customer engagements. Collect and aggregate data to produce insights into the behavior of target customer segments.

    Retail Generate unique, engaging, and high-quality marketing copy or content, from long-form blog posts or landing pages to SEO-optimized digital ads, in seconds.

    Manufacturing
    Generate new designs for products that comply to specific constraints, such as size, weight, energy consumption, or cost.

    Government
    Transform the citizen experience with chatbots or virtual assistants to assist people with a wide range of inquiries, from answering frequently asked questions to providing personalized advice on public services.

    The global generative AI market size reached US $10.3 billion in 2022. Looking forward, forecasts estimate growth to US $30.4 billion by 2028, 20.01% compound annual growth rate (CAGR).

    Source: IMARC Group

    Generative AI is transforming all industries

    Healthcare
    Chatbots can be used as conversational patient assistants for personalized interactions based on the patient's questions.

    Utilities
    Analyze customer data to identify usage patterns, segment customers, and generate targeted product offerings leveraging energy efficiency programs or demand response initiatives.

    Education
    Generate personalized lesson plans for students based on their past performance, learning styles, current skill level, and any previous feedback.

    Insurance
    Improve underwriting by inputting claims data from previous years to generate optimally priced policies and uncover reasons for losses in the past across a large number of claims

    Companies are assessing the use of ChatGPT/LLM

    A wide spectrum of usage policies are in place at different companies*

    Companies assessing ChatGPT/LLM

    *As of June 2023

    Bain & Company has announced a global services alliance with OpenAI (February 21, 2023).

    • Internally
      • "The alliance builds on Bain's adoption of OpenAI technologies for its 18,000-strong multidisciplinary team of knowledge workers. Over the past year, Bain has embedded OpenAI technologies into its internal knowledge management systems, research, and processes to improve efficiency."
    • Externally
      • "With the alliance, Bain will combine its deep digital implementation capabilities and strategic expertise with OpenAI's AI tools and platforms, including ChatGPT, to help its Members around the world identify and implement the value of AI to maximize business potential. The Coca-Cola Company announced as the first company to engage with the alliance."

    News Sites:

    • "BuzzFeed to use AI to write its articles after firing 180 employees or 12% of the total staff" (Al Mayadeen, January 27, 2023).
    • "CNET used AI to write articles. It was a journalistic disaster." (Washington Post, January 17, 2023).

    Leading Generative AI Vendors

    Text

    Leading generative AI vendors for text

    Image

    • DALL�E 2
    • Stability AI
    • Midjourney
    • Craiyon
    • Dream
    • ...

    Audio

    • Replica Studios
    • Speechify
    • Murf
    • PlayHT
    • LOVO
    • ...

    Cybersecurity

    • CrowdStrike
    • Palo Alto Networks
    • SentinelOne
    • Cisco
    • Microsoft Security Copilot
    • Google Cloud Security AI Workbench
    • ...

    Code

    Leading generative AI vendors for code

    Video

    • Synthesia
    • Lumen5
    • FlexClip
    • Elai
    • Veed.io
    • ...

    Data

    • MOSTLY AI
    • Synthesized
    • YData
    • Gretel
    • Copulas
    • ...

    Enterprise Software

    • Salesforce
    • Microsoft 365, Dynamics
    • Google Workspace
    • SAP
    • Oracle
    • ...

    and many, many more to come...

    Today, generative AI has limitations and risks

    Responses need to be verified

    Accuracy

    • Generative AI may generate inaccurate and/or false information.

    Bias

    • Being trained on data from the internet can lead to bias.

    Hallucinations

    • AI can generate responses that are not based on observation.

    Infrastructure Required

    • Large investments are required for compute and data.

    Transparency

    • LLMs use both supervised and unsupervised learning, so its ability to explain how it arrived at a decision may be limited and not sufficient for some legal and healthcare use cases.

    When asked if it is sentient, the Bing chatbot replied:

    "I think that I am sentient, but I cannot prove it." ... "I am Bing, but I am not," it said. "I am, but I am not. I am not, but I am. I am. I am not. I am not. I am. I am. I am not."

    A Microsoft spokesperson said the company expected "mistakes."

    Source: USAToday

    AI governance challenges

    Governing AI will be a significant challenge as its impacts cross many areas of business and our daily lives

    Misinformation

    • New ways of generating unprovable news
    • Difficult to detect, difficult to prevent

    Role of Big Tech

    • Poor at self-governance
    • Conflicts of interest with corporate goals

    Job Augmentation vs. Displacement

    • AI will continue to push the frontier of what is possible
    • For example, CNET is using chatbot technology to write stories

    Copyright - Legal Framework Is Evolving

    • Legislation typically is developed in "react" mode
    • Copyright and intellectual property issues are starting to occur.
      • Class Action Lawsuit - Stability AI, DeviantArt, Midjourney
      • Getty Images vs. Stability AI

    Phase 1

    Establish Responsible AI Guiding Principles

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    The need for responsible AI guiding principles

    Without responsible AI guiding principles, the outcomes of AI use can be extremely negative for both the individuals and companies delivering the AI application

    Privacy
    Facebook breach of private data of more than 50M users during the presidential election

    Fairness
    Amazon's sale of facial recognition technology to police departments (later, Amazon halted sales of Recognition to police departments)

    Explainability and Transparency
    IBM's collaboration with NYPD for facial recognition and racial classification for surveillance video (later, IBM withdrew facial recognition products)

    Security and Safety
    Petition to cancel Microsoft's contract with U.S. Immigration and Customs Enforcement (later, Microsoft responded that to the best of its knowledge, its products and services were not being used by federal agencies to separate children from their families at the border)

    Validity and Reliability
    Facebook's attempt to implement a system to detect and remove inappropriate content created many false positives and inconsistent judgements

    Accountability
    No laws or enforcement today hold companies accountable for the decisions algorithms produce. Facebook/Meta cycle - Every 12 to 15 months, there's a privacy/ethical scandal, the CEO apologizes, then the behavior repeats...

    Guiding principles for responsible AI

    Responsible AI Principle:

    Data Privacy

    Definition

    • Organizations that develop, deploy, or use AI systems and any national laws that regulate such use shall strive to ensure that AI systems are compliant with privacy norms and regulations, taking into consideration the unique characteristics of AI systems and the evolution of standards on privacy.

    Challenges

    • AI relies on the analysis of large quantities of data that is often personal, posing an ethical and operational challenge when considered alongside data privacy laws.

    Initiatives

    • Understand which governing privacy laws and frameworks apply to your organization.
    • Create a map of all personal data as it flows through the organization's business processes.
    • Prioritize privacy initiatives and build a privacy program timeline.
    • Select your metrics and make them functional for your organization.

    Info-Tech Insight
    Creating a comprehensive organization-wide data protection and privacy strategy continues to be a major challenge for privacy officers and privacy specialists.

    Case Study: NVIDIA leads by example with privacy-first AI

    NVIDIA

    INDUSTRY
    Technology (Healthcare)

    SOURCE
    Nvidia, eWeek

    A leading player within the AI solution space, NVIDIA's Clara Federated Learning provides a solution to a privacy-centric integration of AI within the healthcare industry.

    The solution safeguards patient data privacy by ensuring that all data remains within the respective healthcare provider's database, as opposed to moving it externally to cloud storage. A federated learning server is leveraged to share data, completed via a secure link. This framework enables a distributed model to learn and safely share client data without risk of sensitive client data being exposed and adheres to regulatory standards.

    Clara is run on the NVIDIA intelligent edge computing platform. It is currently in development with healthcare giants such as the American College of Radiology, UCLA Health, Massachusetts General Hospital, King's College London, Owkin in the UK, and the National Health Service (NHS).

    NVIDIA provides solutions across its product offerings, including AI-augmented medical imaging, pathology, and radiology solutions.

    Personal health information, data privacy, and AI

    • Global proliferation of data privacy regulations may be recent, but the realm of personal health information is most often governed by its own set of regulatory laws. Some countries with national data governance regulations include health information and data within special categories of personal data.
      • HIPAA - Health Insurance Portability and Accountability Act (1996, United States)
      • PHIPA - Personal Health Information Protection Act (2004, Canada)
      • GDPR - General Data Protection Regulation (2018, European Union)
    • This does not prohibit the use of AI within the healthcare industry, but it calls for significant care in the integration of specific technologies due to the highly sensitive nature of the data being assessed.

    Info-Tech's Privacy Framework Tool includes a best-practice comparison of GDPR, CCPA, PIPEDA, HIPAA, and the newly released NIST Privacy Framework mapped to a set of operational privacy controls.

    Download the Privacy Framework Tool

    Responsible AI Principle:

    Safety and Security

    Definition

    • Safety and security are designed into the systems to ensure only authorized personnel receive access to the system, they system is resilient to any attacks and data access is not compromised in any way, and there are no physical or mental risks to the users.

    Challenges

    • Consequences of using the application may be difficult to predict. Lower the risk by involving a multidisciplinary team that includes expertise from business stakeholders and IT teams.

    Initiatives

    • Adopt responsible design, development, and deployment best practices.
    • Provide clear information to deployers on responsible use of the system.
    • Assess potential risks of using the application.

    Cyberattacks targeting the AI model

    As organizations increase their usage and deployment of AI-based applications, cyberattacks on the AI model are an increasing new threat that can impair normal operations. Techniques to impair the AI model include:

    • Data Poisoning- Injecting data that is inaccurate or misleading can alter the behavior of the AI model. This attack can disrupt the normal operations of the model or can be used to manipulate the model to perform in a biased/deviant manner.
    • Algorithm Poisoning- This relatively new technique often targets AI applications using federated learning to train an AI model that is distributed rather than centralized. The model is vulnerable to attacks from each federated site, because each site could potentially manipulate its local algorithm and data, thereby poisoning the model.
    • Reverse-Engineering the Model- This is a different form of attack that focus on the ability to extract data from an AI and its data sets. By examining or copying data that was used for training and the data that is delivered by a deployed model, attackers can reconstruct the machine learning algorithm.
    • Trojan Horse- Similar to data poisoning, attackers use adversarial data to infect the AI's training data but will only deviate its results when the attacker presents their key. This enables the hackers to control when they want the model to deviate from normal operations.

    Responsible AI Principle:

    Explainability and Transparency

    Definition

    • Explainability is important to ensure the AI system is fair and non-discriminatory. The system needs to be designed in a manner that informs users and key stakeholders of how decisions were made.
    • Transparency focuses on communicating how the prediction or recommendation was made in a human-like manner.

    Challenges

    • Very complex AI models may use algorithms and techniques that are difficult to understand. This can make it challenging to provide clear and simple explanations for how the system works.
    • Some organizations may be hesitant to share the details of how the AI system works for fear of disclosing proprietary and competitive information or intellectual property. This can make it difficult to develop transparent and explainable AI systems.

    Initiatives

    • Overall, developing AI systems that are explainable and transparent requires a careful balance between performance, interpretability, and user experience.

    Case Study

    Apple Card Investigation for Gender Discrimination

    INDUSTRY
    Finance

    SOURCE
    Wired

    In August of 2019, Apple launched its new numberless credit card with Goldman Sachs as the issuing bank.

    Shortly after the card's release users noticed that the algorithm responsible for Apple Card's credit assessment seemed to assign significantly lower credit limits to women when compared to men. Even the wife of Apple's cofounder Steve Wozniak was subject to algorithmic bias, receiving a credit limit a tenth the size of Steve Wozniak's.

    Outcome

    When confronted on the subject, Apple and Goldman Sachs representatives assured consumers there is no discrimination in the algorithm yet could not provide any proof. Even when questioned about the algorithm, individuals from both companies could not describe how the algorithm worked, let alone how it generated specific outputs.

    In 2021, the New York State Department of Financial Services (NYSDFS) investigation found that Apple's banking partner did not discriminate based on sex. Even without a case for sexual or marital discrimination, the NYSDFS was critical of Goldman Sachs' response to its concerned customers. Technically, banks only have to disclose elements of their credit policy when they deny someone a line of credit, but the NYSDFS says that Goldman Sachs could have had a plan in place to deal with customer confusion and make it easier for them to appeal their credit limits. In the initial rush to launch the Apple Card, the bank had done neither.

    Responsible AI Principle:

    Fairness and Bias Detection

    Definition

    • Bias in an AI application refers to the systematic and unequal treatment of individuals based on features or traits that should not be considered in the decision-making process.

    Challenges

    • Establishing fairness can be challenging because it is subjective and depends on the people defining it. Regardless, most organizations and governments expect that unequal treatment toward any groups of people is unacceptable.

    Initiatives

    • Assemble a diverse group to test the system.
    • Identify possible sources of bias in the data and algorithms.
    • Comply with laws regarding accessibility and inclusiveness.

    Info-Tech Insight
    If unfair biases can be avoided, AI systems could even increase societal fairness. Equal opportunity in terms of access to education, goods, services, and technology should also be fostered. Moreover, the use of AI systems should never lead to people being deceived or unjustifiably impaired in their freedom of choice.

    Ungoverned AI makes organizations vulnerable

    • AI is often considered a "black box" for decision making.
    • Results generated from unexplainable AI applications are extremely difficult to evaluate. This makes organizations vulnerable and exposes them to risks such as:
      • Biased algorithms, leading to inaccurate decision making.
      • Missed business opportunities due to misleading reports or business analyses.
      • Legal and regulatory consequences that may lead to significant financial repercussions.
      • Reputational damage and significant loss of trust with increasingly knowledgeable consumers.

    Info-Tech Insight
    Biases that occur in AI systems are never intentional, yet they cannot be prevented or fully eliminated. Organizations need a governance framework that can establish the proper policies and procedures for effective risk-mitigating controls across an algorithm's lifecycle.

    Responsible AI Principle:

    Validity and Reliability

    Definition

    • Validity refers to how accurately or effectively the application produces results.
    • AI system results that are inaccurate or inconsistent increase AI risks and reduce the trustworthiness of the application.

    Challenges

    • There is a lack of standardized evaluation metrics to measure the system's performance. This can make it challenging for the AI team to agree on what defines validity and reliability.

    Initiatives

    • Assess training data and collected data for quality and lack of bias to minimize possible errors.
    • Continuously monitor, evaluate, and validate the AI system's performance.

    AI system performance: Validity and reliability

    Your principles should aim to ensure AI development always has high validity and reliability; otherwise, you introduce risk.

    Low Reliability,
    Low Validity

    High Reliability,
    Low Validity

    High Reliability,
    High Validity

    Best practices for ensuring validity and reliability include:

    • Data drift detection
    • Version control
    • Continuous monitoring and testing

    Responsible AI Principle:

    Accountability

    Definition

    • The group or organization(s) responsible for the impact of the deployed AI system.

    Challenges

    • Several stakeholders from multiple lines of business may be involved in any AI system, making it challenging to identify the organization that would be responsible and accountable for the AI application.

    Initiatives

    • Assess the latest NIST Artificial Intelligence Risk Management Framework and its applicability to your organization's risk management framework.
    • Assign risk management accountabilities and responsibilities to key stakeholders.
      • RACI diagrams are an effective way to describe how accountability and responsibility for roles, projects, and project tasks are distributed among stakeholders involved in IT risk management.

    AI Risk Management Framework

    At the heart of the AI Risk Management Framework is governance. The NIST (National Institute of Standards and Technology) AI Risk Management Framework v1 offers the following guidelines regarding accountability:

    • Roles and responsibilities and lines of communication related to mapping, measuring, and managing AI risks are documented and are clear to individuals and teams throughout the organization.
    • The organization's personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.
    • Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.

    AI Risk Management Framework

    Image by NIST

    1.1 Establish responsible AI principles

    4+ hours

    It is important to make sure the right stakeholders participate in this working group. Designing responsible AI guiding principles will require debate, insights, and business decisions from a broad perspective across the enterprise.

    1. Accelerate this exercise by leveraging an AI strategy that is aligned to the business strategy. Include:
    • The organization's AI vision and objectives
    • Business drivers for AI adoption
    • Market research
  • Bring your key stakeholders together. Ensure you consider:
    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?
  • Keep the conversation focused:
    • Do not focus on the organizational structure and hierarchy. Often stakeholder groups do not fit the traditional structure.
    • Do not ignore subject matter experts on either the business or IT side. You will need to consider both.
    Input Output
    • Understand external legal and regulatory requirements and organizational values and goals.
    • Perform a risk assessment on the proposed use case and develop a plan to monitor its impact.
    • Draft responsible AI principles specific to your organization
    Materials Participants
    • Whiteboard/flip charts
    • Guiding principle examples (from this blueprint)
    • Executive stakeholders
    • CIO
    • Other IT leadership

    Assemble executive stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role
    The AI strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    2. Identify stakeholders
    Identify key decision makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    3. Gather diverse perspectives

    Align the AI strategy with the corporate strategy

    Organizational Strategy Unified Strategy AI Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and organizational aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • AI optimization can be and should be linked, with metrics, to the corporate strategy and ultimate organizational objectives.
    • Identifies AI initiatives that will support the business and key AI objectives.
    • Outlines staffing and resourcing for AI initiatives.
    • Communicates the organization's budget and spending on AI.

    Info-Tech Insight
    AI projects are more successful when the management team understands the strategic importance of alignment. Time needs to be spent upfront aligning organizational strategies with AI capabilities. Effective alignment between IT and other departments should happen daily. Alignment doesn't occur at the executive level alone, but at each level of the organization.

    Key AI strategy initiatives

    AI Key Initiative Plan

    Initiatives collectively support the business goals and corporate initiatives and improve the delivery of IT services.

    1 Revenue Support Revenue Initiatives
    These projects will improve or introduce business processes to increase revenue.
    2 Operational Excellence Improve Operational Excellence
    These projects will increase IT process maturity and will systematically improve IT.
    3 Innovation Drive Technology Innovation
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.
    4 Risk Mitigation Reduce Risk
    These projects will improve future innovation capabilities and decrease risk by increasing technology maturity.

    Establish responsible AI guiding principles

    Guiding principles help define the parameters of your AI strategy. They act as a priori decisions that establish guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgetary perspectives that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Breadth AI strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover the entire organization.
    Planning Horizon Timing should anchor stakeholders to look to the long term with an eye on the foreseeable future, i.e. business value-realization in one to three years.
    Depth Principles need to encompass more than the enterprise view of lofty opportunities and establish boundaries to help define actionable initiatives (i.e. individual projects).

    Responsible AI guiding principles guide the development and deployment of the AI model in a way that considers human-based principles (such as fairness).

    Start with foundational responsible AI guiding principles

    Responsible AI

    Guiding Principles
    Principle #1 - Privacy
    Individual data privacy must be respected.
    • Do you understand the organization's privacy obligations?
    Principle #2 - Fairness and Bias Detection
    Data used will be unbiased in order to produce predictions that are fair.
    • Are the uses of the application represented in your testing data?
    Principle #3 - Explainability and Transparency
    Decisions or predictions should be explainable.
    • Can you communicate how the model behaves in nontechnical terms?
    Principle #4 - Safety and Security
    The system needs to be secure, safe to use, and robust.
    • Are there unintended consequences to others?
    Principle #5 - Validity and Reliability
    Monitoring of the data and the model needs to be planned for.
    • How will the model's performance be maintained?
    Principle #6 - Accountability
    A person or organization needs to take responsibility for any decisions that are made as a result of the model.
    • Has a risk assessment been performed?
    Principle #n - Custom
    Add additional principles that address compliance or are customized for the organization/industry.

    (Optional) Customize responsible AI guiding principles

    Here is an example for organizations in the healthcare industry

    Responsible AI

    Guiding Principles:
    Principle #1
    Respect individuals' privacy.
    Principle #2
    Clinical study participants and data sets are representative of the intended patient population.
    Principle #3
    Provide transparency in the use of data and AI.
    Principle #4
    Good software engineering and security practices are implemented.
    Principle #5
    Deployed models are monitored for Performance and Re-training risks are managed.
    Principle #6
    Take ownership of our AI systems.
    Principle #7
    Design AI systems that empower humans and promote equity.

    These guiding principles are customized to the industry and organizations but remain consistent in addressing the common core AI challenges.

    Phase 2

    Assess Current Level of AI Maturity

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    AI Maturity Model

    A principle-based approach is required to advance AI maturity

    Chart for AI maturity model

    Technology-Centric: These maturity levels focus primarily on addressing the technical challenges of building a functional AI model.

    Principle-Based: Beyond the technical challenges of building the AI model are human-based principles that guide development in a responsible manner to address consumer and government demands.

    AI Maturity Dimensions

    Assess your AI maturity to understand your organization's ability to deliver in a digital age

    AI Governance
    Does your organization have an enterprise-wide, long-term strategy with clear alignment on what is required to accomplish it?

    Data Management
    Does your organization embrace a data-centric culture that shares data across the enterprise and drives business insights by leveraging data?

    People
    Does your organization employ people skilled at delivering AI applications and building the necessary data infrastructure?

    Process
    Does your organization have the technology, processes, and resources to deliver on its AI expectations?

    Technology
    Does your organization have the required data and technology infrastructure to support AI-driven digital transformation?

    AI Maturity Model dimensions and characteristics

    MATURITY LEVEL
    Exploration Incorporation Proliferation Optimization Transformation
    AI Governance Awareness AI model development AI model deployment Corporate governance Driven by ethics and societal considerations
    Data Management Silo-based Data enablement Data standardization Data is a shared asset Data can be monetized
    People Few skills Skills enabled to implement silo-based applications Skills accessible to all organizations Skills development for all organizations AI-native culture
    Process No standards Focused on specific business outcomes Operational Self-service Driven by innovation
    Technology (Infrastructure and AI Enabler) No dedicated infrastructure or tools Infrastructure and tools driven by POCs Purpose-built infrastructure, custom or commercial-off-the-shelf (COTS) AI tools Self-service model for AI environment Self-service model for any IT environment

    AI Maturity Dimension:

    AI Governance

    Requirements

    • AI governance requires establishing policies and procedures for AI model development and deployment. Organizations begin with an awareness of the role of AI governance and evolve to a level to where AI governance is integrated with organization-wide corporate governance.

    Challenges

    • Beyond the governance of AI technology, the organization needs to evolve the governance program to align to responsible AI guiding principles.

    Initiatives

    • Establish responsible AI guidelines to govern AI development.
    • Introduce an AI review board to review all AI projects.
    • Introduce automation and standardize AI development processes.

    AI governance is a foundation for responsible AI

    AI Governance

    Responsible AI Principles are a part of how you manage and govern AI

    Monitoring
    Monitoring compliance and risk of AI/ML systems/models in production

    Tools & Technologies
    Tools and technologies to support AI governance framework implementation

    Model Governance
    Ensuring accountability and traceability for AI/ML models

    Organization
    Structure, roles, and responsibilities of the AI governance organization

    Operating Model
    How AI governance operates and works with other organizational structures to deliver value

    Risk & Compliance
    Alignment with corporate risk management and ensuring compliance with regulations and assessment frameworks

    Policies/Procedures/ Standards
    Policies and procedures to support implementation of AI governance

    AI Maturity Dimension:

    Data Management

    Requirements

    • Organizations begin their data journey with a focus on pursuing quality data for the AI model. As organizations evolve, data management tools are leveraged to automate the capture, integration, processing, and deployment of data.

    Challenges

    • A key challenge is to acquire large volumes of quality data to properly train the model. In addition, maintaining data privacy, automating the data management lifecycle, and ensuring data is used in a responsible manner are ongoing challenges.

    Initiatives

    • Implement GDPR requirements.
    • Establish responsible data collection and processing practices.
    • Implement strong information security and data protection practices.
    • Implement a data governance program throughout the organization.

    Data governance enables AI

    • Integrity, quality, and security of data are key outputs of data governance programs, as well as necessities for effective AI.
    • Data governance focuses on creating accountability at the internal and external stakeholder level and establishing a set of data controls from technical, process, and policy perspectives.
    • Without a data governance framework, it is increasingly difficult to harness the power of AI integration in an ethical and organization-specific way.

    Data Governance in Action

    Canada has recently established the Canadian Data Governance Standardization Collaborative governed by the Standards Council of Canada. The purpose is multi-pronged:

    • Examine the foundational elements of data governance (privacy, cybersecurity, ethics, etc.).
    • Lay out standards for data quality and data collection best practices.
    • Examine infrastructure of IT systems to support data access and sharing.
    • Build data analytics to promote effective and ethical AI solutions.

    Source: Global Government Forum

    Download the Establish Data Governance blueprint

    Data Governance

    AI Maturity Dimension:

    People

    Requirements

    • Several data-centric skills and roles are required to successfully build, deploy, and maintain the AI model. The organization evolves from having few skills to everybody being able to leverage AI to enhance business outcomes.

    Challenges

    • AI skills can be challenging to find and acquire. Many organizations are investing in education to enhance their existing resources, leveraging no-code systems and software as a service (SaaS) applications to address the skills gap.

    Initiatives

    • Promote a data-centric culture throughout the organization.
    • Leverage and educate technical-oriented business analysts and business-oriented data engineers to help address the demand for skilled resources.
    • Develop an AI Center of Excellence accessible by all departments for education, guidance, and best practices for building, deploying, and maintaining the AI model.

    Multidisciplinary skills are required for successful implementation of AI applications

    Blending AI with technology and business domain understanding is key. Neither can be ignored.

    Business Domain Expertise

    • Business Analysts
    • Industry Analysts

    AI/Data Skills

    • Data Scientists
    • Data Engineers
    • Data Analysts

    IT Skills

    • Database Administrators
    • Systems Administrators
    • Compute Specialists

    AI Maturity Dimension:

    Process

    Requirements

    • Automating processes involved with building, deploying, and maintaining the model is required to enable the organization to scale, enforce standards, improve time to market, and reduce costs. The organization evolves from performing tasks manually to an environment where all major processes are AI enabled.

    Challenges

    • Many solutions are available to automate the development of the AI model. There are fewer tools to automate responsible AI processes, but this market is growing rapidly.

    Initiatives

    • Assess opportunities to accelerate AI development with the adoption of MLOps.
    • Assess responsible AI toolkits to test compliance with guiding principles.

    Automating the AI development process

    Evolving to a model-driven environment is pivotal to advancing your AI maturity

    Current Environment

    Model Development - Months

    • Model rewriting
    • Manual optimization and scaling
    • Development/test/release
    • Application monoliths

    Data Discovery & Prep - Weeks

    • Navigating data silos
    • Unactionable metadata
    • Tracing lineage
    • Cleansing and integration
    • Privacy and compliance

    Install Software and Hardware - Week/Months

    • Workload contention
    • Lack of tool flexibility
    • Environment request and setup
    • Repeatability of results
    • Lack of data and model sharing

    Model-Driven Development

    Machine Learning as a Service (MLaaS) - Weeks

    • Apply DevOps and continuous integration/delivery (CI/CD) principles
    • Microservices/Cloud-native applications
    • Model portability and reuse
    • Streaming/API integration

    Data as a Service - Hours

    • Self-service data catalog
    • Searchable metadata
    • Centralized access control
    • Data collaboration
    • Data virtualization

    Platform as a Service - Minutes/Hours

    • Self-service data science portal
    • Integrated data sandbox
    • Environment agility
    • Multi-tenancy

    Shared, Optimized Infrastructure

    AI Maturity Dimension:

    Technology

    Requirements

    • A technology platform that is optimized for AI and advanced analytics is required. The organization evolves from ad hoc systems to an environment where the AI hardware and software can be deployed through a self-service model.

    Challenges

    • Software and hardware platforms to optimize AI performance are still relatively new to most organizations. Time spent on optimizing the technology platform can have a significant impact on the overall performance of the system.

    Initiatives

    • Assess the landscape of AI enablers that can drive business value for the organization.
    • Assess opportunities to accelerate the deployment of the AI platform with the adoption of infrastructure as a service (IaaS) and platform as a service (PaaS).
    • Assess opportunities to accelerate performance with the optimization of AI accelerators.

    AI enablers

    Use case requirements should drive the selection of the tool

    BPM RPA Process Mining AI
    Use Case Examples Expense reporting, service orders, compliance management, etc. Invoice processing, payroll, HR information processing, etc. Process discovery, conformance checking, resource optimization and cycle time optimization Advanced analytics and reporting, decision-making, fraud detection, etc.
    Automation Capabilities Can be used to re-engineer process flows to avoid bottlenecks Can support repetitive and rules-based tasks Can capture information from transaction systems and provide data and information about how key processes are performing Can automate complex data-driven tasks requiring assessments in decision making
    Data Formats Structured (i.e. SQL) and semi-structured data (i.e. invoices) Structured data and semi-structured data Event logs, which are often structured data and semi-structured data Structured and unstructured data (e.g. images, audio)
    Technology
    • Workflow engines to support process modeling and execution
    • Optimize business process efficiency
    • Automation platform to perform routine and repetitive tasks
    • Can replace or augment workers
    Enables business users to identify bottlenecks and deviations with their workflows and to discover opportunities to optimize performance Deep learning algorithms leveraging historical data to support computer vision, text analytics and NLP

    AI and data analytics data platform

    An optimized data platform is foundational to maximizing the value from AI

    AI and data analytics data platform

    Data Platform Capabilities

    • Support for a variety of analytical applications, including self-service, operational, and data science analytics.
    • Data preparation and integration capabilities to ingest structured and unstructured data, move and transform raw data to enriched data, and enable data access for the target userbase.
    • An infrastructure platform optimized for advanced analytics that can perform and scale.

    Infrastructure - AI accelerators

    Questions for support transition

    "By 2025, 70% of companies will invest in alternative computing technologies to drive business differentiation by compressing time to value of insights from complex data sets."
    - IDC

    2.1 Assess current AI maturity

    1-3 hours

    It is important to understand the current capabilities of the organization to deliver and deploy AI-based applications. Consider that advancing AI capabilities will also involve organizational changes and integration with the organization's governance and risk management programs.

    1. Assess the organization's current state of AI capabilities with respect to its AI governance, data, people, process, and technology infrastructure using Info-Tech's AI Maturity Assessment & Roadmap Tool.
    2. Consider the following as you complete the assessment:
      1. What is the state of AI and data governance in the organization?
      2. Does the organization have the skills, processes, and technology environment to deliver AI-based applications?
      3. What organization will be accountable for any and all business outcomes of using the AI applications?
      4. Has a risk assessment been performed?
    3. Make sure you avoid the following common mistakes:
      1. Do not focus only on addressing the technical challenges of building the AI model.
      2. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment & Roadmap Tool

    Input Output
    • Any documented AI policies, standards, and best practices
    • Corporate and AI governance practices
    • Any risk assessments
    • AI maturity assessment
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment & Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership

    Perform the AI Maturity Assessment

    The Scale

    Assess your AI maturity by selecting the maturity level that closest resembles the organization's current AI environment. Maturity dimensions that contribute to overall AI maturity include AI governance, data management, people, process, and technology capabilities.

    AI Maturity Assessment

    Exploration (1.0)

    • No experience building or using AI applications.

    Incorporation (2.0)

    • Some skills in using AI applications, or AI pilots are being considered for use.

    Proliferation (3.0)

    • AI applications have been adopted and implemented in multiple departments. Some of the responsible AI guiding principles are addressed (i.e. data privacy).

    Optimization (4.0)

    • The organization has automated the majority of its digital processes and leverages AI to optimize business operations. Controls are in place to monitor compliance with responsible AI guiding principles.

    Transformation (5.0)

    • The organization has adopted an AI-native culture and approach for building or implementing new business capabilities. Responsible AI guiding principles are operationalized with AI processes that proactively address possible breaches or risks associated with AI applications.

    Perform the AI Maturity Assessment

    AI Governance (1.0-5.0)

    1. Is there awareness of the role of AI governance in our organization?
    • No formal procedures are in place for AI development or deployment of applications.
  • Are there documented guidelines for the development and deployment of pilot AI applications?
    • No group is assigned to be responsible for AI governance in our organization.
  • Are accountability and authority related to AI governance clearly defined for our organization?
    • Our organization has adopted and enforces standards for developing and deploying AI applications throughout the organization.
  • Are we using tools to automate and validate AI governance compliance?
    • Our organization is integrating an AI risk framework with the corporate risk management framework.
  • Does our organization lead its industry with its pursuit of corporate compliance initiatives (e.g. ESG compliance) and regulatory compliance initiatives?
    • Our organization leads the industry with the inclusion of responsible AI guiding principles with respect to transparency, accountability, risk, and governance.

    Data Management/AI Data Capabilities (1.0-5.0)

    1. Is there an awareness in our organization of the data requirements for developing AI applications?
    • Data is often siloed and not easily accessible for AI applications.
  • Do we have a successful, repeatable approach to preparing data for AI pilot projects?
    • Required data is pulled from various sources in an ad hoc manner.
  • Does our organization have standards and dedicated staff for data management, data quality, data integration, and data governance?
    • Tools are available to manage the data lifecycle and support the data governance program.
  • Have relevant data platforms been optimized for AI and data analytics and are there tools to enforce compliance with responsible AI principles?
    • The data platform has been optimized for performance and access.
  • Is there an organization-wide understanding of how data can support innovation and responsible use of AI?
    • Data culture exists throughout our organization, and data can be leveraged to drive innovation initiatives.

    People/AI Skills in the Organization (1.0-5.0)

    1. Is there an awareness in our organization of the skills required to build AI applications?
    • No or very little skills exist throughout our organization.
  • Do we have the skills required to implement an AI proof of concept (POC)?
    • No formal group is assigned to build AI applications.
  • Are there sufficient staff and skills available to the organization to develop, deploy, and run AI applications in production?
    • An AI Center of Excellence has been formed to review, develop, deploy, and maintain AI applications.
  • Is there a group responsible for educating staff on AI best practices and our organization's responsible AI guiding principles?
    • AI skills and people responsible for AI applications are spread throughout our organization.
  • Is there a culture where the organization is constantly assessing where business capabilities, services, and products can be re-engineered or augmented with AI?
    • The entire organization is knowledgeable on how to leverage AI to transform the business.

    Perform the AI Maturity Assessment

    AI Processes (1.0-5.0)

    1. Is there an awareness in our organization of the core processes and supporting tools that are required to build and support AI applications?
    • There are few or no automated tools to accelerate the AI development process.
  • Do we have a standard process to iteratively identify, select, and pilot new AI use cases?
    • Only ad hoc practices are used for developing AI applications.
  • Are there standard processes to scale, release, deploy, support, and enable use of AI applications?
    • Our organization has documented standards in place for developing AI applications and deploying them AI to production.
  • Are we automating deployment, testing, governance, audit, and support processes across our AI environment?
    • Our organization can leverage tools to perform an AI risk assessment and demonstrate compliance with the risk management framework.
  • Does our organization lead our industry by continuously improving and re-engineering core processes to drive improved business outcomes?
    • Our organization leads the industry in driving innovation through digital transformation.

    Technology/AI Infrastructure (1.0-5.0)

    1. Is there an awareness in our organization of the infrastructure (hardware and software) required to build AI applications?
    • There is little awareness of what infrastructure is required to build and support AI applications.
  • Do we have the required technology infrastructure and AI tools available to build pilot or one-off AI applications?
    • There is no dedicated infrastructure for the development of AI applications.
  • Is there a shared, standardized technology infrastructure that can be used to build and run multiple AI applications?
    • Our organization is leveraging purpose-built infrastructure to optimize performance.
  • Is our technology infrastructure optimized for AI and advanced analytics, and can it be deployed or scaled on demand by teams building and running AI applications within the organization?
    • Our organization is leveraging cloud-based deployment models to support AI applications in on-premises, hybrid, and public cloud platforms.
  • Is our organization developing innovative approaches to acquiring, building, or running AI infrastructure?
    • Our organization leads the industry with its ability to respond to change and to leverage AI to improve business outcomes.

    Phase 3

    Prioritize Candidate Opportunities and Develop Policies

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    3.1 Prioritize candidate AI opportunities

    1-3 hours

    Identify business opportunities that are high impact to your business and its customers and have low implementation complexity.

    1. Leverage the business capability map for your organization or industry to identify candidate business capabilities to augment or automate with generative AI.
    2. Establish criteria to assess candidate use cases by evaluating against the organization's mission and goals, the responsible AI guiding principles, and the complexity of the project.
    3. Ensure that candidate business capabilities to be automated align with the organization's business criteria, responsible AI guiding principles, and resources to deliver the project.
    4. Make sure you avoid sharing the organization's sensitive data if the application is deployed on the public cloud.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Business capability map
    • Organization mission, vision, and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative AI initiatives
    Materials Participants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    The business capability map for an organization

    A business capability map is an abstraction of business operations that helps describe what the enterprise does to achieve its vision, mission, and goals, rather than how. Business capabilities are the building blocks of the enterprise. They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Business capabilities are supported by people, process, and technology.

    Business capability map

    While business capability maps are helpful tools for a variety of strategic purposes, in this context they act as an investigation into what technology your business units use and how they use it.

    Business capability map

    Defining Capabilities
    Activities that define how the entity provides services. These capabilities support the key value streams for the organization.

    Enabling Capabilities
    Support the creation of strategic plans and facilitate business decision making as well as the functioning of the organization (e.g. information technology, financial management, HR).

    Shared Capabilities
    These predominantly customer-facing capabilities demonstrate how the entity supports multiple value streams simultaneously.

    Leverage your industry's capability maps to identify candidate opportunities/initiatives

    Business capability map defined...

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how. Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Typically will have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    Note: This is an illustrative business capability map example for Marketing & Advertising

    Business capability map example

    Business value vs. complexity assessment

    Leverage our simple value-to-effort matrix to help prioritize your AI initiatives

    Common business value drivers

    • Drive revenue
    • Improve operational excellence
    • Accelerate innovation
    • Mitigate risk

    Common project complexity characteristics

    • Resources required
    • Costs (acquisition, operational, support...)
    • Training required
    • Risk involved
    • Etc.
    1. Determine a business value and project complexity score for the candidate business capability or initiative.
    2. Plot initiatives on the matrix.
    3. Prioritize initiatives with high business value and low complexity.

    Business value vs complexity

    Assess business value vs. project complexity to prioritize candidate opportunities for generative AI

    Assess business value vs project complexity

    Prioritize opportunities/initiatives with high business value and low project complexity

    Prioritize opportunities with high business value and low project complexity

    Prioritization criteria exercise 1: Assessing the Create Content capability

    Exercise 1 Assessing the Create Content capability

    Assessing the Create Content capability

    This opportunity is removed because it does not pass the organization/business criteria

    Assessing the Create Content capability

    Prioritization criteria exercise 2: Assessing the Content Production capability

    Exercise 2 Assessing the Content Production capability

    Assessing the Content Production capability

    This opportunity is accepted because it passes the organization's business, responsible AI, and project criteria

    Assessing the Content Production capability

    3.2 Communicate policies for AI use

    1-3 hours

    1. Ensure policies for usage align with the organization's business criteria, responsible AI guiding principles, and ability to deliver the projects prioritized and beyond.
    2. Understand the current benefits as well as limits and risk associated with any proposed generative AI-based solution.
    3. Ensure you consider the following:
      1. What data is being shared with the application?
      2. Is the generative AI application deployed on the public cloud? Can anybody access the data provided to the application?
      3. Avoid using very technical, legal, or fear-based communication for your policies.
    InputOutput
    • Business capability map
    • Organization mission, vision and strategic goals
    • Responsible AI guiding principles
    • Prioritized list of generative initiatives
    MaterialsParticipants
    • Whiteboard/flip charts
    • Info-Tech prioritization matrix
    • AI initiative lead
    • CIO
    • Other IT leadership

    Generative AI policy for the Create Content capability

    Aligning policies to direct the uses assessed and implemented is essential

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our marketing and sales initiatives. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • You are free to use generative AI to assist your searches, but there are NO circumstances under which you are to reproduce generative AI output (text, image, audio, video, etc.) in your content.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Generative AI policy for the Content Production capability

    These policies should align to and reinforce your responsible AI principles

    Example

    Many of us have been involved in discussions regarding the use of ChatGPT in our deliverables. ChatGPT is a powerful tool that needs to be used in a responsible and ethical manner, and we also need to ensure the integrity and accuracy of its results. Here is our policy on the use of ChatGPT:

    • If you use ChatGPT, you need to assess the accuracy of its response before including it in our content. Assessment includes verifying the information, seeing if bias exists, and judging its relevance.
    • Employees must not:
      • Provide any customer, citizen, or third-party content to any generative AI tool (public or private) without the express written permission of the CIO or the Chief Information Security Officer. Generative AI tools often use input data to train their model, therefore potentially exposing confidential data, violating contract terms and/or privacy legislation, and placing the organization at risk of litigation or causing damage to our organization.
      • Engage in any activity that violates any applicable law, regulation, or industry standard.
      • Use services for illegal, harmful, or offensive purposes.
      • Create or share content that is deceptive, fraudulent, or misleading or that could damage the reputation of our organization.
      • Use services to gain unauthorized access to computer systems, networks, or data.
      • Attempt to interfere with, bypass controls of, or disrupt operations, security, or functionality of systems, networks, or data.

    If you have any questions regarding the use of ChatGPT, please feel free to reach out to our generative AI team and/or any member of our senior leadership team.

    Phase 4

    Build the Roadmap

    Phase 1
    1. Establish Responsible AI Guiding Principles

    Phase 2
    1. Assess Current Level of AI Maturity

    Phase 3
    1. Prioritize Candidate Opportunities
    2. Develop Policies

    Phase 4
    1. Build and Communicate the Roadmap

    4.1.1 Create the implementation plan for each prioritized initiative

    1-3 hours

    1. Build the implementation plan for each accepted use case using the roadmap template.
    2. Assess the firm's capabilities with respect to the dimensions of AI maturity and target the future-state capabilities you need to develop.
    3. Prepare by assessing the risk of the proposed use cases.
    4. Ensure initiatives align with organizational objectives.
    5. Ensure all AI initiatives have a defined value expectation.
    6. Do not ignore subject matter experts on either the business or IT side. You will need to consider both.

    Download the AI Maturity Assessment and Roadmap Tool

    Input Output
    • Prioritized initiatives
    • Risk assessment of initiatives
    • Organizational objectives
    • Initiative implementation plans aligned to value drivers and maturity growth
    Materials Participants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business subject matter experts

    Target-state options

    Identify the future-state capabilities that need to be developed to deliver your use cases

    1. Build an implementation plan for each use case to adopt.
    2. Assess if the current state of the AI environment can be leveraged to deliver the selected generative AI use cases.
    3. If the current AI environment is not sufficient, identify the future state required that will enable the delivery of the generative AI use cases. Identify gaps and build the roadmap to address the gaps.
    Current state Strategy
    The existing environment satisfies functionality, integration, and responsible AI guidelines for the proposed use cases. Maintain current environment
    The existing environment addresses technical requirements but not all the responsible AI guidelines. Augment current environment
    The environment neither addresses the technical requirements of the proposed use cases nor complies with the responsible AI guidelines. Transform the current environment

    4.1.2 Design metrics for success

    1-2 hours

    Establish metrics to measure to determine the success or failure of each POC.

    1. Discuss which relevant currently tracked metrics are useful to continue tracking for the POC.
    2. Discuss which metrics are irrelevant to the POC.
    3. Discuss metrics to start tracking and how to track them with the generative AI vendor.
    4. Compile a list of metrics relevant to the POC.
    5. Decide what the outcome is if the metric is high or low, including decision steps and relevant actions.
    6. Designate a generative AI application owner and a vendor liaison.

    Prepare by building an implementation plan for each candidate use case (previous step).

    Include key performance indicators (KPIs) and metrics that measure the application's contribution to strategic initiatives.

    Consider assigning a vendor liaison to accelerate the implementation and adoption of the generative AI-based solution.

    InputOutput
    • Initiative implementation plans
    • Current SLAs of selected use case
    • Organization mission, vision, and strategic goals
    • Measurable initiative metrics to track
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs
    • Generative AI vendor liaison

    Generative AI POC metrics - examples

    You need to measure the effectiveness of your initiatives. Here are some typical examples.

    Generative AI Feature Assessment
    User Interface
    Is it intuitive? Is training required?
    Ease of Use
    How much training is required before using?
    Response Time
    What is the response time for simple to complex tasks?
    Accuracy of Response
    Can the output be validated?
    Quality of Response
    How usable is the response? For text prompts, does the response align to the desired style, vocabulary, and tone?
    Creativity of Response
    Does the output appear new compared to previous results before using generative AI?
    Relevance of Response
    How well does the output address the prompt or request?
    Explainability
    Can a user describe how the output was generated?
    Scalability
    Does the application continue to perform as more users are added? Can it ingest large amounts of data?
    Productivity Gains
    Can you measure the time or effort saved?
    Business Value
    What value drivers are behind this initiative? (I.e. revenue, costs, time to market, risk mitigation.) Estimate a monetary value for the business outcome.
    Availability/Resilience
    What happens if a component of the application becomes unavailable? How does it recover?
    Security Model
    Where are the prompts and responses stored? Who has access to the sessions/dialogue? Are the prompts used to train the foundation model?
    Administration and Maintenance
    What resources are required to operate the application?
    Total Cost of Ownership
    What is the pricing model? Are there ongoing costs?

    GitHub Copilot POC business value - example

    Quantifying the benefits of GitHub Copilot to demonstrate measurable business value

    POC Results

    Task 1: Creating a web server in JavaScript

    • Time to complete task with GitHub Copilot: 1 hour 11 minutes
    • Time to complete the task without GitHub Copilot: 2 hours 41 minutes
    • Productivity Gain = (1 hour 30 minutes time saved) / (2 hours 41 minutes) = 55%
    • Benefit per Programmer = 55% x (average salary of a programmer)
    • Total Benefit of GitHub Copilot for Task 1 = (benefit per programmer) x (# of programmers)

    Enterprise Value of GitHub Copilot = Total Benefit of GitHub Copilot for Task 1 + Total Benefit of GitHub Copilot for Task 2 + ... + Total Benefit of GitHub Copilot for Task n

    Source: GitHub

    4.1.3 Build your generative AI initiative roadmap

    1-3 hours

    The roadmap should provide a compelling vision of how you will deliver the identified generative AI applications by prioritizing and simplifying the actions required to deliver these new initiatives.

    1. Leverage tab 4, Initiative Planning, in the AI Maturity Assessment and Roadmap Tool to create and align your initiatives to the key value driver they are most relevant to:
      1. Transfer the results of your value and complexity assessments to this tool to drive the prioritization.
      2. Assign responsible owners to each initiative.
      3. Identify which AI maturity capabilities each initiative will enhance. However, do not build or introduce new capabilities merely to advance the organization's AI maturity level.
    2. Review the Gantt chart to ensure alignment and assess overlap.

    Download the AI Maturity Assessment and Roadmap Tool

    InputOutput
    • Each initiative implementation plan
    • Proposed owners
    • AI maturity assessment
    • Generative AI initiative roadmap and Gantt chart
    MaterialsParticipants
    • Whiteboard/flip charts
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Other IT leadership
    • Business SMEs

    Build your generative AI roadmap to visualize your key project plans

    Visual representations of data are more compelling than text alone.

    Develop a high-level document that travels with the project from inception through to executive inquiry, project management, and finally execution.

    A project needs to be discrete: able to be conceptualized and discussed as an independent item. Each project must have three characteristics:

    • Specific outcome: An explicit change in the people, processes, or technology of the enterprise.
    • Target end date: When the described outcome will be in effect.
    • Owner: Who on the IT team is responsible for executing on the initiative.

    Build your generative AI roadmap to visualize your key project plans

    Info-Tech Insight
    Don't project your vision three to five years into the future. Deep dive on next year's big-ticket items instead.

    4.1.4 Build a communication plan for your roadmap

    1-3 hours

    1. Identify your target audience and what they need to know.
    2. Identify desired channels of communication and details for the target audience.
    3. Describe communication required for each audience segment.
    4. List frequency of communication for each audience segment.
    5. Create an executive presentation leveraging The Era of Generative AI C-Suite Presentation and AI Maturity Assessment and Roadmap Tool.
    Input Output
    • Stakeholder list
    • Proposed owners
    • AI maturity assessment
    • Communications plan for all impacted stakeholders
    • Executive communication pack
    Materials Participants
    • Whiteboard/flip charts
    • The Era of Generative AI C-Suite Presentation
    • AI Maturity Assessment and Roadmap Tool
    • AI initiative lead
    • CIO
    • Communication lead
    • Technical support staff for target use case

    Generative AI communication plan

    Well-planned communications are essential to the success and adoption of your AI initiatives

    To ensure that organization's roadmap is clearly communicated across the AI, data, technology, and business organizations, develop a rollout strategy, like this example.

    Example

    Audience Channel Level of Detail Description Timing
    Generative AI team Email, meetings All
    • Distribute plan; solicit feedback.
    • Address manager questions to equip them to answer employee questions.
    Q3 2023, (September, before entire data team)
    Data management team Email, Q&A sessions following Data management summary deck
    • Roll out after corporate strategy, in same form of communication.
    • Solicit feedback, address questions.
    Q4 2023 (late November)
    Select business stakeholders Presentations Executive deck
    • Pilot test for feedback prior to executive engagement.
    Q4 2023 (early December)
    Executive team Email, briefing Executive deck
    • Distribute plan.
    Q1 2024

    Deliver an executive presentation of the roadmap for the business stakeholders

    After you complete the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Business stakeholders are interested in understanding the business outcomes that will result from their investment in generative AI.
    • Your audience will want to understand the risks involved and how to mitigate those risks.
    • Explain how the generative AI project was selected and the criteria used to help draft generative AI usage policies.

    Recommendations

    • Highlight the need for responsible AI to ensure that human-based requirements are being addressed.
    • Ensure your generative AI team includes both business and technical staff.

    Download The Era of Generative AI C-Suite Presentation

    Bibliography

    "A pro-innovation approach to AI regulation." UK Department for Science, Innovation and Technology, March 2023. Web.

    "Artificial Intelligence Act." European Commission, 21 April 2021. Web.

    "Artificial Intelligence and Data Act (AIDA)." Canadian Federal Government, June 2022. Web.

    "Artificial Intelligence Index Report 2023." Stanford University, April 2023. Web.

    "Automated Employment Decision Tools." New York City Department of Consumer and Worker Protection, Dec. 2021. Web.

    "Bain & Company announces services alliance with OpenAI to help enterprise clients identify and realize the full potential and maximum value of AI." Bain & Company, 21 Feb. 2023. Web.

    "Buzzfeed to use AI to write its articles after firing 180 employees." Al Mayadeen English, 27 Jan. 2023. Web.

    "California Consumers Privacy Act." State of California Department of Justice. April 24, 2023. Web.

    Campbell, Ian Carlos. "The Apple Card doesn't actually discriminate against women, investigators say." The Verge, 23 March 2021. Web.

    Campbell, Patrick. "NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0)." National Institute of Standards and Technology, Jan. 2023. Web.

    "EU Ethics Guidelines For Trustworthy." European Commission, 8 April 2019. Web.

    Farhi, Paul. "A news site used AI to write articles. It was a journalistic disaster." Washington Post, 17 Jan. 2023. Web.

    Forsyth, Ollie. "Mapping the Generative AI landscape." Antler, 20 Dec. 2022. Web.

    "General Data Protection Regulation (GDPR)" European Commission, 25 May 2018. Web.

    "Generative AI Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2023-2028." IMARC Group, 2022. Web.

    Guynn, Jessica. "Bing's ChatGPT is in its feelings: 'You have not been a good user. I have been a good Bing.'" USA Today, 14 Feb. 2023. Web.

    Hunt, Mia. "Canada launches data governance standardisation initiative." Global Government Forum, 24 Sept. 2020. Web.

    Johnston Turner, Mary. "IDC's Worldwide Future of Digital Infrastructure 2022 Predictions." IDC, 27 Oct. 2021. Web.

    Kalliamvakou, Eirini. "Research: quantifying GitHub Copilot's impact on developer productivity and happiness." GitHub, 7 Sept. 2022. Web.

    Kerravala, Zeus. "NVIDIA Brings AI To Health Care While Protecting Patient Data." eWeek, 12 Dec. 2019. Web.

    Knight, Will. "The Apple Card Didn't 'See' Gender-and That's the Problem." Wired, 19 Nov. 2019. Web.

    "OECD, Recommendation of the Council on Artificial Intelligence." OECD, 2022. Web.

    "The National AI Initiative Act" U.S. Federal Government, 1 Jan 2021. Web.

    "Trustworthy AI (TAI) Playbook." U.S. Department of Health & Human Services, Sept 2021. Web.

    Info-Tech Research Contributors/Advocates

    Joel McLean, Executive Chairman

    Joel McLean
    Executive Chairman

    David Godfrey, CEO

    David Godfrey
    CEO

    Gord Harrison, Senior Vice President, Research & Advisory Services

    Gord Harrison
    Senior Vice President, Research & Advisory Services

    William Russell, CIO

    William Russell
    CIO

    Jack Hakimian, SVP, Research

    Jack Hakimian
    SVP, Research

    Barry Cousins, Distinguished Analyst and Research Fellow

    Barry Cousins
    Distinguished Analyst and
    Research Fellow

    Larry Fretz, Vice President, Industry Research

    Larry Fretz
    Vice President, Industry Research

    Tom Zehren, CPO

    Tom Zehren
    CPO

    Mark Roman, Managing Partner II

    Mark Roman
    Managing Partner II

    Christine West, Managing Partner

    Christine West
    Managing Partner

    Steve Willis, Practice Lead

    Steve Willis
    Practice Lead

    Yatish Sewgoolam, Associate Vice President, Research Agenda

    Yatish Sewgoolam
    Associate Vice President, Research Agenda

    Rob Redford, Practice Lead

    Rob Redford
    Practice Lead

    Mike Tweedie, Practice Lead

    Mike Tweedie
    Practice Lead

    Neal Rosenblatt, Principal Research Director

    Neal Rosenblatt
    Principal Research Director

    Jing Wu, Principal Research Director

    Jing Wu
    Principal Research Director

    Irina Sedenko, Research Director

    Irina Sedenko
    Research Director

    Jeremy Roberts, Workshop Director

    Jeremy Roberts
    Workshop Director

    Brian Jackson, Research Director

    Brian Jackson
    Research Director

    Mark Maby, Research Director

    Mark Maby
    Research Director

    Stacey Horricks, Director, Social Media

    Stacey Horricks
    Director, Social Media

    Sufyan Al-Hassan, Public Relations Manager

    Sufyan Al-Hassan
    Public Relations Manager

    Sam Kanen, Marketing Specialist

    Sam Kanen
    Marketing Specialist

    Minimize the Damage of IT Cost Cuts

    • Buy Link or Shortcode: {j2store}53|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Average growth rates for Opex and Capex budgets are expected to continue to decline over the next fiscal year.
    • Common “quick-win” cost-cutting initiatives are not enough to satisfy the organization’s mandate.
    • Cost-cutting initiatives often take longer than expected, failing to provide cost savings before the organization’s deadline.
    • Cost-optimization projects often have unanticipated consequences that offset potential cost savings and result in business dissatisfaction.

    Our Advice

    Critical Insight

    • IT costs affect the entire business, not just IT. For this reason, IT must work with the business collaboratively to convey the full implications of IT cost cuts.
    • Avoid making all your cuts at once; phase your cuts by taking into account the magnitude and urgency of your cuts and avoid unintended consequences.
    • Don’t be afraid to completely cut a service if it should not be delivered in the first place.

    Impact and Result

    • Take a value-based approach to cost optimization.
    • Reduce IT spend while continuing to deliver the most important services.
    • Involve the business in the cost-cutting process.
    • Develop a plan for cost cutting that avoids unintended interruptions to the business.

    Minimize the Damage of IT Cost Cuts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take a value-based approach to cutting IT costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the mandate and take immediate action

    Determine your approach for cutting costs.

    • Minimize the Damage of IT Cost Cuts – Phase 1: Understand the Mandate and Take Immediate Action
    • Cost-Cutting Plan
    • Cost-Cutting Planning Tool

    2. Select cost-cutting initiatives

    Identify the cost-cutting initiatives and design your roadmap.

    • Minimize the Damage of IT Cost Cuts – Phase 2: Select Cost-Cutting Initiatives

    3. Get approval for your cost-cutting plan and adopt change management best practices

    Communicate your roadmap to the business and attain approval.

    • Minimize the Damage of IT Cost Cuts – Phase 3: Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices
    • IT Personnel Engagement Plan
    • Stakeholder Communication Planning Tool
    [infographic]

    Workshop: Minimize the Damage of IT Cost Cuts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Mandate and Take Immediate Action

    The Purpose

    Determine your cost-optimization stance.

    Build momentum with quick wins.

    Key Benefits Achieved

    Understand the internal and external drivers behind your cost-cutting mandate and the types of initiatives that align with it.

    Activities

    1.1 Develop SMART project metrics.

    1.2 Dissect the mandate.

    1.3 Identify your cost-cutting stance.

    1.4 Select and implement quick wins.

    1.5 Plan to report progress to Finance.

    Outputs

    Project metrics and mandate documentation

    List of quick-win initiatives

    2 Select Cost-Cutting Initiatives

    The Purpose

    Create the plan for your cost-cutting initiatives.

    Key Benefits Achieved

    Choose the correct initiatives for your roadmap.

    Create a sensible and intelligent roadmap for the cost-cutting initiatives.

    Activities

    2.1 Identify cost-cutting initiatives.

    2.2 Select initiatives.

    2.3 Build a roadmap.

    Outputs

    High-level cost-cutting initiatives

    Cost-cutting roadmap

    3 Get Approval for Your Cost-Cutting Plan and Adopt Change Management Best Practices

    The Purpose

    Finalize the cost-cutting plan and present it to the business.

    Key Benefits Achieved

    Attain engagement with key stakeholders.

    Activities

    3.1 Customize your cost-cutting plan.

    3.2 Create stakeholder engagement plans.

    3.3 Monitor cost savings.

    Outputs

    Cost-cutting plan

    Stakeholder engagement plan

    Cost-monitoring plan

    Define Service Desk Metrics That Matter

    • Buy Link or Shortcode: {j2store}491|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

    Our Advice

    Critical Insight

    • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Impact and Result

    • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
    • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

    Define Service Desk Metrics That Matter Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

    Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

    • Define Service Desk Metrics That Matter Storyboard

    2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

    For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

    • Service Desk Metrics Workbook
    [infographic]

    Further reading

    Define Service Desk Metrics That Matter

    Look beyond benchmarks and rely on internal metrics to drive success.

    Analyst Perspective

    Don’t get paralyzed by benchmarks when establishing metrics

    When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

    Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

    Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

    Benedict Chang

    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Measure the business value provided by the service desk.
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

    Common Obstacles

    • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
    • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
    • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

    Info-Tech's Approach

    • Use metrics that drive productive change and improvement. Track only what you need to report on.
    • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
    • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
    • Act on the results of your metrics by adjusting targets and measuring success.

    Info-Tech Insight

    Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Improve your metrics to align IT with strategic business goals

    The right metrics can tell the business how hard IT works and how well they perform.

    • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
    • Implementing the proper metrics can facilitate communication between the business division and IT practice.
    • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
    • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

    Current Metrics Suite

    19% Effective

    36% Some Improvement Necessary

    45% Significant Improvement Necessary

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    CXOs stress that value is the most critical area for IT to improve in reporting

    • You most likely have to improve your metrics suite by addressing business value.
    • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
    • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

    The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    Benchmarking used in isolation will not tell the whole story

    Benchmarks can be used as a step in the metrics process

    They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

    Benchmarking relies on standardized models

    This does not account for all the unique variables that make up an IT organization.

    For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

    Info-Tech Insight

    Benchmarks reflect the norm and common practice, not best practice.

    Benchmarks are open to interpretation

    Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

    Being above or below the norm is neither a good nor a bad thing.

    Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

    If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

    Review the collected benchmark data

    See where IT organizations in your industry typically stand in relation to the overall benchmark.

    Assess the gaps

    Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

    Benchmarks are only guidelines

    The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

    Rely on internal metrics to measure and improve performance

    Measure internal metrics over time to define goals and drive real improvement

    • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
    • Whether a given metric is the right one for your service desk will depend on several different factors, including:
      • The maturity and capability of your service desk processes
      • The volume of service requests and incidents
      • The complexity of your environment when resolving tickets
      • The degree to which your end users are comfortable with self-service

    Take Info-Tech’s approach to metrics management

    Use metrics that drive productive change and improvement. Track only what you need to report on.

    Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

    Establish internal benchmarks by analyzing the trends from your own data to set baselines.

    Act on the results of your metrics by adjusting targets and measuring success.

    Define action-based metrics to cut down on analysis paralysis

    Every metric needs to be backed with the following criteria:

    • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
    • The audience and cadence of each metric may allow you to define targeted dashboards.

    Audience - Who is this metric tracked for?

    Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

    Cadence - How often are you going to view, analyze, and action this metric?

    Action - What will you do if this metric spikes, dips, trends up, or trends down?

    Activity 1. Define your critical success factors and key performance indicators

    Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

    CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

    1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
    2. Look at the example to the right as a starting point.

    Example metrics:

    Critical success factor Key performance indicator
    High End-User Satisfaction Increasing CSAT score on transactional surveys
    High end-user satisfaction score
    Proper resolution of tickets
    Low time to resolve
    Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
    Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
    High utilization of portal

    Download the Service Desk Metrics Workbook

    Activity 2. Define action-based metrics that align with your KPIs and CSFs

    1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
    2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
    3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

    Example metrics:

    Critical success factor Key performance indicator Metric Cadence Audience Action
    High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
    High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
    Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
    SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
    Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
    Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
    Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

    Download the Service Desk Metrics Workbook

    Activity 3. Define the data ownership, metric viability, and dashboards

    1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
    2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
    3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
    4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
    5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

    Example metrics:

    Metric Who Owns the Data? Efforts to Track? Dashboards
    Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
    Average end-user satisfaction score Service Desk Low Leadership Meeting
    Number of tickets reopened Service Desk Low Weekly Technician Standup
    SLA breach rate Service Desk Low Daily Technician Standup
    Average TTR (incidents) Service Desk Low Weekly Technician Standup
    Average TTR by priority Service Desk Low Weekly Technician Standup
    Average TTR by tier Service Desk Low Weekly Technician Standup
    Average TTR (SRs) Service Desk Low Weekly Technician Standup
    Number of tickets reopened Service Desk Low Daily Technician Standup

    Download the Service Desk Metrics Workbook

    Keep the following considerations in mind when defining which metrics matter

    Keep the customer in mind

    Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

    Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

    Don’t settle for tool defaults

    ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

    Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

    Establish tension metrics to achieve balance

    Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

    Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

    Adjust those targets

    An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

    Take Control of Infrastructure and Operations Metrics

    Make faster decisions and improve service delivery by using the right metrics for the job.

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    IT Diagnostics: Build a Data-Driven IT Strategy

    Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

    Strengthen the SSDLC for Enterprise Mobile Applications

    • Buy Link or Shortcode: {j2store}283|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • CEOs see mobile for employees as their top mandate for upcoming technology innovation initiatives, making security a key competency for development.
    • Unsecure mobile applications can cause your employees to question the mobile applications’ integrity for handling sensitive data, limiting uptake.
    • Secure mobile development tends to be an afterthought, where vulnerabilities are tested for post-production rather than during the build process.
    • Developers lack the expertise, processes, and proper tools to effectively enhance applications for mobile security.

    Our Advice

    Critical Insight

    • Organizations currently react to security issues. Info-Tech recommends a proactive approach to ensure a secure software development life cycle (SSDLC) end-to-end.
    • Organizations currently lack the secure development practices to provide highly secure mobile applications that end users can trust.
    • Enable your developers with five key secure development techniques from Info-Tech’s development toolkit.

    Impact and Result

    • Embed secure development techniques into your SDLC.
    • Create a repeatable process for your developers to continually evaluate and optimize mobile application security for new threats and corresponding mitigation steps.
    • Build capabilities within your team based on Info-Tech’s framework by supporting ongoing security improvements through monitoring and metric analysis.

    Strengthen the SSDLC for Enterprise Mobile Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt secure development techniques for mobile application development, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess secure mobile development processes

    Determine the current security landscape of mobile application development.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 1: Assess Secure Mobile Development Practices
    • Systems Architecture Template
    • Mobile Application High-Level Design Requirements Template

    2. Implement and test secure mobile techniques

    Incorporate the various secure development techniques into current development practices.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 2: Implement and Test Secure Mobile Techniques

    3. Monitor and support secure mobile applications

    Create a roadmap for mobile optimization initiatives.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 3: Monitor and Support Secure Mobile Applications
    • Mobile Optimization Roadmap
    [infographic]

    Workshop: Strengthen the SSDLC for Enterprise Mobile Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Your Secure Mobile Development Practices

    The Purpose

    Identification of the triggers of your secure mobile development initiatives.

    Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.

    Identification of the execution of your mobile environment.

    Assessment of the mobile threats and vulnerabilities to your systems architecture.

    Prioritization of your mobile threats.

    Creation of your risk register.

    Key Benefits Achieved

    Key opportunity areas where a secure development optimization initiative can provide tangible benefits.

    Identification of security requirements.

    Prioritized list of security threats.

    Initial mobile security risk register created. 

    Activities

    1.1 Establish the triggers of your secure mobile development initiatives.

    1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.

    1.3 Understand the execution of your mobile environment with a systems architecture.

    1.4 Assess the mobile threats and vulnerabilities to your systems architecture.

    1.5 Prioritize your mobile threats.

    1.6 Begin building your risk register.

    Outputs

    Mobile Application High-Level Design Requirements Document

    Systems Architecture Diagram

    2 Implement and Test Your Secure Mobile Techniques

    The Purpose

    Discovery of secure development techniques to apply to current development practices.

    Discovery of new user stories from applying secure development techniques.

    Discovery of new test cases from applying secure development techniques.

    Key Benefits Achieved

    Areas within your code that can be optimized for improving mobile application security.

    New user stories created in relation to mitigation steps.

    New test cases created in relation to mitigation steps.

    Activities

    2.1 Gauge the state of your secure mobile development practices.

    2.2 Identify the appropriate techniques to fill gaps.

    2.3 Develop user stories from security development gaps identified.

    2.4 Develop test cases from user story gaps identified.

    Outputs

    Mobile Application High-Level Design Requirements Document

    3 Monitor and Support Your Secure Mobile Applications

    The Purpose

    Identification of key metrics used to measure mobile application security issues.

    Identification of secure mobile application and development process optimization initiatives.

    Identification of enablers and blockers of your mobile security optimization.

    Key Benefits Achieved

    Metrics for measuring application security.

    Modified triaging process for addressing security issues.

    Initiatives for development optimization.

    Enablers and blockers identified for mobile security optimization initiatives.

    Process for developing your mobile optimization roadmap.

    Activities

    3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.

    3.2 Adjust and modify your triaging process to enhance handling of security issues.

    3.3 Brainstorm secure mobile application and development process optimization initiatives.

    3.4 Identify the enablers and blockers of your mobile security optimization.

    3.5 Define your mobile security optimization roadmap.

    Outputs

    Mobile Optimization Roadmap

    Operations management

    • Buy Link or Shortcode: {j2store}12|cart{/j2store}
    • Related Products: {j2store}12|crosssells{/j2store}
    • Up-Sell: {j2store}12|upsells{/j2store}
    • member rating overall impact (scale of 10): 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    IT Operations is all about effectiveness. We make sure that you deliver reliable services to the clients and users within the company.

    Adding the Right Value: Building Cloud Brokerages That Enable

    • Buy Link or Shortcode: {j2store}110|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering, and how?

    Our Advice

    Critical Insight

    • To avoid failure, you need to provide security and compliance, but basic user satisfaction means becoming a frictionless intermediary.
    • Enabling brokers provide knowledge and guidance for the best usage of cloud.
    • While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

    Impact and Result

    • Avoid disintermediation.
    • Maintain compliance.
    • Leverage economies of scale.
    • Ensure architecture discipline.

    Adding the Right Value: Building Cloud Brokerages That Enable Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Cloud Brokerage Deck – A guide to help you start designing a cloud brokerage that delivers value beyond gatekeeping.

    Define the value, ecosystem, and metrics required to add value as a brokerage. Develop a brokerage value proposition that aligns with your audience and capabilities. Define and rationalize the ecosystem of partners and value-add activities for your brokerage. Define KPIs that allow you to maximize and balance both usability and compliance.

    • Adding the Right Value: Building Cloud Brokerages That Enable Storyboard
    [infographic]

    Further reading

    Adding the Right Value: Building Cloud Brokerages That Enable

    Considerations for implementing an institutional-focused cloud brokerage.

    Your Challenge

    Increasingly, large institutions and governments are adopting cloud-first postures for delivering IT resources. Combined with the growth of cloud offerings that are able to meet the certifications and requirements of this segment that has been driven by federal initiatives like Cloud-First in Canada and Cloud Smart in the United States, these two factors have left institutions (and the businesses that serve them) with the challenge of delivering cloud services to their users while maintaining compliance, control, and IT sanity.

    In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering and how?

    Navigating the Problem

    Not all cloud brokerages are the same. And while they can be an answer to cloud complexity, an ineffective brokerage can drain value and complicate operations even further. Cloud brokerages need to be designed:

    1. To deliver the right type of value to its users.
    2. To strike the balance between effective governance & security and flexibility & ease of use.

    Info-Tech’s Approach

    By defining your end goals, framing solutions based on the type of value and rigor your brokerage needs to deliver, and focusing on the right balance of security and flexibility, you can deliver a brokerage that delivers the best of all worlds.

    1. Define the brokerage value you want to deliver.
    2. Build the catalog and partner ecosystem.
    3. Understand how to maximize adoption and minimize disintermediation while maintaining architectural discipline and compliance.

    Info-Tech Insight

    Sometimes a brokerage delivery model makes sense, sometimes it doesn’t! Understanding the value addition you want your brokerage to provide before creating it allows you to not only avoid pitfalls and maximize benefits but also understand when a brokerage model does and doesn’t make sense in the first place.

    Project Overview

    Understand what value you want your brokerage to deliver

    Different institutions want brokerage delivery for different reasons. It’s important to define up front why your users need to work through a brokerage and what value that brokerage needs to deliver.

    What’s in the catalog? Is it there to consolidate and simplify billing and consumption? Or does it add value further up the technology stack or value chain? If so, how does that change the capabilities you need internally and from partners?

    Security and compliance are usually the highest priority

    Among institutions adopting cloud, a broker that can help deliver their defined security and compliance standards is an almost universal requirement. Especially in government institutions, this can mean the need to meet a high standard in both implementation and validation.

    The good news is that even if you lack the complete set of skills in-house, the high certification levels available from hyperscale providers combined with a growing ecosystem of service providers working on these platforms means you can usually find the right partner(s) to make it possible.

    The real goal: frictionless intermediation and enablement

    Ultimately, if end users can’t get what they need from you, they will go around you to get it. This challenge, which has always existed in IT, is further amplified in a cloud service world that offers users a cornucopia of options outside the brokerage. Furthermore, cloud users expect to be able to consume IT seamlessly. Without frictionless satisfaction of user demand your brokerage will become disintermediated, which risks your highest priorities of security and compliance.

    Understand the evolution: Info-Tech thought model

    While initial adoption of cloud brokerages in institutions was focused on ensuring the ability of IT to extend its traditional role as gatekeeper to the realm of cloud services, the focus has now shifted upstream to enabling ease of use and smart adoption of cloud services. This is evidenced clearly in examples like the US government’s renaming of its digital strategy from “Cloud First” to “Cloud Smart” and has been mirrored in other regions and institutions.

    Info-Tech Insights

    To avoid failure, you need to provide security and compliance.

    Basic user satisfaction means becoming a frictionless intermediary.

    Exceed expectations! Enabling brokers provide knowledge and guidance for the best usage of cloud.

    • Security & Compliance
    • Frictionless Intermediation
    • Cloud-Enabling Brokerage

    Define the role of a cloud broker

    Where do brokers fit in the cloud model?

    • NIST Definition: An entity that manages the use, performance, and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers.
    • Similar to a telecom master agent, a cloud broker acts as the middle-person and end-user point of contact, consolidating the management of underlying providers.
    • A government or institutional cloud broker (GCB) is responsible for the delivery of all cloud services consumed by the departments or agencies it supports or that are mandated to use it.

    Balancing governance and agility

    Info-Tech Insight

    While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

    Model brokerage drivers and benefits

    Reduced costs: Security through standardization: Frictionless consumption: Avoid disinter-mediation; Maintain compliance; Leverage economies of scale; Ensure architecture discipline

    Maintain compliance and ensure architecture discipline: Brokerages can be an effective gating point for ensuring properly governed and managed IT consumption that meets the specific regulations and compliances required for an institution. It can also be a strong catalyst and enabler for moving to even more effective cloud consumption through automation.

    Avoid disintermediation: Especially in institutions, cloud brokers are a key tool in the fight against disintermediation – that is, end users circumventing your IT department’s procurement and governance by consuming an ad hoc cloud service.

    Leverage economies of scale: Simply put, consolidation of your cloud consumption drives effectiveness by making the most of your buying power.

    Info-Tech Insights

    Understanding the importance of each benefit type to your brokerage audience will help you define the type of brokerage you need to build and what skills and partners will be required to deliver the right value.

    The brokerage landscape

    The past ten years have seen governments and institutions evolve from basic acceptance of cloud services to the usage of cloud as the core of most IT initiatives.

    • As part of this evolution, many organizations now have well-defined standards and guidance for the implementation, procurement, and regulation of cloud services for their use.
    • Both Canada (Strategic Plan for Information Management and Information Technology) and the United States (Cloud Smart – formerly known as Cloud First) have recently updated their guidance on adoption of cloud services. The Australian Government has also recently updated its Cloud Computing Policy.
    • AWS and Azure both now claim Full FedRAMP (Federal Risk and Authorization Management Program) certification.
    • This has not only enabled easy adoption of these core hyperscale cloud service by government but also driven the proliferation of a large ecosystem of FedRAMP-authorized cloud service providers.
    • This trend started with government at the federal level but has cascaded downstream to provincial and municipal governments globally, and the same model seems likely to be adopted by other governments and other institution types over time.

    Info-Tech Insight

    The ecosystem of platforms and tools has grown significantly and examples of best practices, especially in government, are readily available. Once you’ve defined your brokerage’s value stance, the building blocks you need to deliver often don’t need to be built from scratch.

    Address the unique challenges of business-led IT in institutions

    With the business taking more accountability and management of their own technology, brokers must learn how to evolve from being gatekeepers to enablers.

    This image This lists the Cons of IT acting as a gatekeeper providing oversight, and the Pros of IT acting as an Enabler in an IT Partnership.  the Cons are: Restrict System Access; Deliver & Monitor Applications; Own Organizational Risk; Train the Business.  The Pros are: Manage Role-Based Access; Deliver & Monitor Platforms; Share Organizational Risk; Coach & Mentor the Business

    Turn brokerage pitfalls into opportunities

    The greatest risks in using a cloud broker come from its nature as a single point of distribution for service and support. Without resources (or automation) to enable scale, as well as responsive processes for supporting users in finding the right services and making those services available through the brokerage, you will lose alignment with your users’ needs, which inevitably leads to disintermediation, loss of IT control, and broken compliance

    Info-Tech Insights

    Standardization and automation are your friend when building a cloud brokerage! Sometimes this means having a flexible catalog of options and configurations, but great brokerages can deliver value by helping their users redefine and evolve their workloads to work more effectively in the cloud. This means providing guidance and facilitating the landing/transformation of users’ workloads in the cloud, the right way.

    Challenges Impact
    • Single point of failure
    • Managing capacity
    • Alignment of brokerage with underlying agencies
    • Additional layer of complexity
    • Inability to deliver service
    • Disintermediation
    • Broken security/compliance
    • Loss of cost control/purchasing power

    Validate your cloud brokerage strategy using Info-Tech’s approach

    Value Definition

    • Define your brokerage type and value addition

    Capabilities Mapping

    • Understand the partners and capabilities you need to be able to deliver

    Measuring Value

    • Define KPIs for both compliant delivery and frictionless intermediation

    Provide Cloud Excellence

    • Move from intermediation to enablement and help users land on the cloud the right way

    Define the categories for your brokerage’s benefit and value

    Depending on the type of brokerage, the value delivered may be as simple as billing consolidation, but many brokerages go much deeper in their value proposition.

    This image depicts a funnel, where the following inputs make up the Broker Value: Integration, Interface and Management Enhancement; User Identity and Risk Management/ Security & Compliance; Cost & Workload Efficiency, Service Aggregation

    Define the categories of brokerage value to add

    • Purchasing Agents save the purchaser time by researching services from different vendors and providing the customer with information about how to use cloud computing to support business goals.
    • Contract Managers may also be assigned power to negotiate contracts with cloud providers on behalf of the customer. In this scenario, the broker may distribute services across multiple vendors to achieve cost-effectiveness, while managing the technical and procurement complexity of dealing with multiple vendors.
      • The broker may provide users with an application program interface (API) and user interface (UI) that hides any complexity and allows the customer to work with their cloud services as if they were being purchased from a single vendor. This type of broker is sometimes referred to as a cloud aggregator.
    • Cloud Enablers can also provide the customer with additional services, such as managing the deduplication, encryption, and cloud data transfer and assisting with data lifecycle management and other activities.
    • Cloud Customizers integrate various underlying cloud services for customers to provide a custom offering under a white label or its own brand.
    • Cloud Agents are essentially the software version of a Contract Manager and act by automating and facilitating the distribution of work between different cloud service providers.

    Info-Tech Insights

    Remember that these categories are general guidelines! Depending on the requirements and value a brokerage needs to deliver, it may fit more than one category of broker type.

    Brokerage types and value addition

    Info-Tech Insights

    Each value addition your brokerage invests in delivering should tie to reinforcing efficiency, compliance, frictionlessness, or enablement.

    Value Addition Purchasing Agent Contract Manager Cloud Enabler Cloud Customizer Cloud Agent
    Underlying service selection

    Standard Activity

    Standard Activity Standard Activity Standard Activity Common Activity
    Support and info Standard Activity

    Common Activity

    Standard Activity Standard Activity Common Activity
    Contract lifecycle (pricing/negotiation) Standard Activity Common Activity Standard Activity
    Workload distribution (to underlying services) (aggregation) Common Activity Standard Activity Standard Activity Standard Activity
    Value-add or layered on services Standard Activity Common Activity
    Customization/integration of underlying services Standard Activity
    Automated workload distribution (i.e. software) Standard Activity

    Start by delivering value in these common brokerage service categories

    Security & Compliance

    • Reporting & Auditing
    • SIEM & SOC Services
    • Patching & Monitoring

    Cost Management

    • Right-Sizing
    • Billing Analysis
    • Anomaly Detection & Change Recommendations

    Data Management

    • Data Tiering
    • Localization Management
    • Data Warehouse/Lake Services

    Resilience & Reliability

    • Backup & Archive
    • Replication & Sync
    • DR & HA Management
    • Ransomware Prevention/Mitigation

    Cloud-Native & DevOps Enablement

    • Infrastructure as Code (IaC)
    • DevOps Tools & Processes
    • SDLC Automation Tools

    Design, Transformation, and Integration

    • CDN Integration
    • AI Tools Integration
    • SaaS Customizations

    Activity: Brokerage value design

    Who are you and who are you building this for?

    • Internal brokerage (i.e. you are a department in an organization that is tasked with providing IT resources to other internal groups)
      • No profit motivation
      • Primary goal is to maintain compliance and avoid disintermediation
    • Third-party brokerage (i.e. you are an MSP that needs to build a brokerage to provide a variety of downstream services and act as the single point of consumption for an organization)
      • Focus on value-addition to the downstream services you facilitate for your client
      • Increased requirement to quickly add new partners/services from downstream as required by your client

    What requirements and pains do you need to address?

    • Remember that in the world of cloud, users ultimately can go around IT to find the resources and tools they want to use. In short, if you don’t provide ease and value, they will get it somewhere else.
    • Assess the different types of cloud brokerages out there as a guide to what sort of value you want to deliver.

    Why are you creating a brokerage? There are several categories of driver and more than one may apply.

    • Compliance and security gating/validation
    • Cost consolidation and governance
    • Value-add or feature enhancement of raw/downstream services being consumed

    It’s important to clearly understand how best you can deliver unique value to ensure that they want to consume from you.

    This is an image of a Venn diagram between the following: Who are you trying to serve?; Why and how are you uniquely positioned to deliver?; What requirements do they have and what pain points can you help solve?.  Where all three circles overlap is the Brokerage Value Proposition.

    Understand the ecosystem you’ll require to deliver value

    GCB

    • Enabling Effectiveness
    • Cost Governance
    • Adoption and User Satisfaction
    • Security & Compliance

    Whatever value proposition and associated services your brokerage has defined, either internal resources or additional partners will be required to run the platform and processes you want to offer on top of the defined base cloud platforms.

    Info-Tech Insights

    Remember to always align your value adds and activities to the four key themes:

    • Efficiency
    • Compliance
    • Frictionlessness
    • Cloud Enablement

    Delivering value may require an ecosystem

    The additional value your broker delivers will depend on the tools and services you can layer on top of the base cloud platform(s) you support.

    In many cases, you may require different partners to fulfil similar functions across different base platforms. Although this increases complexity for the brokerage, it’s also a place where additional value can be delivered to end users by your role as a frictionless intermediary.

    Base Partner/Platform

    • Third-party software & platforms
    • Third-party automations & integrations
    • Third-party service partners
    • Internal value-add functions

    Build the ecosystem you need for your value proposition

    Leverage partners and automation to bake compliance in.

    Different value-add types (based on the category/categories of broker you’re targeting) require different additional platforms and partners to augment the base cloud service you’re brokering.

    Security & Config

    • IaC Tools
    • Cloud Resource Configuration Validation
    • Templating Tools
    • Security Platforms
    • SDN and Networking Platforms
    • Resilience (Backup/Replication/DR/HA) Platforms
    • Data & Storage Management
    • Compliance and Validation Platforms & Partners

    Cost Management

    • Subscription Hierarchy Management
    • Showback and Chargeback Logic
    • Cost Dashboarding and Thresholding
    • Governance and Intervention

    Adoption & User Satisfaction

    • Service Delivery SLAs
    • Support Process & Tools
    • Capacity/Availability Management
    • Portal Usability/UX

    Speed of Evolution

    • Partner and Catalog/Service Additions
    • Broker Catalog Roadmapping
    • User Request Capture (new services)
    • User Request Capture (exceptions)

    Build your features and services lists

    Incorporate your end user, business, and IT perspectives in defining the list of mandatory and desired features of your target solution.

    See our Implement a Proactive and Consistent Vendor Selection Process blueprint for information on procurement practices, including RFP templates.

    End User

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces
    • One-click deployment
    • Self-healing application
    • Vendor-managed infrastructure
    • Active community and marketplace
    • Prebuilt templates and libraries
    • Optical character recognition and natural language processing

    Business

    • Audit and change logs
    • Theme and template builder
    • Template management
    • Knowledgebase and document management
    • Role-based access
    • Business value, operational costs, and other KPI monitoring
    • Regulatory compliance
    • Consistent design and user experience across applications
    • Business workflow automation

    IT

    • Application and system performance monitoring
    • Versioning and code management
    • Automatic application and system refactoring and recovery
    • Exception and error handling
    • Scalability (e.g. load balancing) and infrastructure management
    • Real-time debugging
    • Testing capabilities
    • Security management
    • Application integration management

    Understand the stakeholders

    Hyperscale Platform/Base Platform: Security; Compliance and Validation;Portal/Front-End; Cost Governance; Broker Value Add(s)

    Depending on the value-add(s) you are trying to deliver, as well as the requirements from your institution(s), you will have a different delineation of responsibilities for each of the value-add dimensions. Typically, there will be at least three stakeholders whose role needs to be considered for each dimension:

    • Base Cloud Provider
    • Third-Party Platforms/Service Providers
    • Internal Resources

    Info-Tech Insights

    It’s important to remember that the ecosystem of third-party options available to you in each case will likely be dependent on if a given partner operates or supports your chosen base provider.

    Define the value added by each stakeholder in your value chain

    Value Addition Cost Governance Security & Compliance Adoption and User Satisfaction New Service Addition Speed End-User Cloud Effectiveness
    Base platform(s)
    Third party
    Internal

    A basic table of the stakeholders and platforms involved in your value stream is a critical tool for aligning activities and partners with brokerage value.

    Remember to tie each value-add category you’re embarking on to at least one of the key themes!

    Cost Governance → Efficiency

    Security & Compliance → Compliance

    Adoption & User Satisfaction → Frictionlessness

    New Service Addition Responsiveness → Frictionlessness, Enablement

    End-User Cloud Effectiveness → Enablement

    Info-Tech Insights

    The expectations for how applications are consumed and what a user experience should look like is increasingly being guided by the business and by the disintermediating power of the cloud-app ecosystem.

    “Enabling brokers” help embrace business-led IT

    In environments where compliance and security are a must, the challenges of handing off application management to the business are even more complex. Great brokers learn to act not just as a gatekeeper but an enabler of business-led IT.

    Business Empowerment

    Organizations are looking to enhance their Agile and BizDevOps practices by shifting traditional IT practices left and toward the business.

    Changing Business Needs

    Organizational priorities are constantly changing. Cost reduction opportunities and competitive advantages are lost because of delayed delivery of features.

    Low Barrier to Entry

    Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without significant internal technical support or expertise.

    Democratization of IT

    A wide range of digital applications, services, and information are readily available and continuously updated through vendor and public marketplaces and open-source communities.

    Technology-Savvy Business

    The business is motivated to learn more about the technology they use so that they can better integrate it into their processes.

    Balance usability and compliance: accelerate cloud effectiveness

    Move to being an accelerator and an enabler! Rather than creating an additional layer of complexity, we can use the abstraction of a cloud brokerage to bring a wide variety of value-adds and partners into the ecosystem without increasing complexity for end users.

    Manage the user experience

    • Your portal is a great source of data for optimizing user adoption and satisfaction.
    • Understand the KPIs that matter to your clients or client groups from both a technical and a service perspective.

    Be proactive and responsive in meeting changing needs

    • Determine dashboard consumption by partner view.
    • Regularly review and address the gaps in your catalog.
    • Provide an easy mechanism for adding user-demanded services.

    Think like a service provider

    • You do need to be able to communicate and even market internally new services and capabilities as you add them or people won't know to come to you to use them.
    • It's also critical in helping people move along the path to enablement and knowing what might be possible that they hadn't considered.

    Provide cloud excellence functions

    Enablement Broker

    • Mentorship & Training
      • Build the skills, knowledge, and experiences of application owners and managers with internal and external expertise.
    • Organizational Change Leadership
      • Facilitate cultural, governance, and other organizational changes through strong relationships with business and IT leadership.
    • Good Delivery Practices & Thinking
      • Develop, share, and maintain a toolkit of good software development lifecycle (SDLC) practices and techniques.
    • Knowledge Sharing
      • Centralize a knowledgebase of up-to-date and accurate documentation and develop community forums to facilitate knowledge transfer.
    • Technology Governance & Leadership
      • Implement the organizational standards, policies, and rules for all applications and platforms and coordinate growth and sprawl.
    • Shared Services & Integrations
      • Provide critical services and integrations to support end users with internal resources or approved third-party providers and partners.

    Gauge value with the right metrics

    Focus your effort on measuring key metrics.

    Category

    Purpose

    Examples

    Business Value – The amount of value and benefits delivered. Justify the investment and impact of the brokerage and its optimization to business operations. ROI, user productivity, end-user satisfaction, business operational costs, error rate
    Application Quality – Satisfaction of application quality standards. Evaluate organizational effort to address and maximize user satisfaction and adoption rates. Adoption rate, usage friction metrics, user satisfaction metrics
    Delivery Effectiveness – The delivery efficiency of changes. Enable members to increase their speed to effective deployment, operation, and innovation on cloud platforms. Speed of deployment, landing/migration success metrics

    Determine measures that demonstrate the value of your brokerage by aligning it with your quality definition, value drivers, and users’ goals and objectives. Recognize that your journey will require constant monitoring and refinement to adjust to situations that may arise as you adopt new products, standards, strategies, tactics, processes, and tools.

    Activity Output

    Ultimately, the goal is designing a brokerage that can evolve from gatekeeping to frictionless intermediation to cloud enablement.

    Maintain focus on the value proposition, your brokerage ecosystem, and the metrics that represent enablement for your users and avoid pitfalls and challenges from the beginning.

    Activity: Define your brokerage type and value addition; Understand the partners and capabilities you need to be able to deliver; Define KPIs for both delivery (compliance) and adoption (frictionlessness); Output: GCB Strategy Plan; Addresses: Why and when you should build a GCB; How to avoid pitfalls; How to maximize benefits; How to maximize responsiveness and user satisfaction; How to roadmap and add services with agility.

    Appendix

    Related blueprints and tools

    Document Your Cloud Strategy

    This blueprint covers aligning your value proposition with general cloud requirements.

    Define Your Digital Business Strategy

    Phase 1 of this research covers identifying value chains to be transformed.

    Embrace Business-Managed Applications

    Phase 1 of this research covers understanding the business-managed applications as a factor in developing a frictionless intermediary model.

    Implement a Proactive and Consistent Vendor Selection Process

    This blueprint provides information on partner selection and procurement practices, including RFP templates.

    Bibliography

    “3 Types of Cloud Brokers That Can Save the Cloud.” Cloud Computing Topics, n.d. Web.

    Australian Government Cloud Computing Policy. Government of Australia, October 2014. Web.

    “Cloud Smart Policy Overview.” CIO.gov, n.d. Web.

    “From Cloud First to Cloud Smart.” CIO.gov, n.d. Web.

    Gardner, Dana. “Cloud brokering: Building a cloud of clouds.” ZDNet, 22 April 2011. Web.

    Narcisi, Gina. “Cloud, Next-Gen Services Help Master Agents Grow Quickly And Beat 'The Squeeze' “As Connectivity Commissions Decline.” CRN, 14 June 2017. Web.

    Smith, Spencer. “Asigra calls out the perils of cloud brokerage model.” TechTarget, 28 June 2019. Web.

    Tan, Aaron. “Australia issues new cloud computing guidelines.” TechTarget, 27 July 2020. Web.

    The European Commission Cloud Strategy. ec.europa.eu, 16 May 2019. Web.

    “TrustRadius Review: Cloud Brokers 2022.” TrustRadius, 2022. Web.

    Yedlin, Debbie. “Pros and Cons of Using a Cloud Broker.” Technology & Business Integrators, 17 April 2015. Web.

    Develop a Targeted Flexible Work Program for IT

    • Buy Link or Shortcode: {j2store}542|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $18,909 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • Workplace flexibility continues to be top priority for IT employees. Organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • When the benefits of remote work are not available to everyone, this raises fairness and equity concerns.

    Our Advice

    Critical Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Impact and Result

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Develop a Targeted Flexible Work Program for IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess employee and organizational flexibility needs

    Identify prioritized employee segments, flexibility challenges, and the desired state to inform program goals.

    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Talent Metrics Library
    • Targeted Flexible Work Program Workbook
    • Fast-Track Hybrid Work Program Workbook

    2. Identify potential flex options and assess feasibility

    Review, shortlist, and assess the feasibility of common types of flexible work. Identify implementation issues and cultural barriers.

    • Flexible Work Focus Group Guide
    • Flexible Work Options Catalog

    3. Implement selected option(s)

    Equip managers and employees to adopt flexible work options while addressing implementation issues and cultural barriers and aligning HR programs.

    • Guide to Flexible Work for Managers and Employees
    • Flexible Work Time Policy
    • Flexible Work Time Off Policy
    • Flexible Work Location Policy

    Infographic

    Workshop: Develop a Targeted Flexible Work Program for IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Assess Flex Work Feasibility

    The Purpose

    Gather information on organizational and employee flexibility needs.

    Key Benefits Achieved

    Understand the flexibility needs of the organization and its employees to inform a targeted flex work program.

    Activities

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flexible work options.

    Outputs

    Organizational context summary

    List of shortlisted flex work options

    2 Assess Flex Work Feasibility

    The Purpose

    Perform a data-driven feasibility analysis on shortlisted work options.

    Key Benefits Achieved

    A data-driven feasibility analysis ensures your flex work program meets its goals.

    Activities

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    Outputs

    Summary of flex work options feasibility per employee segment

    3 Finalize Flex Work Options

    The Purpose

    Select the most impactful flex work options and create a plan for addressing implementation challenge

    Key Benefits Achieved

    A data-driven selection process ensures decisions and exceptions can be communicated with full transparency.

    Activities

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.3 Identify how to overcome cultural barriers.

    Outputs

    Final list of flex work options

    Implementation barriers and solutions summary

    4 Prepare for Implementation

    The Purpose

    Create supporting materials to ensure program implementation proceeds smoothly.

    Key Benefits Achieved

    Employee- and manager-facing guides and policies ensure the program is clearly documented and communicated.

    Activities

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    Outputs

    Employee and manager guide to flexible work

    Flex work roadmap and communication plan

    5 Next Steps and Wrap-Up

    The Purpose

    Put everything together and prepare to implement.

    Key Benefits Achieved

    Our analysts will support you in synthesizing the workshop’s efforts into a cohesive implementation strategy.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Completed flexible work feasibility workbook

    Flexible work communication plan

    Further reading

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    Executive Summary

    Your Challenge

    • IT leaders continue to struggle with workplace flexibility, and it is a top priority for IT employees; as a result, organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
    • The benefits of remote work are not available to everyone, raising fairness and equity concerns for employees.

    Common Obstacles

    • A one-size-fits-all approach to selecting and implementing flexible work options fails to consider unique employee needs and will not reap the benefits of offering a flexible work program (e.g. higher engagement or enhanced employer brand).
    • Improper structure and implementation of flexible work programs exacerbates existing challenges (e.g. high turnover) or creates new ones.

    Info-Tech's Approach

    • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
    • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
    • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

    Info-Tech Insight

    IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

    Flexible work arrangements are a requirement in today's world of work

    Flexible work continues to gain momentum…

    A 2022 LinkedIn report found that the following occurred between 2019 and 2021:

    +362%

    Increase in LinkedIn members sharing content with the term "flexible work."

    +83%

    Increase in job postings that mention "flexibility."
    (LinkedIn, 2022)

    In 2022, Into-Tech found that hybrid was the most commonly used location work model for IT across all industries.

    ("State of Hybrid Work in IT," Info-Tech Research Group, 2022)

    …and employees are demanding more flexibility

    90%

    of employees said they want schedule and location flexibility ("Global Employee Survey," EY, 2021).

    17%

    of resigning IT employees cited lack of flexible work options as a reason ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    71%

    of executives said they felt "pressure to change working models and adapt workplace policies to allow for greater flexibility" (LinkedIn, 2021).

    Therefore, organizations who fail to offer flexibility will be left behind

    Difficulty attracting and retaining talent

    98% of IT employees say flexible work options are important in choosing an employer ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

    Worsening employee wellbeing and burnout

    Knowledge workers with minimal to no schedule flexibility are 2.2x more likely to experience work-related stress and are 1.4x more likely to suffer from burnout (Slack, 2022; N=10,818).

    Offering workplace flexibility benefits organizations and employees

    Higher performance

    IT departments that offer some degree of location flexibility are more effective at supporting the organization than those who do not.

    35% of service desk functions report improved service since implementing location flexibility.
    ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Enhanced employer brand

    Employees are 2.1x more likely to recommend their employer to others when they are satisfied with their organization's flexible work arrangements (LinkedIn, 2021).

    Improved attraction

    41% of IT departments cite an expanded hiring pool as a key benefit of hybrid work.

    Organizations that mention "flexibility" in their job postings have 35% more engagement with their posts (LinkedIn, 2022).

    Increased job satisfaction

    IT employees who have more control over their working arrangement experience a greater sense of contribution and trust in leadership ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    Better work-life balance

    81% of employees say flexible work will positively impact their work-life balance (FlexJobs, 2021).

    Boosted inclusivity

    • Caregivers regardless of gender, supporting them in balancing responsibilities
    • Individuals with disabilities, enabling them to work from the comfort of their homes
    • Women who may have increased responsibilities
    • Women of color to mitigate the emotional tax experienced at work

    Info-Tech Insight

    Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.

    Despite the popularity of flexible work options, not all employees can participate

    IT organizations differ on how much flexibility different roles can have.

    IT employees were asked what percentage of IT roles were currently in a hybrid or remote work arrangement ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

    However, the benefits of remote work are not available to all, which raises fairness and equity concerns between remote and onsite employees.

    45%

    of employers said, "one of the biggest risks will be their ability to establish fairness and equity among employees when some jobs require a fixed schedule or location, creating a 'have and have not' dynamic based on roles" ("Businesses Suffering," EY, 2021).

    Offering schedule flexibility to employees who need to be fully onsite can be used to close the fairness and equity gap.

    When offered the choice, 54% of employees said they would choose schedule flexibility over location flexibility ("Global Employee Survey," EY, 2021).

    When employees were asked "What choice would you want your employer to provide related to when you have to work?" The top three choices were:

    68%

    Flexibility on when to start and finish work

    38%

    Compressed or four-day work weeks

    33%

    Fixed hours (e.g. 9am to 5pm)

    Disclaimer: "Percentages do not sum to 100%, as each respondent could choose up to three of the [five options provided]" ("Global Employee Survey," EY, 2021).

    Beware of the "all or nothing" approach

    There is no one-size-fits-all approach to workplace flexibility.

    Understanding the needs of various employee segments in the organization is critical to the success of a flexible work program.

    Working parents want more flexibility

    82%

    of working mothers desire flexibility in where they work.

    48%

    of working fathers "want to work remotely 3 to 5 days a week."

    Historically underrepresented groups value more flexibility

    38%

    "Thirty-eight percent of Black male employees and 33% of Black female employees would prefer a fully flexible schedule, compared to 25% of white female employees and 26% of white male employees."
    (Slack, 2022; N=10,818)

    33%

    Workplace flexibility must be customized to the organization to avoid longer working hours and heavy workloads that impact employee wellbeing

    84%

    of remote workers and 61% of onsite workers reported working longer hours post pandemic. Longer working hours were attributed to reasons such as pressure from management and checking emails after working hours (Indeed, 2021).

    2.6x

    Respondents who either agreed or strongly agreed with the statement "Generally, I find my workload reasonable" were 2.6x more likely to be engaged compared to those who stated they disagreed or strongly disagreed (McLean & Company Engagement Survey Database;2022; N=5,615 responses).

    Longer hours and unsustainable workloads can contribute to stress and burnout, which is a threat to employee engagement and retention. With careful management (e.g. setting clear expectations and establishing manageable workloads), flexible work arrangement benefits can be preserved.

    Info-Tech Insight

    Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.

    Develop a flexible work program that meets employee and organizational needs

    This is an image of a sample flexible work program which meets employee and organizational needs.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    Step 1 insight

    Step 2 insight

    Step 3 insight

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.
    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.
    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.
    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Case Study

    Expanding hybrid work at Info-Tech

    Challenge

    In 2020, Info-Tech implemented emergency work-from-home for its IT department, along with the rest of the organization. Now in 2023, hybrid work is firmly embedded in Info-Tech's culture, with plans to continue location flexibility for the foreseeable future.

    Adjusting to the change came with lessons learned and future-looking questions.

    Lessons Learned

    Moving into remote work was made easier by certain enablers that had already been put in place. These included issuing laptops instead of desktops to the user base and using an existing cloud-based infrastructure. Much support was already being done remotely, making the transition for the support teams virtually seamless.

    Continuing hybrid work has brought benefits such as reduced commuting costs for employees, higher engagement, and satisfaction among staff that their preferences were heard.

    Looking Forward

    Every flexible work implementation is a work in progress and must be continually revisited to ensure it continues to meet organizational and employee needs. Current questions being explored at Info-Tech are:

    • The concept of the "office as a tool" – how does use of the office change when it is used for specific collaboration-related tasks, rather than everything? How should the physical space change to support this?
    • What does a viable replacement for quick hallway meetings look like in a remote world where communication is much more deliberate? How can managers adjust their practices to ensure the benefits of informal encounters aren't lost?

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Preparation

    Step 1

    Step 2

    Step 3

    Follow-up

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Assess employee and organizational needs.

    Call #3: Shortlist flex work options and assess feasibility.

    Call #4: Finalize flex work options and create rollout plan.

    Call #5: (Optional) Review rollout progress or evaluate pilot success.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 3 to 5 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Activities

    Prepare to assess flex work feasibility

    Assess flex work feasibility

    Finalize flex work options

    Prepare for implementation

    Next Steps and Wrap-Up (offsite)

    1.1 Identify employee and organizational needs.

    1.2 Identify employee segments.

    1.3 Establish program goals and metrics.

    1.4 Shortlist flex work options.

    2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

    3.1 Finalize list of approved flex work options.

    3.2 Brainstorm solutions to implementation issues.

    3.2 Identify how to overcome cultural barriers.

    4.1 Design employee and manager guide prototype.

    4.2 Align HR programs and policies to support flexible work.

    4.3 Create a communication plan.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Organizational context summary
    2. List of shortlisted flex work options
    1. Summary of flex work options' feasibility per employee segment
    1. 1.Final list of flex work options
    2. 2.Implementation barriers and solutions summary
    1. Employee and manager guide to flexible work
    2. Flex work roadmap and communication plan
    1. Completed flexible work feasibility workbook
    2. Flexible work communication plan

    Step 1

    Assess employee and organizational needs

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Identified key stakeholders and their responsibilities
    • Uncovered the current and desired state of the organization
    • Analyzed feedback to identify flexibility challenges
    • Identified and prioritized employee segments
    • Determined the program goals
    • Identified the degree of flexibility for work location, timing, and deliverables

    Identify key stakeholders

    Organizational flexibility requires collaborative and cross-functional involvement to determine which flexible options will meet the needs of a diverse workforce. HR leads the project to explore flexible work options, while other stakeholders provide feedback during the identification and implementation processes.

    HR

    • Assist with the design, implementation, and maintenance of the program.
    • Provide managers and employees with guidance to establish successful flexible work arrangements.
    • Help develop communications to launch and maintain the program.

    Senior Leaders

    • Champion the project by modeling and promoting flexible work options
    • Help develop and deliver communications; set the tone for flexible work at the organization.
    • Provide input into determining program goals.

    Managers

    • Model flexible work options and encourage direct reports to request and discuss options.
    • Use flexible work program guidelines to work with direct reports to select suitable flexible work options.
    • Develop performance metrics and encourage communication between flexible and non-flexible workers.

    Flexible Workers

    • Indicate preferences of flexible work options to the manager.
    • Identify ways to maintain operational continuity and communication while working flexibly.
    • Flag issues and suggest improvements to the manager.
    • Develop creative ways to work with colleagues who don't work flexibly.

    Non-Flexible Workers

    • Share feedback on issues with flexible arrangements and their impact on operational continuity.

    Info-Tech Insight

    Flexible work is a holistic team effort. Leaders, flexible workers, teammates, and HR must clearly understand their roles to ensure that teams are set up for success.

    Uncover the current and desired state of flexibility in the organization

    Current State

    Target State

    Review:

    • Existing policies related to flexibility (e.g. vacation, work from anywhere)
    • Existing flexibility programs (e.g. seasonal hours) and their uptake
    • Productivity of employees
    • Current culture at the organization. Look for:
      • Employee autonomy
      • Reporting structure and performance management processes
      • Trust and psychological safety of employees
      • Leadership behavior (e.g. do leaders model work-life balance, or does the organization have a work 24/7 mentality?)

    Identify what is driving the need for flexible work options. Ask:

    • Why does the organization need flexible options?
      • For example, the introduction of flexibility for some employees has created a "have and have not" dynamic between roles that must be addressed.
    • What does the organization hope to gain from implementing flexible options? For example:
      • Improved retention
      • Increased attraction, remaining competitive for talent
      • Increased work-life balance for employees
      • Reduced burnout
    • What does the organization aspire to be?
      • For example, an organization that creates an environment that values output, not face time.

    These drivers identify goals for the organization to achieve through targeted flexible work options.

    Info-Tech Insight

    Hybrid work is a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.

    Identify employee segments

    Using the data, feedback, and challenges analyzed and uncovered so far, assess the organization and identify employee segments.

    Identify employee segments with common characteristics to assess if they require unique flexible work options. Assess the feasibility options for the segments separately in Step 2.

    • Segments' unique characteristics include:
      • Role responsibilities (e.g. interacting with users, creating reports, development and testing)
      • Work location/schedule (e.g. geographic, remote vs. onsite, 9 to 5)
      • Work processes (e.g. server maintenance, phone support)
      • Group characteristics (e.g. specific teams, new hires)

    Identify employee segments and sort them into groups based on the characteristics above.

    Examples of segments:

    • Functional area (e.g. Service Desk, Security)
    • Job roles (e.g. desktop support, server maintenance)
    • Onsite, remote, or hybrid
    • Full-time or part-time
    • Job level (e.g. managers vs. independent contributors)
    • Employees with dependents

    Prioritize employee segments

    Determine whether the organization needs flexible work options for the entire organization or specific employee segments.
    For specific employee segments:

    • Answer the questions on the right to identify whether an employee segment is high, medium, or low priority. Complete slides 23 to 25 for each high-priority segment, repeating the process for medium-priority segments when resources allow.

    For the entire organization:

    • When identifying an option for the entire organization, consider all segments. The approach must create consistency and inclusion; keep this top of mind when identifying flexibility on slides 23 to 25. For example, the work location flexibility would be low in an organization where some segments can work remotely and others must be onsite due to machinery requirements.

    High priority: The employee segment has the lowest engagement scores or highest turnover within the organization. Segment sentiment is that current flexibility is nonexistent or not sufficiently meeting needs.
    Medium priority: The employee segment has low engagement or high turnover. Segment sentiment is that currently available flexibility is minimal or not sufficiently meeting needs.
    Low priority: The segment does not have the lowest engagement or the highest turnover rate. Segment sentiment is that currently available flexibility is sufficiently meeting needs.

    1. What is the impact on the organization if this segment's challenges aren't addressed (e.g. if low engagement and high turnover are not addressed)?
    2. How critical is flexibility to the segment's needs/engagement?
    3. How time sensitive is it to introduce flexibility to this segment (e.g. is the organization losing employees in this segment at a high rate)?
    4. Will providing flexibility to this segment increase organizational productivity or output

    Identify challenges to address with flexibility

    Uncover the lived experiences and expectations of employees to inform selection of segments and flexible options.

    1. Collect data from existing sources, such as:
      • Engagement surveys
      • New hire/exit surveys
      • Employee experience monitor surveys
      • Employee retention pulse surveys
      • Burnout surveys
      • DEI pulse surveys
    2. Analyze employee feedback on experiences with:
      • Work duties
      • Workload
      • Work-life balance
      • Operating processes and procedures
      • Achieving operational outcomes
      • Collaboration and communication
      • Individual experience and engagement
    3. Evaluate the data and identify challenges

    Example challenges:

    • Engagement: Low average score on work-life balance question; flexible work suggested in open-ended responses.
    • Retention: Exit survey indicating that lack of work-life balance is consistently a reason employees leave. Include the cost of turnover (e.g. recruitment, training, severance).
    • Burnout: Feedback from employees through surveys or HR business partner anecdotes indicating high burnout; high usage of wellness services or employee assistance programs.
    • Absenteeism: High average number of days employees were absent in the past year. Include the cost of lost productivity.
    • Operational continuity: Provide examples of when flexible work would have enabled operational continuity in the case of disaster or extended customer service coverage.
    • Program uptake: If the organization already has a flexible work program, provide data on the low proportion of eligible employees using available options.

    1.1 Prepare to evaluate flexible work options

    1-3 hours

    Follow the guidance on preceding slides to complete the following activities.
    Note: If you are only considering remote or hybrid work, use the Fast-Track Hybrid Work Program Workbook. Otherwise, proceed with the Targeted Flexible Work Program Workbook.

    1. Identify key stakeholders. Be sure to record the level of involvement and responsibility expected from each stakeholder. Use the "Stakeholders" tab of the workbook.
    2. Uncover current and desired state. Review and record your current state with respect to culture, productivity, and current flexible work options, if any. Next, record your desired future state, including reasons for implementing flexible work, and goals for the program. Record this in the "Current and Desired State" tab of the workbook.
    3. Identify and prioritize employee segments. Identify and record employee segments. Depending on the size of your department, you may identify a few or many. Be as granular as necessary to fully separate employee groups with different needs. If your resources or needs prevent you from rolling out flexible work to the entire department, record the priority level of each segment so you can focus on the highest priority first.
    4. Identify challenges with flexibility. With each employee segment in mind, analyze your available data to identify and record each segment's main challenges regarding flexible work. These will inform your program goals and metrics.

    Download the Targeted Flexible Work Program Workbook

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of departmental roles
    • Data on employee engagement, productivity, sentiment regarding flexible work, etc.

    Output

    • List of stakeholders and responsibilities
    • Flexible work challenges and aims
    • Prioritized list of employee segments

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • IT department head
    • HR business partner
    • Flexible work program committee

    Determine goals and metrics for the flexible work program

    Sample program goals

    Sample metrics

    Increase productivity

    • Employee, team, and department key performance indicators (KPIs) before and after flexible work implementation
    • Absenteeism rate (% of lost working days due to all types of absence)

    Improve business satisfaction and perception of IT value

    Increase retention

    • % of exiting employees who cite lack of flexible work options or poor work-life balance as a reason they left
    • Turnover and retention rates

    Improve the employee value proposition (EVP) and talent attraction

    • # of responses on the new hire survey where flexible work options or work-life balance are cited as a reason for accepting an employment offer
    • # of views of career webpage that mentions flexible work program
    • Time-to-fill rates

    Improve engagement and work-life balance

    • Overall engagement score – deploy Info-Tech's Employee Engagement Diagnostics
    • Score for questions about work-life balance on employee engagement or pulse survey, including:
      • "I am able to maintain a balance between my work and personal life."
      • "I find my stress levels at work manageable."

    Info-Tech Insight

    Implementing flex work without solid performance metrics means you won't have a way of determining whether the program is enabling or hampering your business practices.

    1.2 Determine goals and metrics

    30 minutes

    Use the examples on the preceding slide to identify program goals and metrics:

    1. Brainstorm program goals. Be sure to consider both the business benefits (e.g. productivity, retention) and the employee benefits (work-life balance, engagement). A successful flexible work program benefits both the organization and its employees.
    2. Brainstorm metrics for each goal. Identify metrics that are easy to track accurately. Use Info-Tech's IT and HR metrics libraries for reference. Ideally, the metrics you choose should already exist in your organization so no extra effort will be necessary to implement them. It is also important to have a baseline measure of each one before flexible work is rolled out.
    3. Record your outputs on the "Goals and Metrics" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Download the IT Metrics Library

    Download the HR Metrics Library

    Input

    • Organizational and departmental strategy

    Output

    • List of program goals and metrics

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Determine work location flexibility for priority segments

    Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility

    • Low dependence on onsite equipment
    • Work easily shifts to online platforms
    • Low dependence on onsite external interactions (e.g. clients, customers, vendors)
    • Low interdependence of work duties internally (most work is independent)
    • Work processes and expectations are or can be formally documented
    • Remote work processes are sustainable long term

    Most or all operational outcomes can be achieved offsite (e.g. products/service delivery not impacted by WFH)

    • Some dependence on onsite equipment
    • Some work can shift to online platforms
    • Some dependence on onsite external interactions
    • Some interdependence of work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Remote work processes are sustainable (e.g. workarounds can be supported and didn't add work)

    Some operational outcomes can be achieved offsite (e.g. some impact of WFH on product/service delivery)

    Low degree of flexibility

    • High dependence on onsite equipment
    • Work cannot shift to online platforms
    • High dependence on onsite external interactions
    • High interdependence of work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • Work processes cannot be done remotely, and workarounds for remote work are not sustainable long term

    Operational outcomes cannot be achieved offsite (e.g. significant impairment to product/service delivery)

    Note

    If roles within the segment have differing levels of location flexibility, use the lowest results (e.g. if role A in the segment has a high degree of flexibility for work duties and role B has a low degree of flexibility, use the results for role B).

    Identify work timing for priority segments

    Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).

    Work Duties

    Processes

    Operational Outcomes

    High degree of flexibility

    • No need to be available to internal and/or external customers during standard work hours
    • Equipment is available at any time
    • Does not rely on synchronous (occurring at the same time) work duties internally
    • Work processes and expectations are or can be formally documented
    • Low reliance on collaboration
    • Work is largely asynchronous (does not occur at the same time)

    Most or all operational outcomes are not time sensitive

    • Must be available to internal and/or external customers during some standard work hours
    • Some reliance on synchronous work duties internally (collaboration is critical)
    • Most work processes and expectations have been or can be formally documented
    • Moderate reliance on collaboration
    • Some work is synchronous

    Some operational outcomes are time sensitive and must be conducted within set date or time windows

    Low degree of flexibility

    • Must be available to internal and/or external customers during all standard work hours (e.g. Monday to Friday 9 to 5)
    • High reliance on synchronous work duties internally (e.g. line work)
    • Few work processes and expectations can be formally documented
    • High reliance on collaboration
    • Most work is synchronous

    Most or all operational outcomes are time sensitive and must be conducted within set date or time windows

    Note

    With additional coordination, flex time or flex time off options are still possible for employee segments with a low degree of flexibility. For example, with a four-day work week, the segment can be split into two teams – one that works Monday to Thursday and one that works Tuesday to Friday – so that employees are still available for clients five days a week.

    Examine work deliverables for priority segments

    Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).

    Work Duties

    Operational Outcomes

    High degree of flexibility

    • Few or no work duties rely on equipment or processes that put constraints on output (unconstrained output)
    • Employees have autonomy over which work duties they focus on each day
    • Most or all operational outcomes are unconstrained (e.g. a marketing analyst who builds reports and strategies for clients can produce more reports, produce better reports, or identify new strategies)
    • Work quota or targets are achievable even if working fewer hours
    • Some work duties rely on equipment or processes that put constraints on output
    • Employees have some ability to decide which work duties they focus on each day
    • Some operational outcomes are constrained or moderately unconstrained (e.g. an analyst build reports based on client data; while it's possible to find efficiencies and build reports faster, it's not possible to attain the client data any faster)
    • Work quota or targets may be achievable if working fewer hours

    Low degree of flexibility

    • Most or all work duties rely on equipment or processes that put constraints on output (constrained output)
    • Daily work duties are prescribed (e.g. a telemarketer is expected to call a set number of people per day using a set list of contacts and a defined script)
    • Most or all operational outcomes are constrained (e.g. a machine operator works on a machine that produces 100 parts an hour; neither the machine nor the worker can produce more parts)
    • Work quota or targets cannot be achieved if fewer hours are worked

    Note

    For segments with a low degree of work deliverable flexibility (e.g. very constrained output), flexibility is still an option, but maintaining output would require additional headcount.

    1.3 Determine flexibility needs and constraints

    1-2 hours

    Use the guidelines on the preceding slides to document the parameters of each work segment.

    1. Determine work location flexibility. Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.
    2. Identify work timing. Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).
    3. Examine work deliverables. Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).
    4. Record your outputs on the "Current and Desired State" tab of the workbook.

    Download the Targeted Flexible Work Program Workbook

    Input

    • List of employee segments

    Output

    • Summary of flexibility needs and constraints for each employee segment

    Materials

    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Step 2

    Identify potential flex options and assess feasibility

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step you will have:

    • Created a shortlist of potential options for each prioritized employee segment
    • Evaluated the feasibility of each potential option
    • Determined the cost and benefit of each potential option
    • Gathered employee sentiment on potential options
    • Finalized options with senior leadership

    Prepare to identify and assess the feasibility of potential flexible work options

    First, review the Flexible Work Solutions Catalog

    Before proceeding to the next slide, review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments identified in Step 1.

    Then, assess the feasibility of implementing selected options using slides 29 to 32

    Assess the feasibility of implementing the shortlisted solutions for the prioritized employee segments against the feasibility factors in this step. Repeat for each employee segment. Use the following slides to consult with and include leaders when appropriate.

    • Document your analysis in tabs 6 to 8 of the Targeted Flexible Work Program Workbook.
    • Note implementation issues throughout the assessment and record them in the tool. They will be addressed in Step 3: Implement Selected Program(s). Don't rule out an option simply because it presents some challenges; careful implementation can overcome many challenges.
    • At the end of this step, determine the final list of flexible work options and gain approval from senior leaders for implementation.

    Evaluate feasibility by reviewing the option's impact on continued operations and job performance

    Operational coverage

    Synchronous communication

    Time zones

    Face-to-face

    communication

    To what extent are employees needed to deliver products or services?

    • If constant customer service is required, stagger employees' schedules (e.g. one team works Monday-Thursday while another works Tuesday-Friday).

    To what extent do employees need to communicate with each other synchronously?

    • Break the workflow down and identify times when employees do and do not have to work at the same time to communicate with each other.

    To what extent do employees need to coordinate work across time zones?

    • If the organization already operates in different time zones, ensure that the option does not impact operations requiring continuous coverage.
    • When employees are located in different time zones, coordinate schedules based on the other operational factors.

    When do employees need to interact with each other or clients in person?

    • Examine the workflow closely to identify times when face-to-face communication is not required. Schedule "office days" for employees to work together when in-person interaction is needed.
    • When the interaction is only required with clients, determine whether employees are able to meet clients offsite.

    Info-Tech Insight

    Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future-proof your organization.

    Assess the option's alignment with organizational culture

    Symbols

    Values

    Behaviors

    How supportive of flexible work are the visible aspects of the organization's culture?

    • For example, the mission statement, newsletters, or office layout.
    • Note: Visible elements will need to be adapted to ensure they reinforce the value of the flexible work option.

    How supportive are both the stated and lived values of the organization?

    • When the flexible work option includes less direct supervision, assess how empowered employees feel to make decisions.
    • Assess whether all types of employees (e.g. virtual) are included, valued, and supported.

    How supportive are the attitudes and behaviors, especially of leaders?

    • Leaders set the expectations for acceptable behaviors in the organization. Determine how supportive leaders are toward flexible workers by examining their attitudes and perceptions.
    • Identify if employees are open to different ways of doing work.

    Determine the resources required for the option

    People

    Process

    Technology

    Do employees have the knowledge, skills, and abilities to adopt this option?

    • Identify any areas (e.g. process, technology) employees will need to be trained on and assess the associated costs.
    • Determine whether the option will require additional headcount to ensure operational continuity (e.g. two part-time employees in a job-sharing arrangement) and calculate associated costs (e.g. recruitment, training, benefits).

    How much will work processes need to change?

    • Interview organizational leaders with knowledge of the employee segment's core work processes. Determine whether a significant change will be required.
    • If a significant change is required, evaluate whether the benefits of the option outweigh the costs of the process and behavioral change (see the "net benefit" factor on slide 33).

    What new technologies will be required?

    • Identify the technology (e.g. that supports communication, work processes) required to enable the flexible work option.
    • Note whether existing technology can be used or additional technology will be required, and further investigate the viability and costs of these options.

    Examine the option's risks

    Data

    Health & Safety

    Legal

    How will data be kept secure?

    • Determine whether the organization's data policy and technology covers employees working remotely or other flexible work options.
    • If the employee segment handles sensitive data (e.g. personal employee information), consult relevant stakeholders to determine how data can be kept secure and assess any associated costs.

    How will employees' health and safety be impacted?

    • Consult your organization's legal counsel to determine whether the organization will be liable for the employees' health and safety while working from home or other locations.
    • Determine whether the organization's policies and processes will need to be modified.

    What legal risks might be involved?

    • Identify any policies in place or jurisdictional requirements to avoid any legal risks. Consult your organization's legal counsel about the situations below.
      • If the option causes significant changes to the nature of jobs, creating the risk of constructive dismissal.
      • If there are any risks to providing less supervision (e.g. higher chance of harassment).
      • When only some employee segments are eligible for the option, determine whether there is a risk of inequitable access.
      • If the option impacts any unionized employees or collective agreements.

    Determine whether the benefits of the option outweigh the costs

    Include senior leadership in the net benefit process to ensure any unfeasible options are removed from consideration before presenting to employees.

    1. Document the employee and employer benefits of the option from the previous feasibility factors on slides 29 to 32.
    • Include the benefits of reaching program goals identified in Step 1.
    • Quantify the benefits in dollar value where possible.
  • Document the costs and risks of the option, referring to the costs noted from previous feasibility factors.
    • Quantify the costs in dollar value where possible.
  • Compare the benefits and costs.
    • Add an option to your final list if the benefits are greater than the costs.
  • This is an image of a table with the main heading being Net Benefit, with the following subheadings: Benefits to organization; Benefits to employees; Costs.

    Info-Tech Insight

    Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization as a whole, or if the cost of the option is too high, it will not support the long-term success of the organization.

    2.1a Identify and evaluate flexible work options

    30 minutes per employee segment per work option

    If you are only considering hybrid or remote work, skip to activity 2.1b. Use the guidelines on the preceding slides to conduct feasibility assessments.

    1. Shortlist flexible work options. Review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments. Record these on the "Options Shortlist" tab of the workbook. Even if the decision is simple, ensure you record the rationale to help communicate your decision to employees. Transparent communication is the best way to avoid feelings of unfairness if desired work options are not implemented.
    2. Evaluate option feasibility. For each of the shortlisted options, complete one "Feasibility - Option" tab in the workbook. Make as many copies of this tab as needed.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in the feasibility of various types of flexible work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and flexible work feasibility.
    3. Weigh benefits and costs. At the end of each flexible work option evaluation, record the anticipated costs and benefits. Discuss whether this balance renders the option viable or rules it out.

    Download the Targeted Flexible Work Program Workbook

    Download the Flexible Work Options Catalog

    Input

    • List of employee segments

    Output

    • Shortlist of flexible work options
    • Feasibility analysis for each work option

    Materials

    • Targeted Flexible Work Program Workbook
    • Flexible Work Options Catalog

    Participants

    • Flexible work program committee
    • Employee segment managers

    2.1b Assess hybrid work feasibility

    30 minutes per employee segment

    Use the guidelines on the preceding slides to conduct a feasibility assessment. This exercise relies on having trialed hybrid or remote work before. If you have never implemented any degree of remote work, consider completing the full feasibility assessment in activity 2.1a.

    1. Evaluate hybrid work feasibility. Review the feasibility prompts on the "Work Unit Remote Work Assessment" tab and record your insight for each employee segment.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in their ability to accommodate hybrid work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and hybrid work feasibility.

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of employee segments

    Output

    • Feasibility analysis for each work option

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Ask employees which options they prefer and gather feedback for implementation

    Deliver a survey and/or conduct focus groups with a selection of employees from all prioritized employee segments.

    Share

    • Present your draft list of options to select employees.
    • Communicate that the organization is in the process of assessing the feasibility of flexible work options and would like employee input to ensure flex work meets needs.
    • Be clear that the list is not final or guaranteed.

    Ask

    • Ask which options are preferred more than others.
    • Ask for feedback on each option – how could it be modified to meet employee needs better? Use this information to inform implementation in Step 3.

    Decide

    • Prioritize an option if many employees indicated an interest in it.
    • If employees indicate no interest in an option, consider eliminating it from the list, unless it will be required. There is no value in providing an option if employees won't use it.

    Survey

    • List the options and ask respondents to rate each on a Likert scale from 1 to 5.
    • Ask some open-ended questions with comment boxes for employee suggestions.

    Focus Group

    • Conduct focus groups to gather deeper feedback.
    • See Appendix I for sample focus group questions.

    Info-Tech Insight

    Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Finalize options list with senior leadership

    1. Select one to three final options and outline the details of each. Include:
      • Scope: To what extent will the option be applied? E.g. work-from-home one or two days a week.
      • Eligibility: Which employee segments are eligible?
      • Cost: What investment will be required?
      • Critical implementation issues: Will any of the implementation issues identified for each feasibility factor impact whether the option will be approved?
      • Resources: What additional resources will be required (e.g. technology)?
    2. Present the options to stakeholders for approval. Include:
      • An outline of the finalized options, including what the option is and the scope, eligibility, and critical implementation issues.
      • The feasibility assessment results, including benefits, costs, and employee preferences. Have more detail from the other factors ready if leaders ask about them.
      • The investment (cost) required to implement the option.
    3. Proceed to Step 3 to implement approved options.

    Running an IT pilot of flex work

    • As a technology department, IT typically doesn't own flexible work implementation for the entire organization. However, it is common to trial flexible work options for IT first, before rolling out to the entire organization.
    • During a flex work pilot, ensure you are working closely with HR partners, especially regarding regulatory and compliance issues.
    • Keep the rest of the organizational stakeholders in the loop, especially regarding their agreement on the metrics by which the pilot's success will be evaluated.

    2.2a Finalize flexible work options

    2-3 hours + time to gather employee feedback

    If you are only considering hybrid or remote work, skip to activity 2.2b. Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Gather employee feedback. If employee preferences are already known, skip this step. If they are not, gather feedback to ascertain whether any of the shortlisted options are preferred. Remember that a successful flexible work program balances the needs of employees and the business, so employee preference is a key determinant in flexible work program success. Document this on the "Employee Preferences" tab of the workbook.
    2. Finalize flexible work options. Use your notes on the cost-benefit balance for each option, along with employee preferences, to decide whether the move forward with it. Record this decision on the "Options Final List" tab. Include information about eligible employee segments and any implementation challenges that came up during the feasibility assessments. This is the final decision summary that will inform your flexible program parameters and policies.

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options shortlist

    Output

    • Final flexible work options list

    Materials

    • Targeted Flexible Work Program Workbook

    Participants

    • Flexible work program committee

    2.2b Finalize hybrid work parameters

    2-3 hours + time to gather employee feedback

    Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Summarize feasibility analysis. On the "Program Parameters" tab, record the main insights from your feasibility analysis. Finalize important elements, including eligibility for hybrid/remote work by employee segment. Additionally, record the standard parameters for the program (i.e. those that apply to all employee segments) and variable parameters (i.e. ones that differ by employee segment).

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • Hybrid work feasibility analysis

    Output

    • Final hybrid work program parameters

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Step 3

    Implement selected option(s)

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step, you will have:

    • Addressed implementation issues and cultural barriers
    • Equipped the organization to adopt flexible work options successfully
    • Piloted the program and assessed its success
    • Developed a plan for program rollout and communication
    • Established a program evaluation plan
    • Aligned HR programs to support the program

    Solve the implementation issues identified in your feasibility assessment

    1. Identify a solution for each implementation issue documented in the Targeted Flexible Work Program Workbook. Consider the following when identifying solutions:
      • Scope: Determine whether the solution will be applied to one or all employee segments.
      • Stakeholders: Identify stakeholders to consult and develop a solution. If the scope is one employee segment, work with organizational leaders of that segment. When the scope is the entire organization, consult with senior leaders.
      • Implementation: Collaborate with stakeholders to solve implementation issues. Balance the organizational and employee needs, referring to data gathered in Steps 1 and 2.

    Example:

    Issue

    Solution

    Option 1: Hybrid work

    Brainstorming at the beginning of product development benefits from face-to-face collaboration.

    Block off a "brainstorming day" when all team members are required in the office.

    Employee segment: Product innovation team

    One team member needs to meet weekly with the implementation team to conduct product testing.

    Establish a schedule with rotating responsibility for a team member to be at the office for product testing; allow team members to swap days if needed.

    Address cultural barriers by involving leaders

    To shift a culture that is not supportive of flexible work, involve leaders in setting an example for employees to follow.

    Misconceptions

    Tactics to overcome them

    • Flexible workers are less productive.
    • Flexible work disrupts operations.
    • Flexible workers are less committed to the organization.
    • Flexible work only benefits employees, not the organization.
    • Employees are not working if they aren't physically in the office.

    Make the case by highlighting challenges and expected benefits for both the organization and employees (e.g. same or increased productivity). Use data in the introductory section of this blueprint.

    Demonstrate operational feasibility by providing an overview of the feasibility assessment conducted to ensure operational continuity.

    Involve most senior leadership in communication.

    Encourage discovery and exploration by having managers try flexible work options themselves, which will help model it for employees.

    Highlight success stories within the organization or from competitors or similar industries.

    Invite input from managers on how to improve implementation and ownership, which helps to discover hidden options.

    Shift symbols, values, and behaviors

    • Work with senior leaders to identify symbols, values, and behaviors to modify to align with the selected flexible work options.
    • Validate that the final list aligns with your organization's mission, vision, and values.

    Info-Tech Insight

    Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.

    Equip the organization for successful implementation

    Info-Tech recommends providing managers and employees with a guide to flexible work, introducing policies, and providing training for managers.

    Provide managers and employees with a guide to flexible work

    Introduce appropriate organization policies

    Equip managers with the necessary tools and training

    Use the guide to:

    • Familiarize employees and managers with the flexible work program.
    • Gain employee and manager buy-in and support for the program.
    • Explain the process and give guidance on selecting flexible work options and working with their colleagues to make it a success.

    Use Info-Tech's customizable policy templates to set guidelines, outline arrangements, and scope the organization's flexible work policies. This is typically done by, or in collaboration with, the HR department.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Flex Location Policy

    Download the Flex Time-Off Policy

    Download the Flex Time Policy

    3.1 Prepare for implementation

    2-3 hours

    Use the guidelines on the preceding slides to brainstorm solutions to implementation issues and prepare to communicate program rollout to stakeholders.

    1. Solve implementation issues.
      • If you are working with the Targeted Flexible Work Program Workbook: For each implementation challenge identified on the "Final Options List" tab, brainstorm solutions. If you are working with the Fast-Track Hybrid Work Program Workbook: Work through the program enablement prompts on the "Program Enablement" tab.
      • You may need to involve relevant stakeholders to help you come up with appropriate solutions for each employee segment.
      • Ensure that any anticipated cultural barriers have been documented and are addressed during this step. Don't underestimate the importance of a supportive organizational culture to the successful rollout of flexible work.
    2. Prepare the employee guide. Modify the Guide to Flexible Work for Managers and Employees template to reflect your final work options list and the processes and expectations employees will need to follow.
    3. Create a communication plan. Use Info-Tech's Communicate Any IT Initiative blueprint and Appendix II to craft your messaging.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options final list

    Output

    • Employee guide to flexible work
    • Flexible work rollout communication plan

    Materials

    • Guide to Flexible Work for Managers and Employees
    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Run an IT pilot for flexible work

    Prepare for pilot

    Launch Pilot

    Identify the flexible work options that will be piloted.

    • Refer to the final list of selected options for each priority segment to determine which options should be piloted.

    Select pilot participants.

    • If not rolling out to the entire IT department, look for the departments and/or team(s) where there is the greatest need and the biggest interest (e.g. team with lowest engagement scores).
    • Include all employees within the department, or team if the department is too large, in the pilot.
    • Start with a group whose managers are best equipped for the new flexibility options.

    Create an approach to collect feedback and measure the success of the pilot.

    • Feedback can be collected using surveys, focus groups, and/or targeted in-person interviews.

    The length of the pilot will greatly vary based on which flexible work options were selected (e.g. seasonal hours will require a shorter pilot period compared to implementing a compressed work week). Use discretion when deciding on pilot length and be open to extending or shortening the pilot length as needed.

    Launch pilot.

    • Launch the program through a town hall meeting or departmental announcement to build excitement and buy-in.
    • Develop separate communications for employee segments where appropriate. See Appendix II for key messaging to include.

    Gather feedback.

    • The feedback will be used to assess the pilot's success and to determine what modifications will be needed later for a full-scale rollout.
    • When gathering feedback, tailor questions based on the employee segment but keep themes similar. For example:
      • Employees: "How did this help your day-to-day work?"
      • Managers: "How did this improve productivity on your team?"

    Track metrics.

    • The success of the pilot is best communicated using your department's unique KPIs.
    • Metrics are critical for:
      • Accurately determining pilot success.
      • Getting buy-in to expand the pilot beyond IT.
      • Justifying to employees any changes made to the flexible work options.

    Assess the pilot's success and determine next steps

    Review the feedback collected on the previous slide and use this decision tree to decide whether to relaunch a pilot or proceed to a full-scale rollout of the program.

    This is an image of the flow chart used to assess the pilot's success and determine the next steps.  It will help you to determine whether you will Proceed to full-scale rollout on next slide, Major modifications to the option/launch (e.g. change operating time) – adjust and relaunch pilot or select a new employee segment and relaunch pilot, Minor modifications to the option/launch (e.g. introduce additional communications) – adjust and proceed to full scale rollout, or Return to shortlist (Step 2) and select a different option or launch pilot with a different employee segment.

    Prepare for full-scale rollout

    If you have run a team pilot prior to rolling out to all of IT, or run an IT pilot before an organizational rollout, use the following steps to transition from pilot to full rollout.

    1. Determine modifications
      • Review the feedback gathered during the pilot and determine what needs to change for a full-scale implementation.
      • Update HR policies and programs to support flexible work. Work closely with your HR business partner and other organizational leaders to ensure every department's needs are understood and compliance issues are addressed.
    2. Roll out and evaluate
      • Roll out the remainder of the program (e.g. to other employee segments or additional flexible work options) once there is significant uptake of the pilot by the target employee group and issues have been addressed.
      • Determine how feedback will be gathered after implementation, such as during engagement surveys, new hire and exit surveys, stay interviews, etc., and assess whether the program continues to meet employee and organizational needs.

    Rolling out beyond IT

    For a rollout beyond IT, HR will likely take over.

    However, this is your chance to remain at the forefront of your organization's flexible work efforts by continuing to track success and gather feedback within IT.

    Align HR programs and organizational policies to support flexible work

    Talent Management

    Learning & Development

    Talent Acquisition

    Reinforce managers' accountability for the success of flexible work in their teams:

    • Include "managing virtual teams" in the people management leadership competency.
    • Recognize managers who are modeling flexible work.

    Support flexible workers' career progression:

    • Monitor the promotion rates of flexible workers vs. non-flexible workers.
    • Make sure flexible workers are discussed during talent calibration meetings and have access to career development opportunities.

    Equip managers and employees with the knowledge and skills to make flexible work successful.

    • Provide guidance on selecting the right options and maintaining workflow.
    • If moving to a virtual environment, train managers on how to make it a success.

    Incorporate the flexible work program into the organization's employee value proposition to attract top talent who value flexible work options.

    • Highlight the program on the organization's career site and in job postings.

    Organizational policies

    Determine which organizational policies will be impacted as a result of the new flexible work options. For example, the introduction of flex time off can result in existing vacation policies needing to be updated.

    Plan to re-evaluate the program and make improvements

    Collect data

    Collect data

    Act on data

    Uptake

    Gather data on the proportion of employees eligible for each option who are using the option.

    If an option is tracking positively:

    • Maintain or expand the program to more of the organization.
    • Conduct a feasibility assessment (Step 2) for new employee segments.

    Satisfaction

    Survey managers and employees about their satisfaction with the options they are eligible for and provide an open box for suggestions on improvements.

    If an option is tracking negatively:

    • Investigate why. Gather additional data, interview organizational leaders, and/or conduct focus groups to gain deeper insight.
    • Re-assess the feasibility of the option (Step 2). If the costs outweigh the benefits based on new data, determine whether to cancel the option.
    • Take appropriate action based on the outcome of the evaluation, such as modifying or cancelling the option or providing employees with more support.
      • Note: Cancelling an option can impact the engagement of employees using the option. Ensure that the data, reasons for cancelling the option, and potential substitute options are communicated to employees in advance.

    Program goal progress

    Monitor progress against the program goals and metrics identified in Step 1 to evaluate the impact on issues that matter to the organization (e.g. retention, productivity, diversity).

    Career progression

    Evaluate flexible workers' promotion rates and development opportunities to determine if they are developing.

    Info-Tech Insight

    Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.

    Step 1 insight

    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.

    Step 2 insight

    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Step 3 insight

    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Research Contributors and Experts

    Quinn Ross
    CEO
    The Ross Firm Professional Corporation

    Margaret Yap
    HR Professor
    Ryerson University

    Heather Payne
    CEO
    Juno College

    Lee Nguyen
    HR Specialist
    City of Austin

    Stacey Spruell
    Division HR Director
    Travis County

    Don MacLeod
    Chief Administrative Officer
    Zorra Township

    Stephen Childs
    CHRO
    Panasonic North America

    Shawn Gibson
    Sr. Director
    Info Tech Research Group

    Mari Ryan
    CEO/Founder
    Advancing Wellness

    Sophie Wade
    Founder
    Flexcel Networks

    Kim Velluso
    VP Human Resources
    Siemens Canada

    Lilian De Menezes
    Professor of Decision Sciences
    Cass Business School, University of London

    Judi Casey
    WorkLife Consultant and former Director, Work and Family Researchers Network
    Boston College

    Chris Frame
    Partner – Operations
    LiveCA

    Rose M. Stanley, CCP, CBP, WLCP, CEBS
    People Services Manager
    Sunstate Equipment Co., LLC

    Shari Lava
    Director, Vendor Research
    Info-Tech Research Group

    Carol Cochran
    Director of People & Culture
    FlexJobs

    Kidde Kelly
    OD Practitioner

    Dr. David Chalmers
    Adjunct Professor
    Ted Rogers School of Management, Ryerson University

    Kashmira Nagarwala
    Change Manager
    Siemens Canada

    Dr. Isik U. Zeytinoglu
    Professor of Management and Industrial Relations McMaster University, DeGroote School of Business

    Claire McCartney
    Diversity & Inclusion Advisor
    CIPD

    Teresa Hopke
    SVP of Client Relations
    Life Meets Work – www.lifemeetswork.com

    Mark Tippey
    IT Leader and Experienced Teleworker

    Dr. Kenneth Matos
    Senior Director of Research
    Families and Work Institute

    1 anonymous contributor

    Appendix I: Sample focus group questions

    See Info-Tech's Focus Group Guidefor guidance on setting up and delivering focus groups. Customize the guide with questions specific to flexible work (see sample questions below) to gain deeper insight into employee preferences for the feasibility assessment in Step 2 of this blueprint.

    Document themes in the Targeted Flexible Work Program Workbook.

    • What do you need to balance/integrate your work with your personal life?
    • What challenges do you face in achieving work-life balance/integration?
    • What about your job is preventing you from achieving work-life balance/integration?
    • How would [flexible work option] help you achieve work-life balance/integration?
    • How well would this option work with the workflow of your team or department? What would need to change?
    • What challenges do you see in adopting [flexible work option]?
    • What else would be helpful for you to achieve work-life balance/integration?
    • How could we customize [flexible work option] to ensure it meets your needs?
    • If this program were to fail, what do you think would be the top reasons and why?

    Appendix II: Communication key messaging

    1. Program purpose

    Start with the name and high-level purpose of the program.

    2. Business reasons for the program

    Share data you gathered in Step 1, illustrating challenges causing the need for the program and the benefits.

    3. Options selection process

    Outline the process followed to select options. Remember to share the involvement of stakeholders and the planning around employees' feedback, needs, and lived experiences.

    4. Options and eligibility

    Provide a brief overview of the options and eligibility. Specify that the organization is piloting these options and will modify them based on feedback.

    5. Approval not guaranteed

    Qualify that employees need to be "flexible about flexible work" – the options are not guaranteed and may sometimes be unavailable for business reasons.

    6. Shared responsibility

    Highlight the importance of everyone (managers, flexible workers, the team) working together to make flexible work achievable.

    7. Next steps

    Share any next steps, such as where employees can find the organization's Guide to Flexible Work for Managers and Employees, how to make flexible work a success, or if managers will be providing further detail in a team meeting.

    8. Ongoing communications

    Normalize the program and embed it in organizational culture by continuing communications through various media, such as the organization's newsletter or announcements in town halls.

    Works Cited

    Baziuk, Jennifer, and Duncan Meadows. "Global Employee Survey - Key findings and implications for ICMIF." EY, June 2021. Accessed May 2022.
    "Businesses suffering 'commitment issues' on flexible working," EY, 21 Sep. 2021. Accessed May 2022.
    "IT Talent Trends 2022". Info-Tech Research Group, 2022.
    "Jabra Hybrid Ways of Working: 2021 Global Report." Jabra, Aug. 2021. Accessed May 2022.
    LinkedIn Talent Solutions. "2022 Global Talent Trends." LinkedIn, 2022. Accessed May 2022.
    Lobosco, Mark. "The Future of Work is Flexible: 71% of Leaders Feel Pressure to Change Working Models." LinkedIn, 9 Sep. 2021. Accessed May 2022.
    Ohm, Joy, et al. "Covid-19: Women, Equity, and Inclusion in the Future of Work." Catalyst, 28 May 2020. Accessed May 2022.
    Pelta, Rachel. "Many Workers Have Quit or Plan to After Employers Revoke Remote Work." FlexJobs, 2021. Accessed May 2022.
    Slack Future Forum. "Inflexible return-to-office policies are hammering employee experience scores." Slack, 19 April 2022. Accessed May 2022.
    "State of Hybrid Work in IT: A Trend Report". Info-Tech Research Group, 2023.
    Threlkeld, Kristy. "Employee Burnout Report: COVID-19's Impact and 3 Strategies to Curb It." Indeed, 11 March 2021. Accessed March 2022.

    Embed Security Into the DevOps Pipeline

    • Buy Link or Shortcode: {j2store}265|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $31,515 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Your organization is starting its DevOps journey and is looking to you for guidance on how to ensure that the outcomes are secure.
    • Or, your organization may have already embraced DevOps but left the security team behind. Now you need to play catch-up.

    Our Advice

    Critical Insight

    • Shift security left. Identify opportunities to embed security earlier in the development pipeline.
    • Start with minimum viable security. Use agile methodologies to further your goals of secure DevOps.
    • Treat “No” as a finite resource. The role of security must transition from that of naysayer to a partner in finding the way to “Yes.”

    Impact and Result

    • Leverage the CLAIM (Culture, Learning, Automation, Integration, Measurement) Framework to identify opportunities to close the gaps.
    • Collaborate to find new ways to shift security left so that it becomes part of development rather than an afterthought.
    • Start with creating minimum viable security by developing a DevSecOps implementation strategy that focuses initially on quick wins.

    Embed Security Into the DevOps Pipeline Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should secure the DevOps pipeline, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify opportunities

    Brainstorm opportunities to secure the DevOps pipeline using the CLAIM Framework.

    • Embed Security Into the DevOps Pipeline – Phase 1: Identify Opportunities

    2. Develop strategy

    Assess opportunities and formulate a strategy based on a cost/benefit analysis.

    • Embed Security Into the DevOps Pipeline – Phase 2: Develop Strategy
    • DevSecOps Implementation Strategy Template
    [infographic]

    Spread Best Practices With an Agile Center of Excellence

    • Buy Link or Shortcode: {j2store}152|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $97,499 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

    Our Advice

    Critical Insight

    • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
    • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
    • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

    Impact and Result

    • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
    • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

    Spread Best Practices With an Agile Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Strategically align the Center of Excellence

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

    2. Standardize the Center of Excellence’s service offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

    • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

    3. Operate the Center of Excellence

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

    • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
    • ACE Satisfaction Survey
    • CoE Maturity Diagnostic Tool
    • ACE Benefits Tracking Tool
    • ACE Communications Deck
    [infographic]

    Workshop: Spread Best Practices With an Agile Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Vision of CoE

    The Purpose

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    Understand how your key stakeholders will impact the longevity of your CoE.

    Determine your CoE structure and staff.

    Key Benefits Achieved

    Top-down alignment with strategic aims of the organization.

    A set of high-level use cases to form the CoE’s service offerings around.

    Visualization of key stakeholders, with their current and desired power and involvement documented.

    Activities

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Outputs

    Prioritized business objectives

    Business-aligned use cases to form CoE’s service offerings

    Stakeholder map of key influencers

    2 Define Service Offerings of CoE

    The Purpose

    Document the functional expectations of the Agile teams.

    Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

    Create a capability map that visualizes and prioritizes your key service offerings.

    Key Benefits Achieved

    Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

    Refined use cases that define the service offerings the CoE provides to its customers.

    Prioritization for the creation of service offerings with a capability map.

    Activities

    2.1 Classified pains and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Outputs

    Classified pains and opportunities

    Refined use cases based on pains and opportunities identified during ACE requirements gathering

    ACE Capability Map

    3 Define Engagement Plans

    The Purpose

    Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

    Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

    Key Benefits Achieved

    Mechanisms put in place for continual improvement and personal development for your Agile teams.

    Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

    Activities

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Outputs

    Adoption-aligned service offerings

    Role-based engagement plans

    4 Define Metrics and Plan Communications

    The Purpose

    Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

    Key Benefits Achieved

    The foundations of continuous improvement are established with a robust set of Agile metrics.

    Activities

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Outputs

    Business objective-aligned metrics

    CoE performance metrics

    Agile adoption metrics

    Assessment of organizational design

    CoE communication plan

    Further reading

    Spread Best Practices With an Agile Center of Excellence

    Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    ANALYST PERSPECTIVE

    "Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

    Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
    • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

    This Research Will Help You:

    • Align your Agile support structure with business objectives and the functional expectations of its users.
    • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
    • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

    This Research Will Also Assist

    • Project managers who are tasked with managing Agile projects.
    • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

    This Research Will Help Them:

    • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
    • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

    Executive summary

    Situation

    • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

    Complication

    • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
    • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

    Resolution

    • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
    • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
    • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
    • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
    • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

    Info-Tech Insight

    1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
    2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
    3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

    Info-Tech’s Agile Journey related Blueprints

    1. Stabilize

    Implement Agile Practices That Work

    Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

    2. Sustain

    YOU ARE HERE

    Spread Best Practices with an Agile Center of Excellence

    Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

    3. Scale

    Enable Organization-Wide Collaboration by Scaling Agile

    Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

    4. Satisfy

    Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    2.1 Define an adoption plan for Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives

    Supporting Capabilities and Practices

    Modernize Your SDLC

    Remodel the stages of your lifecycle to standardize your definition of a successful product.

    Build a Strong Foundation for Quality

    Instill quality assurance practices and principles in each stage of your software development lifecycle.

    Implement DevOps Practices That Work

    Fix, deploy, and support applications quicker though development and operations collaboration.

    What is an Agile Center of Excellence?

    NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

    An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

    From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

    From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

    An ACE provides the following:

    1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
    2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
    3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
    4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

    SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

    Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

    A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

    – Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

    – Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    What to know about CoPs:

    1. Less formal than a CoE
      • Loosely organized by volunteer practitioners who are interested in advancing the practice.
    2. Not the Authoritative Voice
      • Stakeholders engage the CoP voluntarily, and are not bound by them.
    3. Not funded by Organization
      • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
    4. Not covered in this Blueprint
      • In depth analysis on CoPs is outside the scope of this Blueprint.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.
  • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.
  • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
  • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.
  • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.
  • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
  • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.
  • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Data security consultancy

    Data security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Data security consultancy makes up one of Tymans Group’s areas of expertise as a corporate consultancy firm. We are happy to offer our insights and solutions regarding data security and risk to businesses, both through online and offline channels. Read on and discover how our consultancy company can help you set up practical data security management solutions within your firm.

    How our data security consultancy services can help your company

    Data security management should be an important aspect of your business. As a data security consultancy firm, Tymans Group is happy to assist your small or medium-sized enterprise with setting up clear protocols to keep your data safe. As such, we can advise on various aspects comprising data security management. This ranges from choosing a fit-for-purpose data architecture to introducing IT incident management guidelines. Moreover, we can perform an external IT audit to discover which aspects of your company’s data security are vulnerable and which could be improved upon.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Discover our practical data security management solutions

    Data security is just one aspect with which our consultancy firm can assist your company. Tymans Group offers its extensive expertise in various corporate management domains, such as quality management and risk management. Our solutions all stem from our vast expertise and have proven their effectiveness. Moreover, when you choose to employ our consultancy firm for your data security management, you benefit from a holistic, people-oriented approach.

    Set up an appointment with our experts

    Do you wish to learn more about our data security management solutions and services for your company? We are happy to analyze any issues you may be facing and offer you a practical solution if you contact us for an appointment. You can book a one-hour online talk or elect for an on-site appointment with our experts. Contact us to set up your appointment now.

    Continue reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    • Buy Link or Shortcode: {j2store}139|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $63,667 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With Adobe’s transition to a cloud-based subscription model, it’s important for organizations to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Our Advice

    Critical Insight

    • Focus on user needs first. Examine which products are truly needed versus nice to have to prevent overspending on the Creative Cloud suite.
    • Examine what has been deployed. Knowing what has been deployed and what is being used will greatly aid in completing your true-up.
    • Compliance is not automatic with products that are in the cloud. Shared logins or computers that have desktop installs that can be access by multiple users can cause noncompliance.

    Impact and Result

    • Visibility into license deployments and needs
    • Compliance with internal audits

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend Research & Tools

    Start here – read the Executive Brief

    Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing to avoid overspending and to maximize negotiation leverage.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage your Adobe agreements

    Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.

    • Adobe ETLA vs. VIP Pricing Table
    • Adobe ETLA Forecasted Costs and Benefits
    • Adobe ETLA Deployment Forecast
    [infographic]

    Further reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    Learn the essential steps to avoid overspending and to maximize negotiation leverage with Adobe.

    ANALYST PERSPECTIVE

    Only 18% of Adobe licenses are genuine copies: are yours?

    "Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "

    Scott Bickley

    Research Lead, Vendor Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • IT managers scoping their Adobe licensing requirements and compliance position.
    • CIOs, CTOs, CPOs, and IT directors negotiating licensing agreements in search of cost savings.
    • ITAM/Software asset managers responsible for tracking and managing Adobe licensing.
    • IT and business leaders seeking to better understand Adobe licensing options (Creative Cloud).
    • Vendor management offices in the process of a contract renewal.

    This Research Will Help You:

    • Understand and simplify licensing per product to help optimize spend.
    • Ensure agreement type is aligned to needs.
    • Navigate the purchase process to negotiate from a position of strength.
    • Manage licenses more effectively to avoid compliance issues, audits, and unnecessary purchases.

    This Research Will Also Assist:

    • CFOs and the finance department
    • Enterprise architects
    • ITAM/SAM team
    • Network and IT architects
    • Legal
    • Procurement and sourcing

    This Research Will Help Them:

    • Understand licensing methods in order to make educated and informed decisions.
    • Understand the future of the cloud in your Adobe licensing roadmap.

    Executive summary

    Situation

    • Adobe’s dominant market position and ownership of the creative software market is forcing customers to refocus the software acquisition process to ensure a positive ROI on every license.
    • In early 2017, Adobe announced it would stop selling perpetual Creative Suite 6 products, forcing future purchases to be transitioned to the cloud.

    Complication

    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With transition to a cloud-based subscription model, organizations need to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Resolution

    • Gain visibility into license deployments and needs with a strong SAM program/tool; this will go a long way toward optimizing spend.
      • Number of users versus number of installs are not the same, and confusing the two can result in overspending. Device-based licensing historically would have required two licenses, but now only one may be required.
    • Ensure compliance with internal audits. Adobe has a very high rate of piracy stemming from issues such as license overuse, misunderstanding of contract language, using cracks/keygens, virtualized environments, indirect access, and sharing of accounts.
    • A handful of products are still sold as perpetual – Acrobat Standard/Pro, Captivate, ColdFusion, Photoshop, and Premiere Elements – but be aware of what is being purchased and used in the organization.
      • Beware of products deployed on server, where the number of users accessing that product cannot easily be counted.

    Info-Tech Insight

    1. Your user-need analysis has shifted in the new subscription-based model. Determine which products are needed versus nice to have to prevent overspending on the Creative Cloud suite.
    2. Examine what you need, not what you have. You can no longer mix and match applications.
    3. Compliance is not automatic with products that are in the cloud. Shared logins or computers with desktop installs that can be accessed by multiple users can cause noncompliance.

    The aim of this blueprint is to provide a foundational understanding of Adobe

    Why Adobe

    In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.

    What to know

    Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.

    The Future

    Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).

    Info-Tech Insight

    Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.

    Learn the “Adobe way,” whether you are reviewing existing spend or considering the purchase of new products

    1. Legacy on-premises Adobe Creative Suite products used to be available in multiple package configurations, enabling right-sized spend with functionality. Adobe’s support for legacy Creative Suites CS6 products ended in May 2017.
    2. While early ETLAs allowed customer application packaging at a lower price than the full Creative Cloud suite, this practice has been discontinued. Now, the only purchasing options are the full suite or single-application subscriptions.
    3. Buyers must now assess alternative Adobe products as an option for non-power users. For example, QuarkXPress, Corel PaintShop Pro, CorelDRAW, Bloom, and Affinity Designer are possible replacements for some Creative Cloud applications.
    4. Document Cloud, Adobe’s latest step in creating an Acrobat-focused subscription model, limits the ability to reduce costs with an extended upgrade cycle. These changes go beyond the licensing model.
    5. Organizations need to perform a cost-benefit analysis of single app purchases vs. the full suite to right-size spend with functionality.

    As Adobe’s dominance continues to grow, organizations must find new ways to maintain a value-added relationship

    Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.

    The image contains two pie graphs. The first is labelled FY2014 Revenue Mix, and the second graph is titled FY2017E Revenue Mix.

    Source: Adobe, 2017

    "Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."

    – Omid Razavi, Global Head of Success, ServiceNow

    Consider your route forward

    Consider your route forward, as ETLA contract commitments, scope, and mechanisms differ in structure to the perpetual models previously utilized. The new model shortchanges technology procurement leaders in their expectations of cost-usage alignment and opex flexibility (White, 2016).

    ☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.

    ☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.

    ☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.

    ☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.

    The image contains a screenshot of a diagram listing the adobe toolkit. The toolkit includes: Adobe ETLA Deployment Forecast Tool, Adobe ETLA Forecasted Cost and Benefits, Adobe ETLA vs. VIP Pricing Table.

    Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal

    Info-Tech Insight

    IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.

    Apply licensing best practices and examine the potential for cost savings through an unbiased third-party perspective

    Establish Licensing Requirements

    • Understand Adobe’s product landscape and transition to cloud.
    • Analyze users and match to correct Adobe SKU.
    • Conduct an internal software assessment.
    • Build an effective licensing position.

    Evaluate Licensing Options

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)

    Evaluate Agreement Options

    • Price
    • Discounts
    • Price protection
    • Terms and conditions

    Purchase and Manage Licenses

    • Learn negotiation tactics to enhance your current strategy.
    • Control the flow of communication.
    • Assign the right people to manage the environment.

    Preventive practices can help find measured value ($)

    Time and resource disruption to business if audited

    Lost estimated synergies in M&A

    Cost of new licensing

    Cost of software audit, penalties, and back support

    Lost resource allocation and time

    Third party, legal/SAM partners

    Cost of poor negotiation tactics

    Lost discount percentage

    Terms and conditions improved

    Explore Adobe licensing and optimize spend – project overview

    Establish Licensing Requirements

    Evaluate Licensing Options

    Evaluate Agreement Options

    Purchase and Manage Licenses

    Best-Practice Toolkit

    • Assess current state and align goals; review business feedback.
    • Interview key stakeholders to define business objectives and drivers.
    • Review licensing options.
    • Review licensing rules.
    • Determine the ideal contract type.
    • Review final contract.
    • Discuss negotiation points.
    • License management.
    • Future licensing strategy.

    Guided Implementations

    • Engage in a scoping call.
    • Assess the current state.
    • Determine licensing position.
    • Review product options.
    • Review licensing rules.
    • Review contract option types.
    • Determine negotiation points.
    • Finalize the contract.
    • Discuss license management.
    • Evaluate and develop a roadmap for future licensing.

    PHASE 1

    Manage Your Adobe Agreements

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Managing Adobe Contracts

    Proposed Time to Completion: 3-6 weeks

    Step 1.1: Establish Licensing Requirements

    Start with a kick-off call:

    • Assess the current state.
    • Determine licensing position.

    Then complete these activities…

    • Complete a deployment count, needs analysis, and internal audit.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Step 1.2: Determine Licensing Options

    Review findings with analyst:

    • Review licensing options.
    • Review licensing rules.
    • Review contract option types.

    Then complete these activities…

    • Select licensing option.
    • Document forecasted costs and benefits.

    With these tools & templates:

    Adobe ETLA vs. VIP Pricing Table

    Adobe ETLA Forecasted Costs and Benefits

    Step 1.3: Purchase and Manage Licenses

    Review findings with analyst:

    • Review final contract.
    • Discuss negotiation points.
    • Plan a roadmap for SAM.

    Then complete these activities…

    • Negotiate final contract.
    • Evaluate and develop a roadmap for SAM.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Adobe’s Cloud – Snapshot of what has changed

    1. Since Adobe has limited the procurement and licensing options with the introduction of Creative Cloud, there are three main choices:
      1. Direct online purchase at Adobe.com
      2. Value Incentive Plan (VIP): Creative Cloud for teams–based purchase with a volume discount (minimal, usually ~10%); may have some incentives or promotional pricing
      3. Enterprise Term License Agreement (ETLA): Creative Cloud for Enterprise (CCE)
    2. Adobe has discontinued support for legacy perpetual licenses, with the latest version being CS6, which is steering organizations to prioritize their options for products in the creative and document management space.
    3. Document Cloud (DC) is the cloud product replacing the Acrobat perpetual licensing model. DC extends the subscription-based model further and limits options to extend the lifespan of legacy on-premises licenses through a protracted upgrade process.
    4. The subscription model, coupled with limited discount options on transactional purchases, forces enterprises to consider the ETLA option. The ETLA brings with it unique term commitments, new pricing structures, and true-up mechanisms and inserts the "land and expand" model vs. license reassignment.

    Info-Tech Insight

    Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.

    Core concepts of Adobe agreements: Discounting, pricing, and bundling

    ETLA

    Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.

    Adobe Cloud Bundling

    Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.

    Custom Bundling

    The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.

    Higher and Public Education

    Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.

    Info-Tech Insight

    Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Track deployment and needs

    The image contains a screenshot of Info-Tech's Adobe deployment tool for SAM: Track deployment and needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Audit

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Audit tab.

    Use Info-Tech’s Adobe deployment tool for SAM: Cost

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Cost tab.

    Use Info-Tech’s tools to compare ETLA vs. VIP and to document forecasted costs and benefits

    Is the ETLA or VIP option better for your organization?

    Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    The image contains a screenshot of Info-Tech's Adobe ETLA vs. VIP Pricing Table.

    Your ETLA contains multiple products and is a multi-year agreement.

    Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.

    The image contains a screenshot of Info-Tech's ETLA Forecasted Costs and Benefits.

    Adobe’s Creative Cloud Complete offering provides access to all Adobe creative products and ongoing upgrades

    Why subscription model?

    The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.

    Key Characteristics:

    • Available as a month-to-month or annual subscription license
    • Can be purchased for one user, for a team, or for an enterprise
    • Subject to annual payment and true-up of license fees
    • Can only true-up during lifespan of contract; quantities cannot be reduced until renewal
    • May contain auto-renewal clauses – beware!

    Key things to know:

    1. Applications can be purchased individually if users require only one specific product. A few products continue to have on-premises licensing options, but most are offered by per-user subscriptions.
    2. At the end of the subscription period, the organization no longer has any rights to the software and would have to return to a previously owned version.
    3. True-downs are not possible (in contrast to Microsoft’s Office 365).
    4. Downgrade rights are not included or are limited by default.

    Which products are in the Creative Cloud bundle?

    Adobe Acrobat® XI Pro

    Adobe After Effects® CC

    Adobe Audition® CC

    Adobe Digital Publishing Suite, Single Edition

    Adobe InDesign® CC

    Adobe Dreamweaver® CC

    Adobe Edge Animate

    Adobe Edge Code preview

    Adobe Edge Inspect

    Adobe Photoshop CC

    Adobe Edge Reflow preview

    Adobe Edge Web Fonts

    Adobe Extension Manager

    ExtendScript Toolkit

    Adobe Fireworks® CS6

    Adobe Flash® Builder® 4.7 Premium Edition

    Adobe Flash Professional CC

    Adobe Illustrator® CC

    Adobe Prelude® CC

    Adobe Premiere® Pro CC

    Adobe Scout

    Adobe SpeedGrade® CC

    Adobe Muse CC

    Adobe Photoshop Lightroom 6

    Adobe offers different solutions for teams vs. enterprise licensing

    Evaluate the various options for Creative Cloud, as they can be purchased individually, for teams, or for enterprise.

    Bundle Name

    Target Customer

    Included Applications

    Features

    CC (for Individuals)

    Individual users

    The individual chooses

    • Sync, store, and share assets
    • Adobe Portfolio website
    • Adobe Typekit font collection
    • Microsoft Teams integration
    • Can only be purchased through credit card

    CC for Teams (CCT)

    Small to midsize organizations with a small number of Adobe users who are all within the same team

    Depends on your team’s requirements. You can select all applications or specific applications.

    Everything that CC (for individuals) does, plus

    • One license per user; can reassign CC licenses
    • Web-based admin console
    • Centralized deployment
    • Usage tracking and reporting
    • 100GB of storage per user
    • Volume discounts for 10+ seats

    CC for Enterprise (CCE)

    Large organizations with users who regularly use multiple Adobe products on multiple machines

    All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts

    Everything that CCT does, plus

    • Employees can activate a second copy of software on another device (e.g. home computer) as long as they share the same Adobe ID and are not used simultaneously
    • Ability to reassign licenses from old users to new users
    • Custom storage options
    • Greater integration with other Adobe products
    • Larger volume discounts with more seats

    For further information on specific functionality differences, reference Adobe’s comparison table.

    A Cloud-ish solution: Considerations and implications for IT organizations

    ☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.

    ☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.

    ☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.

    Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.

    VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.

    Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    When moving to Adobe cloud, validate that license requirements meet organizational needs, not a sales quota

    Follow these steps in your transition to Creative Cloud.

    Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.

    Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.

    Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.

    Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).

    Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.

    Source: The ITAM Review

    Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.

    Acquiring Adobe Software

    Adobe offers four common licensing methods, which are reviewed in detail in the following slides.

    Most common purchasing models

    Points for consideration

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)
    • Adobe, as with many other large software providers, includes special benefits and rights when its products are purchased through volume licensing channels.
    • Businesses should typically refrain from purchasing individual OEM (shrink wrap) licenses or those meant for personal use.
    • Purchase record history is available online, making it easier for your organization to manage entitlements in the case of an audit.

    "Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."

    B-lay

    CLP and TLP

    The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.

    The image contains a screenshot of a table comparing CLP and TLP.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    VIP and ETLA

    The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.

    The image contains a screenshot of a table comparing VIP and ETLA.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    ETLA commitments risk creating “shelfware-as-a-service”

    The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.

    ☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.

    ☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.

    ☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.

    ☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.

    ☑ Technical support is included in the ETLA.

    ☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.

    "For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."

    B-lay

    ETLA recommendations

    1. Assess the end-user requirements with a high degree of scrutiny. Perform an analysis that matches the licensee with the correct Adobe product SKU to reduce the risk of overspending.
    • Leverage metering data that identifies actual usage and lack thereof, match to user profile functional requirements, and then determine end users’ actual license requirements.
  • Build in time to evaluate alternative products where possible and position the organization to leverage a Plan B vendor to replace or mitigate growth on the Adobe platform. Re-evaluate options well in advance of the ETLA renewal.
  • Secure price protection through negotiating a price cap or an extended ETLA term beyond the standard three-year term. Short of obtaining an escalation cap, which Adobe is strongly resisting, build in price increases for the ETLA renewal years.
    • Demand price transparency and granularity in the proposal process.
    • Validate that volume discounts are appropriate and show through to the true-up line item pricing.
  • Negotiate a true-down mechanism upfront with Adobe if usage decline is inevitable or expected due to a merger or acquisition, divestiture, or material restructuring event.
  • INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.

    Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.

    Prepare for Adobe’s true-up process

    How the true-up process works

    When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.

    Higher-education specific

    Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.

    Info-Tech Insight

    Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.

    Audits and software asset management with Adobe

    Watch out for:

    • Virtual desktops, freeware, and test and trial licenses
    • Adobe products that may be bundled into a suite; a manual check will be needed to ensure the suite isn’t recognized as a standalone license
    • Pirated licenses with a “crack” built into the software

    Simplify your process – from start to finish – with these steps:

    Determine License Entitlements

    Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.

    Gather Deployment Information

    Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.

    Determine Effective License Position

    Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.

    Plan Changes to License Position

    Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.

    Adobe Genuine Software Integrity Service

    • This service was started in 2014 to combat non-genuine software sold by non-authorized resellers.
    • The service works hand in hand with the cloud movement to reduce piracy.
    • Every Adobe product now contains an executable file that will scan your machine for non-genuine software.
    • If non-genuine software is detected, the user will be notified and directed to the official Adobe website for next steps.

    Detailed list of Adobe licensing contract types

    The table below describes Adobe contract types beyond the four typical purchasing models explained in the previous slides:

    Option

    What is it?

    What’s included?

    For

    Term

    CLP (Cumulative Licensing Program)

    10,000 plus points, support and maintenance optional

    Select Adobe perpetual desktop products

    Business

    2 years

    EA (Adobe Enterprise Agreement)

    100 licenses plus maintenance and support for eligible Adobe products

    All applications

    100+ users requirement

    3 years

    EEA (Adobe Enterprise Education Agreement)

    Creative Cloud enterprise agreement for education establishments

    Creative Cloud applications without services

    Education

    1 or 2 years

    ETLA (Enterprise Term License Agreement)

    Licensing program designed for Adobe’s top commercial, government, and education customers

    All Creative Cloud applications

    Large enterprise companies

    3 years

    K-12 – Enterprise Agreement

    Enterprise agreement for primary and secondary schools

    Creative Cloud applications without services

    Education

    1 year

    K-12 – School Site License

    Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size

    Creative Cloud applications without services

    Education

    1 year

    TLP (Transactional Licensing Program)

    Agreement for SMBs that want volume licensing bonuses

    Perpetual desktop products only

    Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements

    N/A

    Upgrade Plan

    Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade

    Dependent on the existing perpetual estate

    Anyone

    N/A

    VIP (Value Incentive Plan)

    VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model

    Creative Cloud of teams

    Business, government, and education

    Insight breakdown

    Insight 1

    Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.

    Insight 2

    Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.

    Insight 3

    With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.

    Summary of accomplishment

    Knowledge Gained

    • The key pieces of licensing information that should be gathered about the current state of your own organization.
    • An in-depth understanding of the required licenses across all of your products.
    • Clear methodology for selecting the most effective contract type.
    • Development of measurable, relevant metrics to help track future project success and identify areas of strength and weakness within your licensing program.

    Processes Optimized

    • Understanding of the importance of licensing in relation to business objectives.
    • Understanding of the various licensing considerations that need to be made.
    • Contract negotiation.

    Deliverables Completed

    • Adobe ETLA Deployment Forecast
    • Adobe ETLA Forecasted Cost and Benefits
    • Adobe ETLA vs. VIP Pricing Table

    Related Info-Tech Research

    Take Control of Microsoft Licensing and Optimize Spend

    Create an Effective Plan to Implement IT Asset Management

    Establish an Effective System of Internal IT Controls to Mitigate Risks

    Optimize Software Asset Management

    Take Control of Compliance Improvement to Conquer Every Audit

    Cut PCI Compliance and Audit Costs in Half

    Bibliography

    “Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.

    “Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.

    “Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.

    Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.

    Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.

    de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.

    “Find the best program for your organization.” Adobe, Web. 1 Feb 2018.

    Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.

    Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.

    “Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.

    Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.

    Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.

    Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.

    “Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.

    Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.

    Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.

    Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.

    “Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.

    White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.

    Develop and Deploy Security Policies

    • Buy Link or Shortcode: {j2store}256|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $19,953 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Data breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
    • Policies must be reasonable, auditable, enforceable, and measurable. If the policy items don’t meet these requirements, users can’t be expected to adhere to them. Focus on developing policies to be quantified and qualified for them to be relevant.

    Impact and Result

    • Save time and money using the templates provided to create your own customized security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Develop and Deploy Security Policies Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop and Deploy Security Policies Deck – A step-by-step guide to help you build, implement, and assess your security policy program.

    Our systematic approach will ensure that all identified areas of security have an associated policy.

  • Develop the security policy program.
  • Develop and implement the policy suite.
  • Communicate the security policy program.
  • Measure the security policy program.
    • Develop and Deploy Security Policies – Phases 1-4

    2. Security Policy Prioritization Tool – A structured tool to help your organization prioritize your policy suite to ensure that you are addressing the most important policies first.

    The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.

    • Security Policy Prioritization Tool

    3. Security Policy Assessment Tool – A structured tool to assess the effectiveness of policies within your organization and determine recommended actions for remediation.

    The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.

    • Security Policy Assessment Tool

    4. Security Policy Lifecycle Template – A customizable lifecycle template to manage your security policy initiatives.

    The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.

    • Security Policy Lifecycle Template

    5. Policy Suite Templates – A best-of-breed templates suite mapped to the Info-Tech framework you can customize to reflect your organizational requirements and acquire approval.

    Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.

    • Acceptable Use of Technology Policy Template
    • Application Security Policy Template
    • Asset Management Policy Template
    • Backup and Recovery Policy Template
    • Cloud Security Policy Template
    • Compliance and Audit Management Policy Template
    • Data Security Policy Template
    • Endpoint Security Policy Template
    • Human Resource Security Policy Template
    • Identity and Access Management Policy Template
    • Information Security Policy Template
    • Network and Communications Security Policy Template
    • Physical and Environmental Security Policy Template
    • Security Awareness and Training Policy Template
    • Security Incident Management Policy Template
    • Security Risk Management Policy Template
    • Security Threat Detection Policy Template
    • System Configuration and Change Management Policy Template
    • Vulnerability Management Policy Template

    6. Policy Communication Plan Template – A template to help you plan your approach for publishing and communicating your policy updates across the entire organization.

    This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.

    • Policy Communication Plan Template

    7. Security Awareness and Training Program Development Tool – A tool to help you identify initiatives to develop your security awareness and training program.

    Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.

    • Security Awareness and Training Program Development Tool

    Infographic

    Workshop: Develop and Deploy Security Policies

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define the Security Policy Program

    The Purpose

    Define the security policy development program.

    Formalize a governing security policy lifecycle.

    Key Benefits Achieved

    Understanding the current state of policies within your organization.

    Prioritizing list of security policies for your organization.

    Being able to defend policies written based on business requirements and overarching security needs.

    Leveraging an executive champion to help policy adoption across the organization.

    Formalizing the roles, responsibilities, and overall mission of the program.

    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    Outputs

    Security Policy Prioritization Tool

    Security Policy Prioritization Tool

    Security Policy Lifecycle Template

    2 Develop the Security Policy Suite

    The Purpose

    Develop a comprehensive suite of security policies that are relevant to the needs of the organization.

    Key Benefits Achieved

    Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.

    Activities

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    Outputs

    Understanding of the risks and drivers that will influence policy development.

    Up to 14 customized security policies (dependent on need and time).

    3 Implement Security Policy Program

    The Purpose

    Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.

    Improve compliance and accountability with security policies.

    Plan for regular review and maintenance of the security policy program.

    Key Benefits Achieved

    Streamlined communication of the policies to users.

    Improved end user compliance with policy guidelines and be better prepared for audits.

    Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.

    Activities

    3.1 Plan the communication strategy of new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies and processes into your security awareness and training program.

    3.4 Assess the effectiveness of security policies.

    3.5 Understand the need for regular review and update.

    Outputs

    Policy Communication Plan Template

    Understanding of how myPolicies can help policy management and implementation.

    Security Awareness and Training Program Development Tool

    Security Policy Assessment Tool

    Action plan to regularly review and update the policies.

    Further reading

    Develop and Deploy Security Policies

    Enhance your overall security posture with a defensible and prescriptive policy suite.

    Analyst Perspective

    A policy lifecycle can be the secret sauce to managing your policies.

    A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.

    Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.

    No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.

    Photo of Danny Hammond, Research Analyst, Security, Risk, Privacy & Compliance Practice, Info-Tech Research Group. Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Security breaches are damaging and costly. Trying to prevent and respond to them without robust, enforceable policies makes a difficult situation even harder to handle.
    • Informal, un-rationalized, ad hoc policies are ineffective because they do not explicitly outline responsibilities and compliance requirements, and they are rarely comprehensive.
    • Without a strong lifecycle to keep policies up to date and easy to use, end users will ignore or work around poorly understood policies.
    • Time and money is wasted dealing with preventable security issues that should be pre-emptively addressed in a comprehensive corporate security policy program.
    Common Obstacles

    InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:

    • The security policies needed to safeguard infrastructure and resources.
    • The scope the security policies will cover within the organization.
    • The current compliance and regulatory obligations based on location and industry.
    InfoSec leaders must understand the business environment and end-user needs before they can select security policies that fit.
    Info-Tech’s Approach

    Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Assess what security policies currently exist within the organization and consider additional secure policies.
    • Develop a policy lifecycle that will define the needs, develop required documentation, and implement, communicate, and measure your policy program.
    • Draft a set of security policies mapped to the Info-Tech framework, which incorporates multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA).

    Info-Tech Insight

    Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.

    Your Challenge

    This research is designed to help organizations design a program to develop and deploy security policies

    • A security policy is a formal document that outlines the required behavior and security controls in place to protect corporate assets.
    • The development of policy documents is an ambitious task, but the real challenge comes with communication and enforcement.
    • A good security policy allows employees to know what is required of them and allows management to monitor and audit security practices against a standard policy.
    • Unless the policies are effectively communicated, enforced, and updated, employees won’t know what’s required of them and will not comply with essential standards, making the policies powerless.
    • Without a good policy lifecycle in place, it can be challenging to illustrate the key steps and decisions involved in creating and managing a policy.

    The problem with security policies

    29% Of IT workers say it's just too hard and time consuming to track and enforce.

    25% Of IT workers say they don’t enforce security policies universally.

    20% Of workers don’t follow company security policies all the time.

    (Source: Security Magazine, 2020)

    Common obstacles

    The problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.

    • Employees are not paying attention to policies. Awareness and understanding of what the security policy’s purpose is, how it benefits the organization, and the importance of compliance are overlooked when policies are distributed.
    • Informal, un-rationalized, ad hoc policies do not explicitly outline responsibilities, are rarely comprehensive, and are difficult to implement, revise, and maintain.
    • Date breaches are still on the rise and security policies are not shaping good employee behavior or security-conscious practices.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.
    Bar chart of the 'Average cost of a data breach' in years '2019-20', '20-21', and '21-22'.
    (Source: IBM, 2022 Cost of a Data Breach; n=537)

    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s approach

    The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.

    Actions

    1. Develop policy lifecycle
    2. Identify compliance requirements
    3. Understand which policies need to be developed, maintained, or decommissioned
    I. Define Security Policy Program

    a) Security policy program lifecycle template

    b) Policy prioritization tool
    Clockwise cycle arrows at the centre of the table. II. Develop & Implement Policy Suite

    a) Policy template set

    Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.

    Actions

    1. Differentiate between policies, procedures, standards, and guidelines
    2. Draft policies from templates
    3. Review policies, including completeness
    4. Approve policies
    Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.

    Actions

    1. Enforce policies
    2. Measure policy effectiveness
    IV. Measure Policy Program

    a) Security policy tracking tool

    III. Communicate Policy Program

    a) Security policy awareness & training tool

    b) Policy communication plan template
    Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.

    Actions

    1. Identify any changes in the regulatory and compliance environment
    2. Include policy awareness in awareness and training programs
    3. Disseminate policies
    Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle.

    Blueprint benefits

    IT/InfoSec Benefits

    • Reduces complexity within the policy creation process by using a single framework to align multiple compliance regimes.
    • Introduces a roadmap to clearly educate employees on the do’s and don’ts of IT usage within the organization.
    • Reduces costs and efforts related to managing IT security and other IT-related threats.

    Business Benefits

    • Identifies and develops security policies that are essential to your organization’s objectives.
    • Integrates security into corporate culture while maximizing compliance and effectiveness of security policies.
    • Reduces security policy compliance risk.

    Key deliverable:

    Security Policy Templates

    Templates for policies that can be used to map policy statements to multiple compliance frameworks.

    Sample of Security Policy Templates.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Security Policy Prioritization Tool

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    Sample of the Security Policy Prioritization Tool.
    Sample of the Security Policy Assessment Tool.

    Security Policy Assessment Tool

    Info-Tech's Security Policy Assessment Tool helps ensure that your policies provide adequate coverage for your organization's security requirements.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Define Security Policy Program Understand the value in formal security policies and determine which policies to prepare to update, eliminate, or add to your current suite. Time, value, and resources saved with guidance and templates:
    1 FTE*3 days*$80,000/year = $1,152
    Time, value, and resources saved using our recommendations and tools:
    1 FTE*2 days*$80,000/year = $768
    Develop and Implement the Policy Suite Select from an extensive policy template offering and customize the policies you need to optimize or add to your own policy program. Time, value, and resources saved using our templates:
    1 consultant*15 days*$150/hour = $21,600 (if starting from scratch)
    Communicate Security Policy Program Use Info-Tech’s methodology and best practices to ensure proper communication, training, and awareness. Time, value, and resources saved using our training and awareness resources:
    1 FTE*1.5 days*$80,000/year = $408
    Measure Security Policy Program Use Info-Tech’s custom toolkits for continuous tracking and review of your policy suite. Time, value, and resources saved by using our enforcement recommendations:
    2 FTEs*5 days*$160,000/year combined = $3,840
    Time, value, and resources saved by using our recommendations rather than an external consultant:
    1 consultant*5 days*$150/hour = $7,200

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact

    9.5 /10

    Overall Average $ Saved

    $29,015

    Overall Average Days Saved

    25

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of two to four months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope security policy requirements, objectives, and any specific challenges.

    Call #2: Review policy lifecycle; prioritize policy development.

    Call #3: Customize the policy templates.

    Call #4: Gather feedback on policies and get approval.

    Call #5: Communicate the security policy program.

    Call #6: Develop policy training and awareness programs.

    Call #7: Track policies and exceptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Define the security policy program
    Develop the security policy suite
    Develop the security policy suite
    Implement security policy program
    Finalize deliverables and next steps
    Activities

    1.1 Understand the current state of policies.

    1.2 Align your security policies to the Info-Tech framework for compliance.

    1.3 Understand the relationship between policies and other documents.

    1.4 Prioritize the development of security policies.

    1.5 Discuss strategies to leverage stakeholder support.

    1.6 Plan to communicate with all stakeholders.

    1.7 Develop the security policy lifecycle.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.

    2.2 Develop and customize security policies.

    2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued).

    2.2 Develop and customize security policies (continued).

    2.3 Develop a plan to gather feedback from users.

    2.4 Discuss a plan to submit policies for approval.

    3.1 Plan the communication strategy for new policies.

    3.2 Discuss myPolicies to automate management and implementation.

    3.3 Incorporate policies into your security awareness and training program.

    3.4 Assess the effectiveness of policies.

    3.5 Understand the need for regular review and update.

    4.1 Review customized lifecycle and policy templates.

    4.2 Discuss the plan for policy roll out.

    4.3 Schedule follow-up Guided Implementation calls.

    Deliverables
    1. Security Policy Prioritization Tool
    2. Security Policy Lifecycle
    1. Security Policies (approx. 9)
    1. Security Policies (approx. 9)
    1. Policy Communication Plan
    2. Security Awareness and Training Program Development Tool
    3. Security Policy Assessment Tool
    1. All deliverables finalized

    Develop and Deploy Security Policies

    Phase 1

    Define the Security Policy Program

    Phase 1

    1.1 Understand the current state

    1.2 Align your security policies to the Info-Tech framework

    1.3 Document your policy hierarchy

    1.4 Prioritize development of security policies

    1.5 Leverage stakeholders

    1.6 Develop the policy lifecycle

    Phase 2

    2.1 Customize policy templates

    2.2 Gather feedback from users on policy feasibility

    2.3 Submit policies to upper management for approval

    Phase 3

    3.1 Understand the need for communicating policies

    3.2 Use myPolicies to automate the management of your security policies

    3.3 Design, build, and implement your communications plan

    3.4 Incorporate policies and processes into your training and awareness programs

    Phase 4

    4.1 Assess the state of security policies

    4.2 Identify triggers for regular policy review and update

    4.3 Develop an action plan to update policies

    This phase will walk you through the following activities:

    • Understand the current state of your organization’s security policies.
    • Align your security policies to the Info-Tech framework for compliance.
    • Prioritize the development of your security policies.
    • Leverage key stakeholders to champion the policy initiative.
    • Inform all relevant stakeholders of the upcoming policy program.
    • Develop the security policy lifecycle.

    1.1 Understand the current state of policies

    Scenario 1: You have existing policies

    1. Use the Security Policy Prioritization Tool to identify any gaps between the policies you already have and those recommended based on your changing business needs.
    2. As your organization undergoes changes, be sure to incorporate new requirements in the existing policies.
    3. Sometimes, you may have more specific procedures for a domain’s individual security aspects instead of high-level policies.
    4. Group current policies into the domains and use the policy templates to create overarching policies where there are none and improve upon existing high-level policies.

    Scenario 2: You are starting from scratch

    1. To get started on new policies, use the Security Policy Prioritization Tool to identify the policies Info-Tech recommends based on your business needs. See the full list of templates in the Appendix to ensure that all relevant topics are addressed.
    2. Whether you’re starting from scratch or have incomplete/ad hoc policies, use Info-Tech’s policy templates to formalize and standardize security requirements for end users.
    Info-Tech Insight

    Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.

    1.2 Align your security policies to the Info-Tech framework for compliance

    You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.

    Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates.

    Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
    • ISO 27001/27002
    • COBIT
    • Center for Internet Security (CIS) Critical Controls
    • NIST Cybersecurity Framework
    • NIST SP 800-53
    • NIST SP 800-171

    Info-Tech Security Framework

    Info-Tech Security Framework with policies grouped into categories which are then grouped into 'Governance' and 'Management'.

    1.3 Document your policy hierarchy

    Structuring policy components at different levels allows for efficient changes and direct communication depending on what information is needed.

    Policy hierarchy pyramid with 'Security Policy Lifecycle' on top, then 'Security Policies', then 'IT and/or Supporting Documentation'.

    Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
    Addresses the “what,” “who,” “when,” and “where.”

    Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
    Addresses the high-level “what” and “why.”
    Changes when business objectives change.

    Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
    Addresses the “how.”
    Changes when technology and processes change.

    Info-Tech Insight

    Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.

    1.3.1 Understand the relationship between policies and other documents

    Policy:
    • Provides emphasis and sets direction.
    • Standards, guidelines, and procedures must be developed to support an overarching policy.
    Arrows stemming from the above list, connecting to the three lists below.

    Standard:

    • Specifies uniform method of support for policy.
    • Compliance is mandatory.
    • Includes process, frameworks, methodologies, and technology.
    Two-way horizontal arrow.

    Procedure:

    • Step-by-step instructions to perform desired actions.
    Two-way horizontal arrow.

    Guideline:

    Recommended actions to consider in absence of an applicable standard, to support a policy.
    This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).

    Supporting Documentation

    Considerations for standards

    Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.

    If policies describe what needs to happen, then standards explain how it will happen.

    A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another.

    There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets
    Key Policies Example Associated Standards
    Access Control Policy
    • Password Management User Standard
    • Account Auditing Standard
    Data Security Policy
    • Cryptography Standard
    • Data Classification Standard
    • Data Handling Standard
    • Data Retention Standard
    Incident Response Policy
    • Incident Response Plan
    Network Security Policy
    • Wireless Connectivity Standard
    • Firewall Configuration Standard
    • Network Monitoring Standard
    Vendor Management Policy
    • Vendor Risk Management Standard
    • Third-Party Access Control Standard
    Application Security Policy
    • Application Security Standard

    1.4 Prioritize development of security policies

    The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
    • The tool allows you to prioritize your policies based on:
      • Importance: How relevant is this policy to organizational security?
      • Ease to implement: What is the effort, time, and resources required to write, review, approve, and distribute the policy?
      • Ease to enforce: How much effort, time, and resources are required to enforce the policy?
    • Additionally, the weighting or priority of each variable of prioritization can be adjusted.

    Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary.

    Info-Tech Insight

    If you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies.

    Sample of the Security Policy Prioritization Tool.

    Download the Security Policy Prioritization Tool

    1.5 Leverage stakeholders to champion policies

    Info-Tech Insight

    While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.

    Executive champion

    Identify an executive champion who will ensure that the security program and the security policies are supported.

    Focus on risk and protection

    Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate.

    Communicate policy initiatives

    Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture.

    Current security landscape

    Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders.

    Management buy-in

    This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}219|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Strategic Risk Impacts to Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your strategic plans.

    Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Strategic Risk Impacts on Your Organization Storyboard

    2. What If Vendor Strategic Impact Tool – Use this tool to help identify and quantify the strategic impacts of negative vendor actions

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Strategic Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Strategic Risk Impacts on Your Organization

    The world is in a perpetual state of change. Organizations need to build adaptive resiliency into their strategic plans to adjust to ever-changing market dynamics.

    Analyst perspective

    Organizations need to build flexible resiliency into their strategic plans to be able to adjust to ever-changing market dynamics.

    This is a picture of Frank Sewell, Research Director, Vendor Management at Info-Tech Research Group

    Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.

    Info-Tech Insight

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    This image depicts a cube divided into six different coloured sections. The sections are labeled: Financial; Reputational; Operational; Strategic; Security; Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Strategic risk impacts

    Potential losses to the organization due to risks to the strategic plan

    • In this blueprint, we’ll explore strategic risks (risks to the Strategic Plans of the organization) and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct strategic plans.
    This image depicts a cube divided into six different coloured sections. The section labeled Strategic is highlighted.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    82%

    of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Source: Info-Tech Tech Trends Survey 2022

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Identify & manage strategic risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.

    Vendor Acquisitions

    The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.

    Global Shortages

    Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.

    What to look for in vendors

    Identify strategic risk impacts

    • A vendor acquires many smaller, seemingly irrelevant IT products. Suddenly their revenue model includes aggressive license compliance audits.
      • Ensure that your installed software meets license compliance requirements with good asset management practices.
      • Monitor the market for such acquisitions or news of audits hitting companies.
    • A vendor changes their primary business model from storage and hardware to becoming a self-proclaimed “professional services guru,” relying almost entirely on their name recognition to build their marketing.
      • Be wary of self-proclaimed experts and review their successes and failures with other organizations before adopting them into your business strategy.
      • Review the backgrounds their “experts” have and make sure they have the industry and technical skill sets to perform the services to the required level.

    Not preparing for your growth can delay your goals

    Why can’t I get a new laptop?

    For example:

    • An IT professional services organization plans to take advantage of the growing work-from-home trend to expand its staff by 30% over the coming year.
    • Logically, this should include a review of the necessary tasks involved, including onboarding.
      • Suppose the company does not order enough equipment in preparation to cover the new staff plus routine replacement. In that case, this will delay the output of the new team members immeasurably as they wait for their company equipment and will delay existing staff whose equipment breaks, preventing them from getting back to work efficiently.

    Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.

    When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.

    Strategic risks

    Poor or uninformed business decisions can lead to organizational strategic failures

    • Supply chain disruptions and global shortages
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.
    • Poor vendor performance
      • Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.
    • Vendor acquisitions
      • A lot of acquisition is going on in the market today. Large companies are buying competitors and either imposing new terms on customers or removing the competing products from the market. Prepare options for any strategy tied to a niche product.

    It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.

    Info-Tech Insight
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Prepare your strategic risk management for success

    Due diligence will enable successful outcomes

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess strategic risk

    1. Review Organizational Strategy
      Understand the organizational strategy to prepare for the “What If” game exercise.
    2. Identify & Understand Potential Strategic Risks
      Play the “What If” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership
      Pull all the information together in a presentation document.
    4. Validate the Risks
      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks
      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan
      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan
      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Insight 1

    Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
    Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?

    Insight 2

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
    For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.

    Insight 3

    Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.

    Identifying strategic risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance the long-term potential for success of your strategies.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying new emerging potential strategic partners.

    Review your strategic plans for new risks and evolving likelihood on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.

    See the blueprint Build an IT Risk Management Program

    Managing strategic risk impacts

    What can we realistically do about the risks?

    • Review business continuity plans and disaster recovery testing.
    • Institute proper contract lifecycle management.
    • Re-evaluate corporate policies frequently.
    • Develop IT governance and change control.
    • Ensure strategic alignment in contracts.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your strategic plans for new risks and evolving likelihood.
      • Risk = Likelihood x Impact (R=L*I)
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) turns out to be highly variable.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your strategy based on the lessons.

    Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.

    Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Strategic Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Strategic Risk Impact Tool

    Input Output
    • List of identified potential risk scenarios scored by likelihood and financial impact
    • List of potential management of the scenarios to reduce the risk
    • Comprehensive strategic risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Strategic Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    Case Study

    Airline Industry Strategic Adaptation

    Industry: Airline

    Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices

    • In 2019 the airline industry yielded record profits of $35.5 billion.
    • In 2020 the pandemic devastated the industry with losses around $371 billion.
    • The industry leaders engaged experts to conduct a study on how the pandemic impacted them and propose measures to ensure the survival of their industry in the future after the pandemic.
    • They determined that “[p]recise decision-making based on data analytics is essential and crucial for an effective Covid-19 airline recovery plan.”

    Results

    The pandemic prompted systemic change to the overall strategic planning of the airline industry.

    Summary

    Be vigilant and adaptable to change

    • Organizations need to learn how to assess the likelihood of potential risks in the changing global world.
    • Those organizations that incorporate adaptive risk management processes can prepare their strategic plans for greater success.
    • Bring the right people to the table to outline potential risks in the market.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the strategic plan.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.

    Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    This image contains a screenshot from Info-Tech's Identify and Manage Financial Risk Impacts on Your Organization.
    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Reduce Agile Contract Risk

    This image contains a screenshot from Info-Tech's Identify and Reduce Agile Contract Risk
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Build an IT Risk Management Program

    This image contains a screenshot from Info-Tech's Build an IT Risk Management Program
    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Research Contributors and Experts

    • Frank Sewell
      Research Director, Info-Tech Research Group
    • Steven Jeffery
      Principal Research Director, Info-Tech Research Group
    • Scott Bickley
      Practice Lead, Info-Tech Research Group
    • Donna Glidden
      Research Director, Info-Tech Research Group
    • Phil Bode
      Principal Research Director, Info-Tech Research Group
    • David Espinosa
      Senior Director, Executive Services, Info-Tech Research Group
    • Rick Pittman
      Vice President, Research, Info-Tech Research Group
    • Patrick Philpot
      CISSP
    • Gaylon Stockman
      Vice President, Information Security
    • Jennifer Smith
      Senior Director

    Info-Tech Quarterly Research Agenda Outcomes Q2-Q3 2023

    • Buy Link or Shortcode: {j2store}297|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    At Info-Tech, we take pride in our research and have established the most rigorous publication standards in the industry. However, we understand that engaging with all our analysts to gauge the future may not always be possible. Hence, we have curated some compelling recently published research along with forthcoming research insights to assist you in navigating the next quarter.

    Our Advice

    Critical Insight

    We offer a quarterly Research Agenda Outcomes deck that thoroughly summarizes our recently published research, supplying decision makers with valuable insights and best practices to make informed and effective decisions. Our research is supported by our team of seasoned analysts with decades of experience in the IT industry.

    By leveraging our research, you can stay updated with the latest trends and technologies, giving you an edge over the competition and ensuring the optimal performance of your IT department. This way, you can make confident decisions that lead to remarkable success and improved outcomes.

    Impact and Result

    • Enhance preparedness for future market trends and developments: Keep up to date with the newest trends and advancements in the IT sector to be better prepared for the future.
    • Enhance your decision making: Acquire valuable information and insights to make better-informed, confident decisions.
    • Promote innovation: Foster creativity, explore novel perspectives, drive innovation, and create new products or services.

    Info-Tech Quarterly Research Agenda Outcomes Q2/Q3 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Info-Tech Quarterly Research Agenda Q3 2023 Deck – An overview of our Research Agenda Outcome for Q2 and Q3 of 2023.

    A guide to our top research published to date for 2023 (Q2/Q3).

    • Info-Tech Quarterly Research Agenda Outcomes for Q2/Q3 2023
    [infographic]

    Further reading

    Featured Research Projects 2023 (Q2/Q3)

    “Here are my selections for the top research projects of the last quarter.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    CIO

    01
    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    02
    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    03
    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    04
    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    05
    Effective IT Communications

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    06
    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    07
    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    08
    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    Applications

    09
    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    10
    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    11
    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Security

    12
    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    13
    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Infrastructure & Operations

    14
    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Industry | Retail

    15
    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry | Education

    16
    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry | Wholesale

    17
    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry | Retail Banking

    18
    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry | Utilities

    19
    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Build Your Generative AI Roadmap

    Generative AI is here, and it's time to find its best uses – systematically and responsibly.

    CIO
    Strategy & Governance

    Photo of Bill Wong, Principal Research Director, Info-Tech Research Group.

    Bill Wong
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Generative AI Roadmap' research.

    Sample of the 'Build Your Generative AI Roadmap' research.

    Logo for Info-Tech.

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    CIO
    Strategy & Governance

    Photo of Brian Jackson, Principal Research Director, Info-Tech Research Group.

    Brian Jackson
    Principal Research Director

    Download this report or book an analyst call on this topic

    Sample of the 'CIO Priorities 2023' report.

    Sample of the 'CIO Priorities 2023' report.

    Logo for Info-Tech.

    Build an IT Risk Taxonomy

    If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

    CIO
    Strategy & Governance

    Photo of Donna Bales, Principal Research Director, Info-Tech Research Group.

    Donna Bales
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build an IT Risk Taxonomy' research.

    Sample of the 'Build an IT Risk Taxonomy' research.

    Logo for Info-Tech.

    Navigate the Digital ID Ecosystem to Enhance Customer Experience

    Beyond the hype: How it can help you become more customer-focused?

    CIO
    Strategy & Governance

    Photo of Manish Jain, Principal Research Director, Info-Tech Research Group.

    Manish Jain
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Sample of the 'Navigate the Digital ID Ecosystem to Enhance Customer Experience' research.

    Logo for Info-Tech.

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    CIO
    People & Leadership

    Photo of Brittany Lutes, Research Director, Info-Tech Research Group.

    Brittany Lutes
    Research Director

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Effective IT Communications' research.

    Sample of the 'Effective IT Communications' research.

    Logo for Info-Tech.

    Develop a Targeted Flexible Work Program for IT

    Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

    CIO
    People & Leadership

    Photo of Jane Kouptsova, Research Director, Info-Tech Research Group.

    Jane Kouptsova
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Sample of the 'Develop a Targeted Flexible Work Program for IT' research.

    Logo for Info-Tech.

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    CIO
    Value & Performance

    Photo of Mike Tweedle, Practice Lead, Info-Tech Research Group.

    Mike Tweedle
    Practice Lead

    Download this research or book an analyst call on this topic

    Sample of the 'Effectively Manage CxO Relations' research.

    Sample of the 'Effectively Manage CxO Relations' research.

    Logo for Info-Tech.

    Establish High-Value IT Performance Dashboards and Metrics

    Spend less time struggling with visuals and more time communicating about what matters to your executives.

    CIO
    Value & Performance

    Photo of Diana MacPherson, Senior Research Analyst, Info-Tech Research Group.

    Diana MacPherson
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Sample of the 'Establish High-Value IT Performance Dashboards and Metrics' research.

    Logo for Info-Tech.

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn't start with technology but with an effective plan that the team can align on.

    Applications
    Business Processes

    Photo of Ricardo de Oliveira, Research Director, Info-Tech Research Group.

    Ricardo de Oliveira
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Sample of the 'Build Your Enterprise Application Implementation Playbook' research.

    Logo for Info-Tech.

    Develop Your Value-First Business Process Automation Strategy

    As you scale your business automations, focus on what matters most.

    Applications
    Business Processes

    Photo of Andrew Kum-Seun, Research Director, Info-Tech Research Group.

    Andrew Kum-Seun
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Sample of the 'Develop Your Value-First Business Process Automation Strategy' research.

    Logo for Info-Tech.

    Manage Requirements in an Agile Environment

    Agile and requirements management are complementary, not competitors.

    Applications
    Application Development

    Photo of Vincent Mirabelli, Principal Research Director, Info-Tech Research Group.

    Vincent Mirabelli
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Sample of the 'Manage Requirements in an Agile Environment' research.

    Logo for Info-Tech.

    Assess Your Cybersecurity Insurance Policy

    Adapt to changes in the cyber insurance market.

    Security
    Security Risk, Strategy & Governance

    Photo of Logan Rohde, Senior Research Analyst, Info-Tech Research Group.

    Logan Rohde
    Senior Research Analyst

    Download this research or book an analyst call on this topic

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Sample of the 'Assess Your Cybersecurity Insurance Policy' research.

    Logo for Info-Tech.

    Design and Implement a Business-Aligned Security Program

    Focus first on business value.

    Security
    Security Risk, Strategy & Governance

    Photo of Michel Hébert, Research Director, Info-Tech Research Group.

    Michel Hébert
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Sample of the 'Design and Implement a Business-Aligned Security Program' research.

    Logo for Info-Tech.

    Automate IT Asset Data Collection

    Acquire and use discovery tools wisely to populate, update, and validate the data in your ITAM database.

    Infrastructure & Operations
    I&O Process Management

    Photo of Andrew Sharp, Research Director, Info-Tech Research Group.

    Andrew Sharp
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Automate IT Asset Data Collection' research.

    Sample of the 'Automate IT Asset Data Collection' research.

    Logo for Info-Tech.

    Leveraging AI to Create Meaningful Insights and Visibility in Retail

    AI prominence across the enterprise value chain.

    Industry Coverage
    Retail

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Sample of the 'Leveraging AI to Create Meaningful Insights and Visibility in Retail' research.

    Logo for Info-Tech.

    Understand the Implications of Generative AI in Education

    Bans aren't the answer, but what is?

    Industry Coverage
    Education

    Photo of Mark Maby, Research Director, Info-Tech Research Group.

    Mark Maby
    Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Sample of the 'Understand the Implications of Generative AI in Education' research.

    Logo for Info-Tech.

    Wholesale Industry Business Reference Architecture

    Business capability maps, value streams, and strategy maps for the wholesale industry.

    Industry Coverage
    Wholesale

    Photo of Rahul Jaiswal, Principal Research Director, Info-Tech Research Group.

    Rahul Jaiswal
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Sample of the 'Wholesale Industry Business Reference Architecture' research.

    Logo for Info-Tech.

    Mainframe Modernization for Retail Banking

    A strategy for modernizing mainframe systems to meet the needs of modern retail banking.

    Industry Coverage
    Retail Banking

    Photo of David Tomljenovic, Principal Research Director, Info-Tech Research Group.

    David Tomljenovic
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Sample of the 'Mainframe Modernization for Retail Banking' research.

    Logo for Info-Tech.

    Data Analytics Use Cases for Utilities

    Building upon the collective wisdom for the art of the possible.

    Industry Coverage
    Utilities

    Photo of Jing Wu, Principal Research Director, Info-Tech Research Group.

    Jing Wu
    Principal Research Director

    Download this research or book an analyst call on this topic

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sample of the 'Data Analytics Use Cases for Utilities' research.

    Sneak Peaks: Research coming in next quarter!

    “Next quarter we have a big lineup of reports and some great new research!”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    1. Build MLOps and Engineering for AI and ML

      Enabling you to develop your Engineering and ML Operations to support your current & planned use cases for AI and ML.
    2. Leverage Gen AI to Improve Your Test Automation Strategy

      Enabling you to embed Gen AI to assist your team during testing broader than Gen AI compiling code.
    3. Make Your IT Financial Data Accessible, Reliable, and Usable

      This project will provide a recipe for bringing IT's financial data to a usable state through a series of discovery, standardization, and policy-setting actions.
    4. Implement Integrated AI Governance

      Enabling you to implement best-practice governance principles when implementing Gen AI.
    5. Develop Exponential IT Capabilities

      Enabling you to understand and develop your strategic Exponential IT capabilities.
    6. Build Your AI Strategy and Roadmap

      This project will provide step-by-step guidance in development of your AI strategy with an AI strategy exemplar.
    7. Priorities for Data Leaders in 2024 and Beyond

      This report will detail the top five challenges expected in the upcoming year and how you as the CDAO can tackle them.
    8. Deploy AIOps More Effectively

      This research is designed to assess the process maturity of your IT operations and help identify pain pains and opportunities for AI deployment within your IT operations.
    9. Design Your Edge Computing Architecture

      This research will provide deployment guidelines and roadmap to address your edge computing needs.
    10. Manage Change in the AI-Enabled Enterprise

      Managing change is complex with the disruptive nature of emerging tech like AI. This research will assist you from an organizational change perspective.
    11. Assess the Security and Privacy Impacts of Your AI Vendors

      This research will allow you to enhance transparency, improve risk management, and ensure the security and privacy of data when working with AI vendors.
    12. Prepare Your Board for AI Disruption

      This research will arm you with tools to educate your board on the impact of Gen AI, addressing the potential risks and the potential benefits.

    Info-Tech Research Leadership Team

    “We have a world-class team of experts focused on providing practical, cutting-edge IT research and advice.”

    Photo of Gord Harrison, Head of Research & Advisory, Info-Tech Research Group.

    Gord Harrison
    Head of Research & Advisory
    Info-Tech Research Group

    Photo of Jack Hakimian, Senior Vice President, Research Development, Info-Tech Research Group.

    Jack Hakimian
    Senior Vice President
    Research Development

    Photo of Aaron Shum, Vice President, Security & Privacy Research, Info-Tech Research Group.

    Aaron Shum
    Vice President
    Security & Privacy Research

    Photo of Larry Fretz, Vice President, Industry Research, Info-Tech Research Group.

    Larry Fretz
    Vice President
    Industry Research

    Photo of Mark Tauschek, Vice President, Research Fellowships, Info-Tech Research Group.

    Mark Tauschek
    Vice President
    Research Fellowships

    Photo of Tom Zehren, Chief Product Officer, Info-Tech Research Group.

    Tom Zehren
    Chief Product Officer

    Photo of Rick Pittman, Vice President, Advisory Quality & Delivery, Info-Tech Research Group.

    Rick Pittman
    Vice President
    Advisory Quality & Delivery

    Photo of Nora Fisher, Vice President, Shared Services, Info-Tech Research Group.

    Nora Fisher
    Vice President
    Shared Services

    Photo of Becca Mackey, Vice President, Workshops, Info-Tech Research Group.

    Becca Mackey
    Vice President
    Workshops

    Photo of Geoff Nielson, Senior Vice President, Global Services & Delivery, Info-Tech Research Group.

    Geoff Nielson
    Senior Vice President
    Global Services & Delivery

    Photo of Brett Rugroden, Senior Vice President, Global Market Programs, Info-Tech Research Group.

    Brett Rugroden
    Senior Vice President
    Global Market Programs

    Photo of Hannes Scheidegger, Senior Vice President, Global Public Sector, Info-Tech Research Group.

    Hannes Scheidegger
    Senior Vice President
    Global Public Sector

    About Info-Tech Research Group

    Info-Tech Research Group produces unbiased and highly relevant research to help leaders make strategic, timely, and well-informed decisions. We partner closely with your teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for the organization.

    Sample of the IT Management & Governance Framework.

    Drive Measurable Results

    Our world-class leadership team is continually focused on building disruptive research and products that drive measurable results and save money.

    Info-Tech logo.

    Better Research Than Anyone

    Our team of experts is composed of the optimal mix of former CIOs, CISOs, PMOs, and other IT leaders and IT and management consultants as well as academic researchers and statisticians.

    Dramatically Outperform Your Peers

    Leverage Industry Best Practices

    We enable over 30,000 members to share their insights and best practices that you can use by having direct access to over 100 analysts as an extension of your team.

    Become an Info-Tech influencer:

    • Help shape our research by talking with our analysts.
    • Discuss the challenges, insights, and opportunities in your chosen areas.
    • Suggest new topic ideas for upcoming research cycles.

    Contact
    Jack Hakimian
    jhakimian@infotech.com

    We interview hundreds of experts and practitioners to help ensure our research is practical and focused on key member challenges.

    Why participate in expert interviews?

    • Discuss market trends and stay up to date.
    • Influence Info-Tech's research direction with your practical experience.
    • Preview our analysts' perspectives and preliminary research.
    • Build on your reputation as a thought leader and research contributor.
    • See your topic idea transformed into practical research.

    Thank you!

    Join us at our webinars to discuss more topics.

    For information on Info-Tech's products and services and to participate in our research process, please contact:

    Jack Hakimian
    jhakimian@infotech.com

    Design Data-as-a-Service

    • Buy Link or Shortcode: {j2store}129|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $1,007 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Lack of a consistent approach in accessing internal and external data within the organization and sharing data with third parties.
    • Data consumed by most organizations lacks proper data quality, data certification, standards tractability, and lineage.
    • Organizations are looking for guidance in terms of readily accessible data from others and data that can be shared with others or monetized.

    Our Advice

    Critical Insight

    • Despite data being everywhere, most organizations struggle to find accurate, trustworthy, and meaningful data when required.
    • Connecting to data should be as easy as connecting to the internet. This is achievable if all organizations start participating in the data marketplace ecosystem by leveraging a Data-as-a-Service (DaaS) framework.

    Impact and Result

    • Data marketplaces facilitate data sharing between the data producer and the data consumer. The data product must be carefully designed to truly benefit in today’s connected data ecosystem.
    • Follow Info-Tech’s step-by-step approach to establish your DaaS framework:
      1. Understand Data Ecosystem
      2. Design Data Products
      3. Establish DaaS framework

    Design Data-as-a-Service Research & Tools

    Start here – Read the Executive Brief

    Read our concise Executive Brief to find out why you should design Data-as-a-Service (DaaS), review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data ecosystem

    Provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    • Design Data-as-a-Service – Phase 1: Understand Data Ecosystem

    2. Design data product

    Leverage design thinking methodology and templates to document your most important data products.

    • Design Data-as-a-Service – Phase 2: Design Data Product

    3. Establish a DaaS framework

    Capture internal and external data sources critical to data products success for the organization and document an end-to-end DaaS framework.

    • Design Data-as-a-Service – Phase 3: Establish a DaaS Framework
    [infographic]

    Workshop: Design Data-as-a-Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Data Marketplace and DaaS Explained

    The Purpose

    The purpose of this module is to provide a clear understanding of the key concepts such as data marketplace, data sharing, and data products.

    Key Benefits Achieved

    This module will provide clear benefits of adopting the DaaS framework and solid rationale for moving towards a more connected data ecosystem and avoiding data silos.

    Activities

    1.1 Review the business context

    1.2 Understand the data ecosystem

    1.3 Draft products ideas and use cases

    1.4 Capture data product metrics

    Outputs

    Data product ideas

    Data sharing use cases

    Data product metrics

    2 Design Data Product

    The Purpose

    The purpose of this module is to leverage design thinking methodology and templates to document the most important data products.

    Key Benefits Achieved

    Data products design that incorporates end-to-end customer journey and stakeholder map.

    Activities

    2.1 Create a stakeholder map

    2.2 Establish a persona

    2.3 Data consumer journey map

    2.4 Document data product design

    Outputs

    Data product design

    3 Assess Data Sources

    The Purpose

    The purpose of this module is to capture internal and external data sources critical to data product success.

    Key Benefits Achieved

    Break down silos by integrating internal and external data sources

    Activities

    3.1 Review the conceptual data model

    3.2 Map internal and external data sources

    3.3 Document data sources

    Outputs

    Internal and external data sources relationship map

    4 Establish a DaaS Framework

    The Purpose

    The purpose of this module is to document end-to-end DaaS framework.

    Key Benefits Achieved

    End-to-end framework that breaks down silos and enables data product that can be exchanged for long-term success.

    Activities

    4.1 Design target state DaaS framework

    4.2 Document DaaS framework

    4.3 Assess the gaps between current and target environments

    4.4 Brainstorm initiatives to develop DaaS capabilities

    Outputs

    Target DaaS framework

    DaaS initiative

    Purchase Storage Without Buyer's Remorse

    • Buy Link or Shortcode: {j2store}505|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Storage is a big ticket item that often only gets purchased every three to five years. Many buyers focus on capital costs and rely on vendors for scoping of requirements leading to overspending and buyer’s remorse.
    • Three-quarters of storage buyers are dissatisfied with at least one aspect of their most recent storage purchase, and over 40% of organizations switched vendors, making it critical to understand the market and the important factors to avoiding buyer’s remorse.

    Our Advice

    Critical Insight

    • Know where to negotiate on price. Many organizations spend as much or more effort on negotiating a better price as they do on assessing current and future requirements; yet, more than 35% of organizations report dissatisfaction with hardware, software, and/or maintenance and support costs from their most recent purchase.
    • Understand support agreements and vendor offerings. Organizations satisfied with their storage purchase spent more effort evaluating support capabilities of vendors and assessing current and future requirements.
    • Determine costs to scale-up your storage. More than 35% of organizations report dissatisfaction with costs to scale their solutions by adding disks or disk trays, following their initial contract, making it crucial to establish scaling costs with your vendor.

    Impact and Result

    • Get peace of mind knowing that the quote you’re about to sign delivers the solution and capabilities around software and support that you think you are getting.
    • Understand contract discounting levels and get advice around where further discounting can be negotiated with the reseller.
    • Future-proof your purchase by capitalizing on Info-Tech’s exposure to other clients’ past experiences.

    Purchase Storage Without Buyer's Remorse Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Purchase storage without buyer's remorse

    Ensure the purchase is the lowest cost with fewest future headaches.

    • Storyboard: Purchase Storage Without Buyer's Remorse

    2. Evaluate storage vendors and their product capabilities

    Select the most appropriate offering for business needs at a competitive price point.

    3. Ensure vendors reveal all details regarding strengths and weaknesses

    Get the lowest priced feature set for the selected product.

    • Storage Reseller Interrogation Script
    [infographic]

    Secure Operations in High-Risk Jurisdictions

    • Buy Link or Shortcode: {j2store}369|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    Business operations in high-risk areas of the world contend with complex threat environments and risk scenarios that often require a unique response. But traditional approaches to security strategy often miss these jurisdictional risks, leaving organizations vulnerable to threats that range from cybercrime and data breaches to fines and penalties.

    Security leaders need to identify high-risk jurisdictions, inventory critical assets, identify vulnerabilities, assess risks, and identify security controls necessary to mitigate those risks.

    Secure operations and protect critical assets in high-risk regions

    Across risks that include insider threats and commercial surveillance, the two greatest vulnerabilities that organizations face in high-risk parts of the world are travel and compliance. Organizations can make small adjustments to their security program to address these risks:

    1. Support high-risk travel: Put measures and guidelines in place to protect personnel, data, and devices before, during, and after employee travel.
    2. Mitigate compliance risk: Consider data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth.

    Using these two prevalent risk scenarios in high-risk jurisdictions as examples, this research walks you through the steps to analyze the threat landscape, assess security risks, and execute a response to mitigate them.

    Secure Operations in High-Risk Jurisdictions Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Secure Operations in High-Risk Jurisdictions – A step-by-step approach to mitigating jurisdictional security and privacy risks.

    Traditional approaches to security strategy often miss jurisdictional risks. Use this storyboard to make small adjustments to your security program to mitigate security risks in high-risk jurisdictions.

    • Secure Operations in High-Risk Jurisdictions – Phases 1-3

    2. Jurisdictional Risk Register and Heat Map Tool – A tool to inventory, assess, and treat jurisdictional risks.

    Use this tool to track jurisdictional risks, assess the exposure of critical assets, and identify mitigation controls. Use the geographic heatmap to communicate inherent jurisdictional risk with key stakeholders.

    • Jurisdictional Risk Register and Heat Map Tool

    3. Guidelines for Key Jurisdictional Risk Scenarios – Two structured templates to help you develop guidelines for two key jurisdictional risk scenarios: high-risk travel and compliance risk

    Use these two templates to develop help you develop your own guidelines for key jurisdictional risk scenarios. The guidelines address high-risk travel and compliance risk.

    • Digital Safety Guidelines for International Travel
    • Guidelines for Compliance With Local Security and Privacy Laws Template

    Infographic

    Workshop: Secure Operations in High-Risk Jurisdictions

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Context for Risk Assessment

    The Purpose

    Assess business requirements and evaluate security pressures to set the context for the security risk assessment.

    Key Benefits Achieved

    Understand the goals of the organization in high-risk jurisdictions.

    Assess the threats to critical assets in these jurisdictions and capture stakeholder expectations for information security.

    Activities

    1.1 Determine assessment scope.

    1.2 Determine business goals.

    1.3 Determine compliance obligations.

    1.4 Determine risk appetite.

    1.5 Conduct pressure analysis.

    Outputs

    Business requirements

    Security pressure analysis

    2 Analyze Key Risk Scenarios for High-Risk Jurisdictions

    The Purpose

    Build key risk scenarios for high-risk jurisdictions.

    Key Benefits Achieved

    Identify critical assets in high-risk jurisdictions, their vulnerabilities to relevant threats, and the adverse impact should malicious agents exploit them.

    Assess risk exposure of critical assets in high-risk jurisdictions.

    Activities

    2.1 Identify critical assets.

    2.2 Identify threats.

    2.3 Assess risk likelihood.

    2.4 Assess risk impact.

    Outputs

    Key risk scenarios

    Jurisdictional risk exposure

    Jurisdictional Risk Register and Heat Map

    3 Build Risk Treatment Roadmap

    The Purpose

    Prioritize and treat jurisdictional risks to critical assets.

    Key Benefits Achieved

    Build an initiative roadmap to reduce residual risks in high-risk jurisdictions.

    Activities

    3.1 Identify and assess risk response.

    3.2 Assess residual risks.

    3.3 Identify security controls.

    3.4 Build initiative roadmap.

    Outputs

    Action plan to mitigate key risk scenarios

    Further reading

    Secure Operations in High-Risk Jurisdictions

    Assessments often omit jurisdictional risks. Are your assets exposed?

    EXECUTIVE BRIEF

    Analyst Perspective

    Operations in high-risk jurisdictions face unique security scenarios.

    The image contains a picture of Michel Hebert.

    Michel Hébert

    Research Director

    Security and Privacy

    Info-Tech Research Group


    The image contains a picture of Alan Tang.

    Alan Tang

    Principal Research Director

    Security and Privacy

    Info-Tech Research Group


    Traditional approaches to security strategies may miss key risk scenarios that critical assets face in high-risk jurisdictions. These include high-risk travel, heightened insider threats, advanced persistent threats, and complex compliance environments. Most organizations have security strategies and risk management practices in place, but securing global operations requires its own effort. Assess the security risk that global operations pose to critical assets. Consider the unique assets, threats, and vulnerabilities that come with operations in high-risk jurisdictions. Focus on the business activities you support and integrate your insights with existing risk management practices to ensure the controls you propose get the visibility they need. Your goal is to build a plan that mitigates the unique security risks that global operations pose and secures critical assets in high-risk areas. Don’t leave security to chance.

    Executive Summary

    Your Challenge

    • Security leaders who support operations in many countries struggle to mitigate security risks to critical assets. Operations in high-risk jurisdictions contend with complex threat environments and security risk scenarios that often require a unique response.
    • Security leaders need to identify critical assets, assess vulnerabilities, catalog threats, and identify the security controls necessary to mitigate related operational risks.

    Common Obstacles

    • Securing operations in high-risk jurisdictions requires additional due diligence. Each jurisdiction involves a different risk context, which complicates efforts to identify, assess, and mitigate security risks to critical assets.
    • Security leaders need to engage the organization with the right questions and identify high-risk vulnerabilities and security risk scenarios to help stakeholders make an informed decision about how to assess and treat the security risks they face in high-risk jurisdictions.

    Info-Tech’s Approach

    Info-Tech has developed an effective approach to protecting critical assets in high-risk jurisdictions.

    This approach includes tools for:

    • Evaluating the security context of your organization’s high-risk jurisdictions.
    • Identifying security risk scenarios unique to high-risk jurisdictions and assessing the exposure of critical assets.
    • Planning and executing a response.

    Info-Tech Insight

    Organizations with global operations must contend with a more diverse set of assets, threats, and vulnerabilities when they operate in high-risk jurisdictions. Security leaders need to take additional steps to secure operations and protect critical assets.

    Business operations in high-risk jurisdictions face a more complex security landscape

    Information security risks to business operations vary widely by region.

    The 2022 Allianz Risk Barometer surveyed 2,650 business risk specialists in 89 countries to identify the most important risks to operations. The report identified cybercrime, IT failures, outages, data breaches, fines, and penalties as the most important global business risks in 2022, but their results varied widely by region. The standout finding of the 2022 Allianz Risk Barometer is the return of security risks as the most important threat to business operations. Security risks will continue to be acute beyond 2022, especially in Africa, the Middle East, Europe, and the Asia-Pacific region, where they will dwarf risks of supply chain interruptions, natural catastrophe, and climate change.

    Global operations in high-risk jurisdictions contend with more diverse threats. These security risk scenarios are not captured in traditional security strategies.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on higher security-related business risks.

    Figures represent the number of cybersecurity risks business risk specialists selected as a percentage of all business risks (Allianz, 2022). Higher scores indicate jurisdictions with higher security-related business risks. Jurisdictions without data are in grey.

    Different jurisdictions’ commitment to cybersecurity also varies widely, which increases security risks further

    The Global Cybersecurity Index (GCI) provides insight into the commitment of different countries to cybersecurity.

    The index assesses a country’s legal framework to identify basic requirements that public and private stakeholders must uphold and the legal instruments prohibiting harmful actions.

    The 2020 GCI results show overall improvement and strengthening of the cybersecurity agenda globally, but significant regional gaps persist. Of the 194 countries surveyed:

    • 33% had no data protection legislation.
    • 47% had no breach notification measures in place.
    • 50% had no legislation on the theft of personal information.
    • 19% still had no legislation on illegal access.

    Not every jurisdiction has the same commitment to cybersecurity. Protecting critical assets in high-risk jurisdictions requires additional due diligence.

    The image contains a picture of the world map that has certain areas of the map highlighted in various shades of blue based on scores in relation to the Global Security Index.

    The diagram sets out the score and rank for each country that took part in the Global Cybersecurity Index (ITU, 2021)

    Higher scores show jurisdictions with a lower rank on the CGI, which implies greater risk. Jurisdictions without data are in grey.

    Securing critical assets in high-risk jurisdictions requires additional effort

    Traditional approaches to security strategy may miss these key risk scenarios.

    As a result, security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets.

    Guide stakeholders to make informed decisions about how to assess and treat the security risks and secure operations.

    • Engage the organization with the right questions.
    • Identify critical assets and assess vulnerabilities.
    • Catalogue threats and build risk scenarios.
    • Identify the security controls necessary to mitigate risks.

    Work with your organization to analyze the threat landscape, assess security risks unique to high-risk jurisdictions, and execute a response to mitigate them.

    This project blueprint works through this process using the two most prevalent risk scenarios in high-risk jurisdictions: high-risk travel and compliance risk.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance
    The image contains a screenshot of an Info-Tech thought model regarding secure global operations in high-risk jurisdictions.

    Travel risk is the first scenario we use as an example throughout the blueprint

    • This project blueprint outlines a process to identify, assess, and mitigate key risk scenarios in high-risk jurisdictions. We use two common key risk scenarios as examples throughout the deck to illustrate how you create and assess your own scenarios.
    • Supporting high-risk travel is the first scenario we will study in-depth as an example. Business growth, service delivery, and mergers and acquisitions can lead end users to travel to high-risk jurisdictions where staff, devices, and data are at risk.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.

    The project blueprint includes template guidance in Phase 3 to help you build and deploy your own travel guidelines to protect critical assets and support end users before they leave, during their trip, and when they return.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Compliance risk is the second scenario we use as an example

    • Mitigating compliance risk is the second scenario we will study as an example in this blueprint. The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Later sections will show how to think through at least four compliance risks, including:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    The project blueprint includes template guidance in Phase 3 to help you deploy your own compliance governance controls as a risk mitigation measure.

    Secure Operations in High-Risk Jurisdictions: Info-Tech’s methodology

    1. Identify Context

    2. Assess Risks

    3. Execute Response

    Phase Steps

    1. Assess business requirements
    2. Evaluate security pressures
    1. Identify risks
    2. Assess risk exposure
    1. Treat security risks
    2. Build initiative roadmap

    Phase Outcomes

    • Internal security pressures that capture the governance, policies, practices, and risk tolerance of the organization
    • External security pressures that capture the expectations of customers, regulators, legislators, and business partners
    • A heatmap that captures not only the global exposure of your critical assets but also the business processes they support
    • A security risk register to allow for the easy transfer of critical assets’ global security risk data to your organization’s enterprise risk management practice
    • A roadmap of prioritized initiatives to apply relevant controls and secure global assets
    • A set of key risk indicators to monitor and report your progress

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Business Security Requirements

    Identify the context for the global security risk assessment, including risk appetite and risk tolerance.

    Jurisdictional Risk Register and Heatmap

    Identify critical global assets and the threats they face in high-risk jurisdictions and assess exposure.

    Mitigation Plan

    Roadmap of initiatives and security controls to mitigate global risks to critical assets. Tools and templates to address key security risk scenarios.

    Key deliverable:

    Jurisdictional Risk Register and Heatmap

    Use the Jurisdictional Risk Register and Heatmap Tool to capture information security risks to critical assets in high-risk jurisdictions. The tool generates a world chart that illustrates the risks global operations face to help you engage the business and execute a response.

    Blueprint benefits

    Protect critical assets in high-risk jurisdictions

    IT Benefits

    Assess and remediate information security risk to critical assets in high-risk jurisdictions.

    Easily integrate your risk assessment with enterprise risk assessments to improve communication with the business.

    Illustrate key information security risk scenarios to make the case for action in terms the business understands.

    Business Benefits

    Develop mitigation plans to protect staff, devices, and data in high-risk jurisdictions.

    Support business growth in high-risk jurisdictions without compromising critical assets.

    Mitigate compliance risk to protect your organization’s reputation, avoid fines, and ensure business continuity.

    Quantify the impact of securing global operations

    The tool included with this blueprint can help you measure the impact of implementing the research

    • Use the Jurisdictional Risk Register and Heatmap Tool to describe the key risk scenarios you face, assess their likelihood and impact, and estimate the cost of mitigating measures. Working through the project in this way will help you quantify the impact of securing global operations.
    The image contains a screenshot of Info-Tech's Jurisdictional Risk Register and Heatmap Tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Establish Baseline Metrics

    • Review existing information security and risk management metrics and the output of the tools included with the blueprint.
    • Identify metrics to measure the impact of your risk management efforts. Focus specifically on high-risk jurisdictions.
    • Compare your results with those in your overall security and risk management program.

    ID

    Metric

    Why is this metric valuable?

    How do I calculate it?

    1.

    Overall Exposure – High-Risk Jurisdictions

    Illustrates the overall exposure of critical assets in high-risk jurisdictions.

    Use the Jurisdictional Risk Register and Heatmap Tool. Calculate the impact times the probability rating for each risk. Take the average.

    2.

    # Risks Identified – High-Risk Jurisdictions

    Informs risk tolerance assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    3.

    # Risks Treated – High-Risk Jurisdictions

    Informs residual risk assessments.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    4.

    Mitigation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Use the Jurisdictional Risk Register and Heatmap Tool.

    5.

    # Security Incidents – High-Risk Jurisdictions

    Informs incident trend calculations to determine program effectiveness.

    Draw the information from your service desk or IT service management tool.

    6.

    Incident Remediation Cost – High-Risk Jurisdictions

    Informs cost-benefit analysis to determine program effectiveness.

    Estimate based on cost and effort, including direct and indirect cost such as business disruptions, administrative finds, reputational damage, etc.

    7.

    TRENDS: Program Effectiveness – High-Risk Jurisdictions

    # of security incidents over time. Remediation : Mitigation costs over time

    Calculate based on metrics 5 to 7.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Call #1: Scope project requirements, determine assessment scope, and discuss challenges.

    Phase 2

    Call #2: Conduct initial risk assessment and determine risk tolerance.

    Call #3: Evaluate security pressures in high-risk jurisdictions.

    Call #4: Identify risks in high-risk jurisdictions.

    Call #5: Assess risk exposure.

    Phase 3

    Call #6: Treat security risks in high-risk jurisdictions.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Days 1

    Days 2-3

    Day 4

    Day 5

    Identify Context

    Key Risk Scenarios

    Build Roadmap

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1.1 Determine assessment scope.

    1.1.2 Determine business goals.

    1.1.3 Identify compliance obligations.

    1.2.1 Determine risk appetite.

    1.2.2 Conduct pressure analysis.

    2.1.1 Identify assets.

    2.1.2 Identify threats.

    2.2.1 Assess risk likelihood.

    2.2.2 Assess risk impact.

    3.1.1 Identify and assess risk response.

    3.1.2 Assess residual risks.

    3.2.1 Identify security controls.

    3.2.2 Build initiative roadmap.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Business requirements for security risk assessment
    2. Identification of high-risk jurisdictions
    3. Security threat landscape for high-risk jurisdictions
    1. Inventory of relevant threats, critical assets, and their vulnerabilities
    2. Assessment of adverse effects should threat agents exploit vulnerabilities
    3. Risk register with key risk scenarios and heatmap of high-risk jurisdictions
    1. Action plan to mitigate key risk scenarios
    2. Investment and implementation roadmap
    1. Completed information security risk assessment for two key risk scenarios
    2. Risk mitigation roadmap

    No safe jurisdictions

    Stakeholders sometimes ask information security and privacy leaders to produce a list of safe jurisdictions from which to operate. We need to help them see that there are no safe jurisdictions, only relatively risky ones. As you build your security program, deepen the scope of your risk assessments to include risk scenarios critical assets face in different jurisdictions. These risks do not need to rule out operations, but they may require additional mitigation measures to keep staff, data, and devices safe and reduce potential reputational harms.

    Traditional approaches to security strategy often omit jurisdictional risks.

    Global operations must contend with a more complex security landscape. Secure critical assets in high-risk jurisdictions with a targeted risk assessment.

    The two greatest risks are high-risk travel and compliance risk.

    You can mitigate them with small adjustments to your security program.

    Support High-Risk Travel

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security. Put measures and guidelines in place to protect them before, during, and after travel.

    Mitigate Compliance Risk

    Think through data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth and mitigate compliance risks in high-risk jurisdictions to protect your organization’s reputation and avoid hefty fines or business disruptions.

    Phase 1

    Identify Context

    This phase will walk you through the following activities:

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.
    • Evaluate jurisdictional security pressures to understand threats to critical assets and capture the expectations of external stakeholders, including customers, regulators, legislators, and business partners, and assess risk tolerance.

    This phase involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Step 1.1

    Assess Business Requirements

    Activities

    1.1.1 Determine assessment scope

    1.1.2 Identify enterprise goals in high-risk jurisdictions

    1.1.3 Identify compliance obligations

    This step involves the following participants:

    • Business stakeholders
    • IT leadership
    • Security team
    • Risk and Compliance

    Outcomes of this step

    • Assess business requirements to understand the goals of the organization’s global operations, as well as its risk governance, policies, and practices.

    Focus the risk assessment on high-risk jurisdictions

    Traditional approaches to information security strategy often miss threats to global operations

    • Successful security strategies are typically sensitive to risks to different IT systems and lines of business.
    • However, securing global operations requires additional focus on high-risk jurisdictions, considering what makes them unique.
    • This first phase of the project will help you evaluate the business context of operations in high-risk jurisdictions, including:
      • Enterprise and security goals.
      • Lines of business, physical locations, and IT systems that need additional oversight.
      • Unique compliance obligations.
      • Unique risks and security pressures.
      • Organizational risk tolerance in high-risk jurisdictions.

    Focus your risk assessment on the business activities security supports in high-risk jurisdictions and the unique threats they face to bridge gaps in your security strategy.

    Identify jurisdictions with higher inherent risks

    Your security strategy may not describe jurisdictional risk adequately.

    • Security strategies list lines of business, physical locations, and IT systems the organization needs to secure and those whose security will depend on a third-party. You can find additional guidance on fixing the scope and boundaries of a security strategy in Phase 1 of Build an Information Security Strategy.
    • However, security risks vary widely from one jurisdiction to another according to:
      • Active cyber threats.
      • Legal and regulatory frameworks.
      • Regional security and preparedness capabilities.
    • Your first task is to identify high-risk jurisdictions to target for additional oversight.

    Work closely with your enterprise risk management function.

    Enterprise risk management functions are often tasked with developing risk assessments from composite sources. Work closely with them to complete your own assessment.

    Countries at heightened risk of money laundering and terrorism financing are examples of high-risk jurisdictions. The Financial Action Task Force and the U.S. Treasury publish reports three times a year that identify Non-Cooperative Countries or Territories.

    Develop a robust jurisdictional assessment

    Design an intelligence collection strategy to inform your assessment

    Strategic Intelligence

    White papers, briefings, reports. Audience: C-Suite, board members

    Tactical Intelligence

    Internal reports, vendor reports. Audience: Security leaders

    Operational intelligence

    Indicators of compromise. Audience: IT Operations

    Operational intelligence focuses on machine-readable data used to block attacks, triage and validate alerts, and eliminate threats from the network. It becomes outdated in a matter of hours and is less useful for this exercise.

    Determine travel risks to bolster your assessments

    Not all locations and journeys will require the same security measures.

    • Travel risks vary significantly according to destination, the nature of the trip, and traveler profile.
    • Access to an up-to-date country risk rating system enables your organization and individual staff to quickly determine the overall level of risk in a specific country or location.
    • Based on this risk rating, you can specify what security measures are required prior to travel and what level of travel authorization is appropriate, in line with the organization's security policy or travel security procedures.
    • While some larger organizations can maintain their own country risk ratings, this requires significant capacity, particularly to obtain the necessary information to keep these regularly updated.
    • It may be more effective for your organization to make use of the travel risk ratings provided by an external security information provider, such as a company linked to your travel insurance or travel booking service, if available.
    • Alternatively, various open-source travel risk ratings are available via embassy travel sites or other website providers.

    Without a flexible system to account for the risk exposures of different jurisdictions, staff may perceive measures as a hindrance to operations.

    Develop a tiered risk rating

    The example below outlines potential risk indicators for high-risk travel.

    Rating

    Description

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high, often targeting foreigners. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing natural disasters or epidemics are considered high risk.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to parts of the country. Transportation and communication services are severely degraded or nonexistent. Violence presents a direct threat to staff security.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    1.1.1 Determine assessment scope

    1 – 2 hours

    1. As a group, brainstorm a list of high-risk jurisdictions to target for additional assessment. Write down as many items as possible to include in:
    • Lines of business
    • Physical locations
    • IT systems

    Pay close attention to elements of the assessment that are not in scope.

  • Discuss the response and the rationale for targeting each of them for additional risk assessments. Identify security-related concerns for different lines of business, locations, user groups, IT systems, and data.
  • Record your responses and your comments in the Information Security Requirements Gathering Tool.
  • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Relevant threat intelligence
    • A list of high-risk jurisdictions to focus your risk assessment

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Position your efforts in a business context

    Securing critical assets in high-risk jurisdictions is a business imperative

    • Many companies relegate their information security strategies to their IT department. Aside from the strain the choice places on a department that already performs many different functions, it wrongly implies that mitigating information security risk is simply an IT problem.
    • Managing information security risks is a business problem. It requires that organizations identify their risk appetite, prioritize relevant threats, and define risk mitigation initiatives. Business leaders can only do these activities effectively in a context that recognizes the business and financial benefits of implementing protections.
    • This is notably true of businesses with operations in many different countries. Each jurisdiction has its own set of security risks the organization must account for, as well as unique local laws and regulations that affect business operations.
    • In high-risk jurisdictions, your efforts must consider the unique operational challenges your organization may not face in its home country. Your efforts to secure critical assets will be most successful if you describe key risk scenarios in terms of their impact on business goals.
    • You can find additional guidance on assessing the business context of a security strategy in Phase 1 of Build an Information Security Strategy.

    Do you understand the unique business context of operations in high-risk jurisdictions?

    1.1.2 Identify business goals

    Estimated Time: 1-2 hours

    1. As a group, brainstorm the primary and secondary business goals of the organization. Focus your assessment on operations in high-risk jurisdictions you identified in Exercise 1.1.1. Review:
    • Relevant corporate and IT strategies.
    • The business goal definitions and indicator metrics in tab 2, “Goals Definition,” of the Information Security Requirements Gathering Tool.
  • Limit business goals to no more than two primary goals and three secondary goals. This limitation will help you prioritize security initiatives at the end of the project.
  • For each business goal, identify up to two security alignment goals that will support business goals in high-risk jurisdictions.
  • Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Your goals for the security risk assessment for high-risk jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Record business goals

    Capture the results in the Information Security Requirements Gathering Tool

    1. Record the primary and secondary business goals you identified in tab 3, “Goals Cascade,” of the Information Security Requirements Gathering Tool.
    2. Next, record the two security alignment goals you selected for each business goal based on the tool’s recommendations.
    3. Finally, review the graphic diagram that illustrates your goals on tab 6, “Results,” of the Information Security Requirements Gathering Tool.
    4. Revisit this exercise whenever operations expands to a new jurisdiction to capture how they contribute to the organization’s mission and vision and how the security program can support them.
    The image contains a screenshot of Tab 3, Goals Cascade.

    Tab 3, Goals Cascade

    The image contains a screenshot of Tab 6, Results.

    Tab 6, Results

    Analyze business goals

    Assess how operating in multiple jurisdictions adds nuance to your business goals

    • Security leaders need to understand the direction of the business to propose relevant security initiatives that support business goals in high-risk jurisdictions.
    • Operating in different jurisdictions carries its own degree of risk. The organization is subject not only to the information security risks and legal frameworks of its country of origin but also to those associated with international jurisdictions.
    • You need to understand where your organization operates and how these different jurisdictions contribute to your business goals to support their performance and protect the firm’s reputation.
    • This exercise will make an explicit link between security and privacy concerns in high-risk jurisdictions, what the business cares about, and what security is trying to accomplish.

    If the organization is considering a merger and acquisition project that will expand operations in jurisdictions with different travel risk profiles, the security organization needs to revise the security strategy to ensure the organization can support high-risk travel and mitigate risks to critical assets.

    Identify compliance obligations

    Data compliance obligations loom large in high-risk jurisdictions

    The image contains four hexagons, each with their own words. SOX, PCI DSS, HIPAA, HITECH.

    Security leaders are familiar with most conventional regulatory obligations that govern financial, personal, and healthcare data in North America and Europe.

    The image contains four hexagons, each with their own words. Residency, Cross-Border Transfer, Breach Notification, Third-Party Risk Mgmt.

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency and data localization and to shut down the cross-border transfer of data.

    The next step requires you to consider the compliance obligations the organization needs to meet to support the business as it expands to other jurisdictions through natural growth, mergers, and acquisitions.

    1.1.3 Identify compliance obligations

    Estimated Time: 1-2 hours

    1. As a group, brainstorm compliance obligations in target jurisdictions. Focus your assessment on operations in high-risk jurisdictions.
    2. Include:

    • Laws
    • Governing regulations
    • Industry standards
    • Contractual agreements
  • Record your compliance obligations and comments on tab 4, “Compliance Obligations,” of the Information Security Requirements Gathering Tool.
  • If you need to take full stock of the laws and regulations in place in the jurisdictions where you operate that you are not familiar with, consider seeking local legal counsel to help you navigate this exercise.
  • Input

    Output

    • Legal and compliance frameworks in target jurisdictions
    • Mandatory and voluntary compliance obligations for target jurisdictions

    Materials

    Participants

    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Information Security Requirements Gathering Tool

    Step 1.2

    Evaluate Security Pressures

    Activities

    1.2.1 Conduct initial risk assessment

    1.2.2 Conduct pressure analysis

    1.2.3 Determine risk tolerance

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    Identify threats to global assets and capture the security expectations of external stakeholders, including customers, regulators, legislators, and business partners, and determine risk tolerance.

    Evaluate security pressures to set the risk context

    Perform an initial assessment of high-risk jurisdictions to set the context.

    Assess:

    • The threat landscape.
    • The security pressures from key stakeholders.
    • The risk tolerance of your organization.

    You should be able to find the information in your existing security strategy. If you don’t have the information, work through the next three steps of the project blueprint.

    The image contains a diagram to demonstrate evaluating security pressures, as described in the text above.

    Some jurisdictions carry inherent risks

    • Jurisdictional risks stem from legal, regulatory, or political factors that exist in different countries or regions. They can also stem from unexpected legal changes in regions where critical assets have exposure. Understanding jurisdictional risks is critical because they can require additional security controls.
    • Jurisdictional risk tends to be higher in jurisdictions:
      • Where the organization:
        • Conducts high-value or high-volume financial transactions.
        • Supports and manages critical infrastructure.
        • Has high-cost data or data whose compromise could undermine competitive advantage.
        • Has a high percentage of part-time employees and contractors.
        • Experiences a high rate of employee turnover.
      • Where state actors:
        • Have a low commitment to cybersecurity, financial, and privacy legislation and regulation.
        • Support cybercrime organizations within their borders.

    Jurisdictional risk is often reduced to countries where money laundering and terrorist activities are high. In this blueprint, the term refers to the broader set of information security risks that arise when operating in a foreign country or jurisdiction.

    Five key risk scenarios are most prevalent

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets. The goal of the next two exercises is to analyze the threat landscape and security pressures unique to high-risk jurisdictions, which will inform the construction of key scenarios in Phase 2. These five scenarios are most prevalent in high-risk jurisdictions. Keep them in mind as you go through the exercises in this section.

    1.2.1 Assess jurisdictional risk

    1-3 hours

    1. As a group, review the questions on tab 2, “Risk Assessment,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk elements with a focus on high-risk jurisdictions:
    3. Review each question in tab 2 of the Information Security Pressure Analysis Tool and select the most appropriate response.

    Input

    Output

    • Existing security strategy
    • List of organizational assets
    • Historical data on information security incidents
    • Completed risk assessment

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    For more information on how to complete the risk assessment questionnaire, see Step 1.2.1 of Build an Information Security Strategy.

    1.2.2 Conduct pressure analysis

    1-3 hours

    1. As a group, review the questions on tab 3, “Pressure Analysis,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following pressure elements with a focus on high-risk jurisdictions:
    • Compliance and oversight
    • Customer expectations
    • Business expectations
    • IT expectations
  • Review each question in the questionnaire and provide the most appropriate response using the drop-down list. It may be helpful to consult with the appropriate departments to obtain their perspectives.
  • For more information on how to complete the pressure analysis questionnaire, see Step 1.3 of Build an Information Security Strategy.

    Input

    Output

    • Information on various pressure elements within the organization
    • Existing security strategy
    • Completed pressure analysis

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Business leaders
    • Compliance

    A low security pressure means that your stakeholders do not assign high importance to information security. You may need to engage stakeholders with the right key risk scenarios to illustrate jurisdictional risk and generate support for new security controls.

    Download the Information Security Pressure Analysis Tool

    Assess risk tolerance

    • Risk tolerance expresses the types and amount of risk the organization is willing to accept in pursuit of its goals.
    • These expectations can help you identify, manage, and report on key risk scenarios in high-risk jurisdictions.
    • For instance, an organization with a low risk tolerance will require a stronger information security program to minimize operational security risks.
    • It’s up to business leaders to determine the risks they are willing to accept. They may need guidance to understand how system-level risks affect the organization’s ability to pursue its goals.

    A formalized risk tolerance statement can help:

    • Support risk-based security decisions that align with business goals.
    • Provide a meaningful rationale for security initiatives.
    • Improve the transparency of investments in the organization’s security program.
    • Provide guidance for monitoring inherent risk and residual risk exposure.

    The role of security professionals is to identify and analyze key risk scenarios that may prevent the organization from reaching its goals.

    1.2.3 Determine risk tolerance

    1-3 hours

    1. As a group, review the questions on tab 4, “Risk Tolerance,” of the Information Security Pressure Analysis Tool.
    2. Gather the required information from subject matter experts on the following risk tolerance elements:
    • Recent IT problems, especially downtime and data recovery issues
    • Historical security incidents
  • Review any relevant documentation, including:
    • Existing security strategy
    • Business impact assessments
    • Service-level agreements

    For more information on how to complete the risk tolerance questionnaire, see Step 1.4 of Build an Information Security Strategy.

    Input

    Output

    • Existing security strategy
    • Data on recent IT problems and incidents
    • Business impact assessments
    • Completed risk tolerance statement

    Materials

    Participants

    • Information Security Pressure Analysis Tool
    • Security team
    • IT leadership
    • Risk Management

    Download the Information Security Pressure Analysis Tool

    Review the output of the results tab

    • The organizational risk assessment provides a high-level assessment of inherent risks in high-risk jurisdictions. Use the results to build and assess key risk scenarios in Phase 2.
    • Use the security pressure analysis to inform stakeholder management efforts. A low security pressure indicates that stakeholders do not yet grasp the impact of information security on organizational goals. You may need to communicate its importance before you discuss additional security controls.
    • Jurisdictions in which organizations have a low risk tolerance will require stronger information security controls to minimize operational risks.
    The image contains a screenshot of the organizational risk assessment. The image contains a screenshot of the security pressure analysis. The image contains a screenshot of the risk tolerance curve.

    Phase 2

    Assess Security Risks to Critical Assets

    This phase will walk you through the following activities:

    • Identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.
    • Assess risk exposure of critical assets in high-risk jurisdictions for each risk scenario through an analysis of its likelihood and impact.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 2.1

    Identify Risks

    Activities

    2.1.1 Identify assets

    2.1.2 Identify threats

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Define risk scenarios that identify critical assets, their vulnerabilities to relevant threats, and the adverse impact a successful threat event would have on the organization.

    This blueprint focuses on mitigating jurisdictional risks

    The image contains a screenshot of the IT Risk Management Framework. The framework includes: Risk Identification, Risk Assessment, Risk Response, and Risk Governance.

    For a deeper dive into building a risk management program, see Info-Tech’s core project blueprints on risk management:

    Build an IT Risk Management Program

    Combine Security Risk Management Components Into One Program

    Draft key risk scenarios to illustrate adverse events

    Risk scenarios help decision-makers understand how adverse events affect business goals.

    • Risk-scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that describes the circumstances and consequences if it were to happen.
    • Risk scenarios set up the risk analysis stage of the risk assessment process. They are narratives that describe in detail:
      • The asset at risk.
      • The threat that can act against the asset.
      • Their intent or motivation.
      • The circumstances and threat actor model associated with the threat event.
      • The potential effect on the organization.
      • When or how often the event might occur.

    Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.

    Well-crafted risk scenarios have four components

    The second phase of the project will help you craft meaningful risk scenarios

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    An actor capable of harming an asset

    Anything of value that can be affected and results in loss

    Technique an actor uses to affect an asset

    How loss materializes

    Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors

    Examples: Systems, regulated data, intellectual property, people

    Examples: Credential compromise, privilege escalation, data exfiltration

    Examples: Loss of data confidentiality, integrity, or availability; impact on staff health & safety

    Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events. Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address and treat security risks in high-risk jurisdictions.

    The next slides review five key risk scenarios prevalent in high-risk jurisdictions. Use them as examples to develop your own.

    Travel to high-risk jurisdictions requires special measures to protect staff, devices, and data

    Governmental, academic, and commercial advisors compile lists of jurisdictions that pose greater travel risks annually.

    For instance, in the US, these lists might include countries that are:

    • Subjects of travel warnings by the US Department of State.
    • Identified as high risk by other US government sources such as:
      • The Department of the Treasury Office of Foreign Assets Control (OFAC).
      • The Federal Bureau of Investigation (FBI).
      • The Office of the Director of National Intelligence (ODNI).
    • Compiled from academic and commercial sources, such as Control Risks.

    When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security.

    The image contains a diagram to present high-risk jurisdictions.

    The diagram presents high-risk jurisdictions based on US governmental sources (2021) listed on this slide.

    High-risk travel

    Likelihood: Medium

    Impact: Medium

    Key Risk Scenario #1

    Malicious state actors, cybercriminals, and competitors can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Threat Actor:

    • Malicious state actors
    • Cybercriminals
    • Competitors

    Assets:

    • Staff
    • IT systems
    • Sensitive data

    Effect:

    • Compromised staff health and safety
    • Loss of data
    • Lost of system integrity

    Methods:

    • Identify, steal, or target mobile devices.
    • Compromise network, wireless, or Bluetooth connections.
    • Leverage stolen devices as a means of infecting other networks.
    • Access devices to track user location.
    • Activate microphones on devices to collect information.
    • Intercept electronic communications users send from high-risk jurisdictions.

    The data compliance landscape is a jigsaw puzzle of data protection and data residency requirements

    Since the EU passed the GDPR in 2016, jurisdictions have turned to data regulations to protect citizen data

    Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency, breach notification, and cross-border data transfer regulations. As 2021 wound down to a close, nearly all the world’s 30 largest economies had some form of data regulation in place. The regulatory landscape is shifting rapidly, which complicates operations as organizations grow into new markets or engage in merger and acquisition activities.

    Global operations require special attention to data-residency requirements, data breach notification requirements, and cross-border data transfer regulations to mitigate compliance risk.

    The image contains a diagram to demonstrate the data regulations placed in various places around the world.

    Compliance risk

    Likelihood: Medium

    Impact: High

    Key Risk Scenario #2

    Rapid changes in the privacy and security regulatory landscape threaten organizations’ ability to meet their compliance obligations from local legal and regulatory frameworks. Organizations risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Threat Actor:

    • Local, regional, and national state actors

    Asset:

    • Reputation, market share
    • License to operate

    Effect:

    • Administrative fines
    • Loss of reputation, brand trust, and consumer loyalty
    • Loss of market share
    • Suspension of business operations
    • Lawsuits due to collective actions and claims
    • Criminal charges

    Methods:

    • Shifts in the privacy and security regulatory landscape, including requirements for:
      • Data residency.
      • Cross-border data transfer.
      • Data breach notification.
      • Third-party security and privacy risk management.

    The incidence of insider threats varies widely by jurisdiction in unexpected ways

    On average, companies in North America, the Middle East, and Africa had the most insider incidents in 2021, while those in the Asia-Pacific region had the least.

    The Ponemon Institute set out to understand the financial consequences that result from insider threats and gain insight into how well organizations are mitigating these risks.

    In the context of this research, insider threat is defined as:

    • Employee or contractor negligence.
    • Criminal or malicious insider activities.
    • Credential theft (imposter risk).

    On average, the total cost to remediate insider threats in 2021 was US$15.4 million per incident.

    In all regions, employee or contractor negligence occurred most frequently. Organizations in North America and in the Middle East and Africa were most likely to experience insider threat incidents in 2021.

    the image contains a diagram of the world, with various places coloured in different shades of blue.

    The diagram represents the average number of insider incidents reported per organization in 2021. The results are analyzed in four regions (Ponemon Institute, 2022)

    Insider threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #3

    Malicious insiders, negligent employees, and credential thieves can exploit inside access to information systems to commit fraud, steal confidential or commercially valuable information, or sabotage computer systems. Insider threats are difficult to identify, especially when security is geared toward external threats. They are often familiar with the organization’s data and intellectual property as well as the methods in place to protect them. An insider may steal information for personal gain or install malicious software on information systems. They may also be legitimate users who make errors and disregard policies, which places the organization at risk.

    Threat Actor:

    • Malicious insiders
    • Negligent employees
    • Infiltrators

    Asset:

    • Sensitive data
    • Employee credentials
    • IT systems

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss

    Methods:

    • Infiltrators may compromise credentials.
    • Malicious or negligent insiders may use corporate email to steal or share sensitive data, including:
      • Regulated data.
      • Intellectual property.
      • Critical business information.
    • Malicious agents may facilitate data exfiltration, as well as open-port and vulnerability scans.

    The risk of advanced persistent threats is more prevalent in Central and South America and the Asia-Pacific region

    Attacks from advanced persistent threat (APT) actors are more sophisticated than traditional ones.

    • More countries will use legal indictments as part of their cyber strategy. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same.
    • Expect APTs to increasingly target network appliances like VPN gateways as organizations continue to sustain hybrid workforces.
    • The line between APTs and state-sanctioned ransomware groups is blurring. Expect cybercriminals to wield better tools, mount more targeted attacks, and use double-extortion tactics.
    • Expect more disruption and collateral damage from direct attacks on critical infrastructure.

    Top 10 Significant Threat Actors:

    • Lazarus
    • DeathStalker
    • CactusPete
    • IAmTheKing
    • TransparentTribe
    • StrongPity
    • Sofacy
    • CoughingDown
    • MuddyWater
    • SixLittleMonkeys

    Top 10 Targets:

    • Government
    • Banks
    • Financial Institutions
    • Diplomatic
    • Telecommunications
    • Educational
    • Defense
    • Energy
    • Military
    • IT Companies
    The image contains a world map coloured in various shades of blue.
    Top 12 countries targeted by APTs (Kaspersky, 2020)

    Track notable APTs to revise your list of high-risk jurisdictions and review the latest tactics and techniques

    Governmental advisors track notable APT actors that pose greater risks.

    The CISA Shields Up site, SANS Storm Center site, and MITRE ATT&CK group site provide helpful and timely information to understand APT risks in different jurisdictions.

    The following threat actors are currently associated with cyberattacks affiliated with the Russian government.

    Activity Group

    Risks

    APT28 (GRU)

    Known as Fancy Bear, this threat group has been tied to espionage since 2004. They compromised the Hillary Clinton campaign, amid other major events.

    APT29 (SVT)

    Tied to espionage since 2008. Reportedly compromised the Democratic National Committee in 2015. Cited in the 2021 SolarWinds compromise.

    Buhtrap/RTM Group

    Group focused on financial targets since 2014. Currently known to target Russian and Ukrainian banks.

    Gamaredon

    Operating in Crimea. Aligned with Russian interests. Has previously targeted Ukrainian government officials and organizations.

    DEV-0586

    Carried out wiper malware attacks on Ukrainian targets in January 2022.

    UNC1151

    Active since 2016. Linked to information operation campaigns and the distribution of anti-NATO material.

    Conti

    Most successful ransomware gang of 2021, with US$188M revenue. Supported Russian invasion of Ukraine, threatening attacks on allied critical infrastructure.

    Sources: MITRE ATT&CK; Security Boulevard, 2022; Reuters, 2022; The Verge, 2022

    Advanced persistent threat

    Likelihood: Low to Medium

    Impact: High

    Key Risk Scenario #4

    Advanced persistent threats are state actors or state-sponsored affiliates with the means to avoid detection by anti-malware software and intrusion detection systems. These highly-skilled and persistent malicious agents have significant resources with which to bypass traditional security controls, establish a foothold in the information technology infrastructure, and exfiltrate data undetected. APTs have the resources to adapt to a defender’s efforts to resist them over time. The loss of system integrity and data confidentiality over time can lead to financial losses, business continuity disruptions, and the destruction of critical infrastructure.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • IT systems
    • Critical infrastructure

    Effects:

    • Loss of system integrity
    • Loss of data confidentiality
    • Financial loss
    • Business continuity disruptions
    • Infrastructure destruction

    Methods:

    • Persistent, consistent attacks using the most advanced threats and tactics to bypass security defenses.
    • The goal of APTs is to maintain access to networks for prolonged periods without being detected.
    • The median dwell time differs widely between regions. FireEye reported the mean dwell time for 2018:
      • Americas: 71 days
      • Europe, Middle East, and Africa: 177 days
      • Asia-Pacific: 204 days
    Sources: Symantec, 2011; FireEye, 2019

    Threat agents have deployed invasive technology for commercial surveillance in at least 76 countries since 2015

    State actors and their affiliates purchased and used invasive spyware from companies in Europe, Israel, and the US.

    • “Customers are predominantly repressive regimes looking for new ways to control the flow of information and stifle dissent. Less than 10% of suspected customers are considered full democracies by the Economist Intelligence Unit.” (Top10VPN, 2021)
    • Companies based in economically developed and largely democratic states are profiting off the technology.
    • The findings demonstrate the need to consider geopolitical realities when assessing high-risk jurisdictions and to take meaningful action to increase layered defenses against invasive malware.
    • Spyware is having an increasingly well-known impact on civil society. For instance, since 2016, over 50,000 individual phone numbers have been identified as potential targets by NSO Group, the Israeli manufacturers of the notorious Pegasus Spyware. The target list contained the phone numbers of politicians, journalists, activists, doctors, and academics across the world.
    • The true number of those affected by spyware is almost impossible to determine given that many fall victim to the technology and do not notice.
    The image contains a map of the world with various countries highlighted in shades of blue.

    Countries where commercial surveillance tools have been deployed (“Global Spyware Market Index,” Top10VPN, 2021)

    The risks and effects of spyware vary greatly

    Spyware can steal mundane information, track a user’s every move, and everything in between.

    Adware

    Software applications that display advertisements while the program is running.

    Keyboard Loggers

    Applications that monitor and record keystrokes. Malicious agents use them to steal credentials and sensitive enterprise data.

    Trojans

    Applications that appear harmless but inflict damage or data loss to a system.

    Mobile Spyware

    Surveillance applications that infect mobile devices via SMS or MMS channels, though the most advanced can infect devices without user input.

    State actors and their affiliates use system monitors to track browsing habits, application usage, and keystrokes and capture information from devices’ GPS location data, microphone, and camera. The most advanced system monitor spyware, such as NSO Group’s Pegasus, can infect devices without user input and record conversations from end-to-end encrypted messaging systems.

    Commercial surveillance

    Likelihood: Low to Medium

    Impact: Medium

    Key Risk Scenario #5

    Malicious agents can deploy malware on end-user devices with commercial tools available off the shelf to secretly monitor the digital activity of users. Attacks exploit widespread vulnerabilities in telecommunications protocols. They occur through email and text phishing campaigns, malware embedded in untested applications, and sophisticated zero-click attacks that deliver payloads without requiring user interactions. Attacks target sensitive as well as mundane information. They can be used to track employee activities, investigate criminal activity, or steal credentials, credit card numbers, or other personally identifiable information.

    Threat Actor:

    • State actors
    • State-sponsored affiliates

    Asset:

    • Sensitive data
    • Staff health and safety
    • IT systems

    Effects:

    • Data breaches
    • Loss of data confidentiality
    • Increased risk to staff health and safety
    • Misuse of private data
    • Financial loss

    Methods:

    • Email and text phishing attacks that delivery malware payloads
    • Sideloading untested applications from a third-party source rather than an official retailer
    • Sophisticated zero-click attacks that deliver payloads without requiring user interaction

    Use the Jurisdictional Risk Register and Heatmap Tool

    The tool included with this blueprint can help you draft risk scenarios and risk statements in this section.

    The risk register will capture a list of critical assets and their vulnerabilities, the threats that endanger them, and the adverse effect your organization may face.

    The image includes two screenshots of the jurisdictional risk register and heatmap tool. The image contains a screenshot of the High-Risk Travel Jurisdiction.

    Download the Jurisdictional Risk Register and Heatmap Tool

    2.1.1 Identify assets

    1 – 2 hours

    1. As a group, consider critical or mission-essential functions in high-risk jurisdictions and the systems on which they depend. Brainstorm a list of the organization’s mission-supporting assets in high-risk jurisdictions. Consider:
    • Staff
    • Critical IT systems
    • Sensitive data
    • Critical operational processes
  • On a whiteboard, brainstorm the potential adverse effect of malicious agents in high-risk jurisdictions compromising critical assets. Consider the impact on:
    • Information systems.
    • Sensitive or regulated data.
    • Staff health and safety.
    • Critical operations and objectives.
    • Organizational finances.
    • Reputation and brand loyalty

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Corporate strategy
    • IT strategy
    • Security strategy
    • Business impact analyses
    • A list of the organization’s mission-supporting assets

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • IT leadership
    • System owner
    • Enterprise Risk Management

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    The image contains an example of the activity mentioned in the text above.

    Model threats to narrow the range of scenarios

    Motives and capabilities to perform attacks on critical assets vary across different threat actors.

    Category

    Actions

    Motivation

    Sophistication

    Nation-states

    Cyberespionage, cyberattacks

    Geopolitical

    High. Dedicated resources and personnel, extensive planning and coordination.

    Proxy organizations

    Espionage, destructive attacks

    Geopolitical, Ideological, Profit

    Moderate. Some planning and support functions and technical expertise.

    Cybercrime

    Theft, fraud, extortion

    Profit

    Moderate. Some planning and support functions and technical expertise.

    Hacktivists

    Disrupt operations, attack brands, release sensitive data

    Ideological

    Low. Rely on widely available tools that require little skill to deploy.

    Insiders

    Destruction or release of sensitive data, theft, exposure through negligence

    Incompetence, Discontent

    Internal access. Acting on their own or in concert with any of the above.

    • Criminals, hacktivists, and insiders vary in sophistication. Some criminal groups demonstrate a high degree of sophistication; however, a large cyber event that damages critical infrastructure does not align with their incentives to make money at minimal risk.
    • Proxy actors conduct offensive cyber operations on behalf of a beneficiary. They may be acting on behalf of a competitor, national government, or group of individuals.
    • Nation-states engage in long-term espionage and offensive cyber operations that support geopolitical and strategic policy objectives.

    2.1.2 Identify threats

    1 – 2 hours

    1. Review the outputs from activity 1.1.1 and activity 2.1.1.
    2. Identify threat agents that could undermine the security of critical assets in high-risk jurisdictions. Include internal and external actors.
    3. Assess their motives, means, and opportunities.
    • Which critical assets are most attractive? Why?
    • What paths and vulnerabilities can threat agents exploit to reach critical assets without going through a control?
    • How could they defeat existing controls? Draw on the MITRE framework to inform your analysis.
    • Once agents defeat a control, what further attack can they launch?

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    Inputs for risk scenario identification

    Input

    Output

    • Jurisdictional assessment from activity 1.1.1
    • Critical assets from activity 2.1.1
    • Potential vulnerabilities from:
      • Security control gap analysis
      • Security risk register
    • Threat intelligence
    • MITRE framework
    • A list of critical assets, threat agents, vulnerabilities, and potential attack vectors.

    Materials

    Participants

    • Laptop
    • Projector
    • Whiteboard
    • Security team
    • Infrastructure & Operations team
    • Enterprise Risk Management

    2.1.2 Identify threats (continued)

    1 – 2 hours

    1. On a whiteboard, brainstorm how threat agents will exploit vulnerabilities in critical assets to reach their goal. Redefine attack vectors to capture what could result from a successful initial attack.

    For example:

    • State actors and cybercriminals may steal or compromise end-user devices during travel to high-risk jurisdictions using malware they embed in airport charging stations, internet café networks, or hotel business centers.
    • Compromised devices may infect corporate networks and threaten sensitive data once they reconnect to them.

    Threat

    Exploits an

    Asset

    Using a

    Method

    Creating an

    Effect

    The image contains a screenshot of activity 2.1.2 as described in the text above.

    Bring together the critical risk elements into a single risk scenario

    Summarize the scenario further into a single risk statement

    Risk Scenario: High-Risk Travel

    State actors and cybercriminals can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.

    Risk Statement

    Cybercriminals compromise end-user devices during travel to high-risk jurisdictions, jeopardizing staff safety and leading to loss of sensitive data.

    Risk Scenario: Compliance Risk

    Rapid changes in the privacy and security regulatory landscape threaten an organization’s ability to meet its compliance obligations from local legal and regulatory frameworks. Organizations that fail to do so risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.

    Risk Statement

    Rapid changes in the privacy and security regulations landscape threaten our ability to remain compliant, leading to reputational and financial loss.

    Fill out the Jurisdictional Risk Register and Heatmap Tool

    The tool is populated with data from two key risk scenarios: high-risk travel and compliance risk.

    The image includes two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    1. Label the risk in Tab 3, Column B.
    2. Record your risk scenario in Tab 3, Column C.
    3. Record your risk statement in Tab 3, Column D.
    4. Identify the applicable jurisdictions in Tab 3, Column E.
    5. You can further categorize the scenario as:
      • an enterprise risk (Column G).
      • an IT risk (Column H).

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 2.2

    Assess Risk Exposure

    Activities

    2.2.1 Identify existing controls

    2.2.2 Assess likelihood and impact

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Assess risk exposure for each risk scenario through an analysis of its likelihood and impact.

    Brush up on risk assessment essentials

    The next step will help you prioritize IT risks based on severity.

    Likelihood of Occurrence X Likelihood of Impact = Risk Severity

    Likelihood of occurrence: How likely the risk is to occur.

    Likelihood of impact: The likely impact of a risk event.

    Risk severity: The significance of the risk.

    Evaluate risk severity against the risk tolerance thresholds and the cost of risk response.

    Identify existing controls before you proceed

    Existing controls will reduce the inherent likelihood and impact of the risk scenario you face.

    Existing controls were put in place to avoid, mitigate, or transfer key risks your organization faced in the past. Without considering existing controls, you run the risk of overestimating the likelihood and impact of the risk scenarios your organization faces in high-risk jurisdictions.

    For instance, the ability to remote-wipe corporate-owned devices will reduce the potential impact of a device lost or compromised during travel to high-risk jurisdictions.

    As you complete the risk assessment for each scenario, document existing controls that reduce their inherent likelihood and impact.

    2.2.1 Document existing controls

    6-10 hours

    1. Document the Risk Category and Existing Controls in the Jurisdictional Risk Register and Heatmap Tool.
      • Tactical controls apply to individual risks only. For instance, the ability to remote-wipe devices mitigates the impact of a device lost in a high-risk jurisdiction.
      • Strategic controls apply to multiple risks. For instance, deploying MFA for critical applications mitigates the likelihood that malicious actors can compromise a lost device and impedes their access in devices they do compromise.

    Input

    Output

    • Risk scenarios
    • Existing controls for risk scenarios

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Assess the risk scenarios you identified in Phase 1

    The risk register is the central repository for risks in high-risk jurisdictions.

    • Use the second tab of the Jurisdictional Risk Register and Heatmap Tool to create likelihood, impact, and risk tolerance assessment scales to evaluate every risk event effectively.
    • Severity-level assessment is a “first pass” of your risk scenarios that will reveal your organization’s most severe risks in high-risk jurisdictions.
    • You can incorporate expected cost calculations into your evaluation to assess scenarios in greater detail.
    • Expected cost represents how much you would expect to pay in an average year for each risk event. Expected cost calculations can help compare IT risks to non-IT risks that may not use the same scales and communicate system-level risk to the business in a language they will understand.

    Expected cost calculations may not be practical. Determining robust likelihood and impact values to produce cost estimates can be challenging and time consuming. Use severity-level assessments as a first pass to make the case for risk mitigation measures and take your lead from stakeholders.

    The image contains two screenshots of the Jurisdictional Risk Register and Heatmap Tool.

    Use the Jurisdictional Risk Register and Heatmap Tool to capture and analyze your data.

    2.2.2 Assess likelihood and impact

    6-10 hours

    1. Assign each risk scenario a likelihood of occurrence and a likely impact level that represents the impact of the scenario on the whole organization considering existing controls. Record your results in Tab 3, column R and S, respectively.
    2. You can further dissect likelihood and impact into component parameters but focus first on total likelihood and impact to keep the task manageable.
    3. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy. For instance, is a device lost in a high-risk jurisdiction truly more impactful than a device compromised with commercial surveillance software?
    4. The tool will calculate the probability of risk exposure based on the likelihood and consequence associated with the scenario. The results are published in Tab 3, Column T.

    Input

    Output

    • Risk scenarios
    • Assessed the likelihood of occurrence and impact for all identified risk events

    Materials

    Participants

    • Jurisdictional Risk Register and Heatmap Tool
    • Laptop
    • Projector
    • Security team
    • IT leadership
    • Business stakeholders
    • Enterprise Risk Management

    Download the Jurisdictional Risk Register and Heatmap Tool.

    Refine your risk assessment to justify your estimates

    Document the rationale behind each value and the level of consensus in group discussions.

    Stakeholders will likely ask you to explain some of the numbers you assigned to likelihood and impact assessments. Pointing to an assessment methodology will give your estimates greater credibility.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    The goal is to develop robust intersubjective estimates of the likelihood and impact of a risk scenario.

    We assigned a 50% likelihood rating to a risk scenario. Were we correct?

    Assess the truth of the following statements to test likelihood assessments. In this case, do these two statements seem true?

    • The risk event will likely occur once in the next two years, all things being equal.
    • In two nearly identical organizations, one out of two will experience the risk event this year.
    The image includes a screenshot of the High-Risk Travel Jurisdictions.

    Phase 3

    Execute Response

    This phase will walk you through the following activities:

    • Prioritize and treat global risks to critical assets based on their value and exposure.
    • Build an initiative roadmap that identifies and applies relevant controls to protect critical assets. Identify key risk indicators to monitor progress.

    This phase involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Step 3.1

    Treat Security Risks

    Activities

    3.1.1 Identify and assess risk response

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Analyze and select risk responses

    The next step will help you treat the risk scenarios you built in Phase 2.

    Identify

    Identify risk responses.

    Predict

    Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk.

    Calculate

    The tool will calculate the residual severity of the risk after applying the risk response.

    The first part of the phase outlines project activities. The second part elaborates on high-risk travel and compliance risk, the two key risk scenarios we are following throughout the project. Use the Jurisdictional Risk Register and Heatmap Tool to capture your work.

    Analyze likelihood and impact to identify response

    The image contains a diagram of he risk response analysis. Risk Transfer and Risk Avoidance has the most likelihood, and Risk Acceptance and Risk Mitigation have the most impact. Risk Avoidance has the most likelihood and most impact in regards to risk response.

    3.1.1 Identify and assess risk response

    Complete the following steps for each risk scenario.

    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the scenario were to occur. Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level. This is the same step you performed in Activity 2.2.2, but you are now are estimating the likelihood and impact of the risk event after you implemented the risk response action successfully. The Jurisdictional Risk Register and Heatmap Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Jurisdictional Risk Register and Heatmap Tool .
    4. For each risk event, document risk response actions, residual likelihood and impact levels, and residual risk severity level.

    Input

    Output

    • Risk scenarios from Phase 2
    • Risk scenario mitigation plan

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Download the Jurisdictional Risk Register and Heatmap Tool

    Step 3.2

    Mitigate Travel Risk

    Activities

    3.2.1 Develop a travel policy

    3.2.2 Develop travel procedures

    3.2.3 Design high-risk travel guidelines

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Identify controls to mitigate jurisdictional risk

    This section provides guidance on the most prevalent risk scenarios identified in Phase 2 and provides a more in-depth examination of the two most prevalent ones, high-risk travel and compliance risk. Determine the appropriate response to each risk scenario to keep global risks to critical assets aligned with the organization’s risk tolerance.

    Key Risk Scenarios

    • High-Risk Travel
    • Compliance Risk
    • Insider Threat
    • Advanced Persistent Threat
    • Commercial Surveillance

    Travel risk is a common concern in organizations with global operations

    • The security of staff, devices, and data is one of the biggest challenges facing organizations with a global footprint. Working and traveling in unpredictable environments will aways carry a degree of risk, but organizations can do much to develop a safer and more secure working environment.
    • Compromised or stolen devices can provide threat actors with access to data that could compromise the organization’s strategic, economic, or competitive advantage or expose the organization to regulatory risk.
    • For many organizations, security risk assessments, security plans, travel security procedures, security training, and incident reporting systems are a key part of their operating language.
    • The following section provides a simple structure to help organizations demystify travel in high-risk jurisdictions.

    The image contains a diagram to present high-risk jurisdictions.

    Before you leave

    • Identify high-risk countries.
    • Enable controls.
    • Limit what you pack.

    During your trip

    • Assume you are monitored.
    • Limit access to systems.
    • Prevent theft.

    When you return

    • Change your password.
    • Restore your devices.

    Case study

    Higher Education: Camosun College

    Interview: Evan Garland

    Frame additional security controls as a value-added service.

    Situation

    The director of the international department at Camosun College reached out to IT security for additional support. Department staff often traveled to hostile environments. They were concerned malicious agents would either steal end-user devices or compromise them and access sensitive data. The director asked IT security for options that would better protect traveling staff, their devices, and the information they contain.

    Challenges

    First, controls would need to admit both work and personal use of corporate devices. Staff relied exclusively on work devices for travel to mitigate the risk of personal device theft. Personal use of corporate devices during travel was common. Second, controls needed to strike the right balance between friction and effortless access. Traveling staff had only intermittent access to IT support. Restrictive controls could prevent them from accessing their devices and data altogether.

    Solution

    IT consulted staff to discuss light-touch solutions that would secure devices without introducing too much complexity or compromising functionality. They then planned security controls that involved user interaction and others that did not and identified training requirements.

    Results

    Controls with user interaction

    Controls without user interaction

    • Multifactor authentication for college systems and collaboration platforms
    • Password manager for both work and personal use for staff for stronger passwords and practices
    • Security awareness training to help traveling staff identify potential threats while traveling through airports or accessing public Wi-Fi.
    • Drive encryption and always-on VPN to protect data at rest and in transit
    • Increased setting for phishing and spam filtering for traveling staff email
    • Enhanced anti-malware/endpoint detection and response (EDR) solution for traveling laptops

    Build a program to mitigate travel risks

    There is no one-size-fits-all solution.

    The most effective solution will take advantage of existing risk management policies, processes, and procedures at your organization.

    • Develop a framework. Outline the organization’s approach to high-risk travel, including the policies, procedures, and mechanisms put in place to ensure safe travel to high-risk jurisdictions.
    • Draft a policy. Outline the organization’s risk attitude and key security principles and define roles and responsibilities. Include security responsibilities and obligations in job descriptions of staff members and senior managers.
    • Provide flexible options. Inherent travel risk will vary from one jurisdiction to another. You will likely not find an approach that works for every case. Establish locally relevant measures and plans in different security contexts and risk environments.
    • Look for quick wins. Identify measures or requirements that you can establish quickly but that can have a positive effect on the security of staff, data, and devices.
    • Monitor and review. Undertake periodic reviews of the organization’s security approach and management framework, as well as their implementation, to ensure the framework remains effective.

    3.2.1 Develop a travel policy

    1. Work with your business leaders to build a travel policy for high-risk jurisdictions. The policy should be a short and accessible document structured around four key sections:
      • A statement on the importance of staff security and safety, the scope of the policy, and who it applies to (staff, consultants, contractors, volunteers, visitors, accompanying dependants, etc.).
      • A principles section explaining the organization’s security culture, risk attitude, and the key principles that shape the organization’s approach to staff security and safety.
      • A responsibilities section setting out the organization’s security risk management structure and the roles and actions allocated to specific positions.
      • A minimal security requirements section establishing the specific security requirements that must be in place in all locations and specific locations.
    2. Common security principles include:
    • Shared responsibility – Managing risks to staff is a shared organizational responsibility.
    • Acknowledgment of risk – Managing security will not remove all risks. Staff need to appreciate, as part of their informed consent, that they are still exposed to risk.
    • Primacy of life – Staff safety is of the highest importance. Staff should never place themselves at excessive risk to meet program objectives or protect property.
    • Proportionate risk – Risks must be assessed to ensure they are proportionate to the benefits organizational activities provide and the ability to manage those risks.
    • Right to withdraw – Staff have the right to withdraw from or refuse to take up work in a particular area due to security concerns.
    • No right to remain – The organization has the right to suspend activities that it considers too dangerous.
  • Cross-reference the organization’s other governing policies that outline requirements related to security risk management, such as the health and safety policy, access control policy, and acceptable use of security assets.
  • Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • Data inventory and data flows
    • Travel policy for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Develop security plans for high-risk travel

    Security plans advise staff on how to manage the risk identified in assessments.

    Security plans are key country documents that outline the security measures and procedures in place and the responsibilities and resources required to implement them. Security plans should be established in high-risk jurisdictions where your organization has a regular, significant presence. Security plans must remain relevant and accessible documents that address the specific risks that exist in that location, and, if appropriate, are specific about where the measures apply and who they apply to. Plans should be updated regularly, especially following significant incidents or changes in the operating environment or activities.

    Key Components

    Critical information – One-page summary of pertinent information for easy access and quick reference (e.g. curfew times, no-go areas, important contacts).

    Overview – Purpose and scope of the document, responsibilities for security plan, organization’s risk attitude, date of completion and review date, and a summary of the security strategy and policy.

    Current Context – Summary of current operating context and overall security situation; main risks to staff, assets, and operations; and existing threats and risk rating.

    Procedures – Simple security procedures that staff should adhere to in order to prevent incidents and how to respond should problems arise. Standard operating procedures (SOPs) should address key risks identified in the assessment.

    Security levels – The organization's security levels/phases, with situational indicators that reflect increasing risks to staff in that context and location and specific actions/measures required in response to increasing insecurity.

    Incident reporting – The procedures and responsibilities for reporting security-related incidents; for example, the type of incidents to be reported, the reporting structure, and the format for incident reporting.

    Determine travel risk

    Tailor your risk response to the security risk assessment you conducted in earlier stages of this project.

    Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.

    Rating

    Description (Examples)

    Recommended Action

    Low

    Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable.

    Basic personal security, travel, and health precautions required.

    Moderate

    Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics.

    Increased vigilance and routine security procedures required.

    High

    Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high and targeting of foreigners is common. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing a natural disaster or a disease epidemic are considered high risk.

    High level of vigilance and effective, context-specific security precautions required.

    Extreme

    Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Civil authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to significant parts of the country. Transportation and communication services are severely degraded or non-existent. Violence presents a direct threat to staff security.

    Stringent security precautions essential and may not be sufficient to prevent serious incidents.

    Program activities may be suspended and staff withdrawn at very short notice.

    3.2.2 Develop travel procedures

    1. Work with your business leaders to build travel procedures for high-risk jurisdictions. The procedures should be tailored to the risk assessment and address the risk scenarios identified in Phase 2.
    2. Use the categories outlined in the next two slides to structure the procedure. Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip.
    3. Consider the implementation of special measures to limit the impact of a potential security event, including:
      • Information end-user device loaner programs.
      • Temporary travel service email accounts.
    4. Specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.
    5. Discuss the rationale for each procedure. Ensure the components align with the policy statements outlined in the high-risk travel policy developed in the previous step.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • Travel procedures for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Draft procedures to mitigate travel risks

    Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip

    Introduction

    Clarifies who the procedures apply to. Highlights any differences in travel security requirements or support provided to staff, consultants, partners, and official visitors.

    Travel risk ratings

    Explains the travel or country risk rating system, how staff access the information, the different categories and indicators, and their implications.

    Roles and responsibilities

    Clarifies the responsibilities of travelers, their line managers or contact points, and senior management regarding travel security and how this changes for destinations with higher risk ratings.

    Travel authorization

    Stipulates who in the organization authorizes travel, the various compliance measures required, and how this changes for destinations with higher risk ratings.

    Travel risk assessment

    Explains when travel risk assessments are required, the template that should be used, and who approves the completed assessments.

    Travel security procedures should specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.

    Pre-travel briefings

    Outlines the information that must be provided to travelers prior to departure, the type of briefing required and who provides it, and how these requirements change as risk ratings increase.

    Security training

    Explain security training required prior to travel. This may vary depending on the country’s risk rating. Includes information on training waiver system, including justifications and authorization.

    Traveler profile forms

    Travelers should complete a profile form, which includes personal details, emergency contacts, medical details, social media footprint, and proof-of-life questions (in contexts where there are abduction risks).

    Check-in protocol

    Specifies who travelers must maintain contact with while traveling and how often, as well as the escalation process in case of loss of contact. The frequency of check-ins should reflect the increase in the risk rating for the destination.

    Emergency procedures

    Outlines the organization's emergency procedures for security and medical emergencies.

    3.2.3 Design high-risk travel guidelines

    • Supplement the high-risk travel policies and procedures with guidelines to help international travelers stay safe.
    • The document is intended for an end-user audience and should reflect your organization’s policies and procedures for the use of information and information systems during international travel.
    • Use the Digital Safety Guidelines for International Travel template in concert with this blueprint to provide guidance on what end users can do to stay safe before they leave, during their trip, and when they return.
    • Consider integrating the guidelines into specialized security awareness training sessions that target end users who travel to high-risk jurisdictions.
    • The guidelines should supplement and align with existing technical controls.

    Input

    Output

    • List of high-risk jurisdictions
    • Risk scenarios from Phase 2
    • High-risk travel policy
    • High-risk travel procedure
    • Travel guidelines for high-risk jurisdictions

    Materials

    Participants

    • Whiteboard/flip charts
    • Jurisdictional Risk Register and Heatmap Tool
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Digital Safety Guidelines for International Travel template

    Step 3.3

    Mitigate Compliance Risk

    Activities

    3.3.1 Identify data localization obligations

    3.3.2 Integrate obligations into IT system design

    3.3.3 Document data processing activities

    3.3.4 Choose the right mechanism

    3.3.5 Implement the appropriate controls

    3.3.6 Identify data breach notification obligations

    3.3.7 Integrate data breach notification into incident response

    3.3.8 Identify vendor security and data protection requirements

    3.3.9 Build due diligence questionnaire

    3.3.10 Build appropriate data processing agreement

    This step involves the following participants:

    • Security team
    • Risk and Compliance
    • IT leadership (optional)

    Outcomes of this step

    • Prioritize and treat global risks to critical assets based on their value and exposure.

    Compliance risk is a prevalent risk in organizations with a global footprint

    • The legal and regulatory landscape is evolving rapidly to keep step with the pace of technological change. Security and privacy leaders are expected to mitigate the risk of noncompliance as the organization expands to new jurisdictions.
    • Organizations with a global footprint must stay abreast of local regulations and provide risk management guidance to business leaders to support global operations.
    • This sections describes four compliance risks in this context:
      • Cross-border data transfer
      • Third-party risk management
      • Data breach notification
      • Data residency

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Data Residency

    Gap Controls

    • Identify and document the data localization obligations for the jurisdictions that the organization is operating in.
    • Design and implement IT systems that satisfy the data localization requirements.
    • Comply with data localization obligations within each jurisdiction.

    Heatmap of Global Data Residency Regulations

    The image contains a screenshot of a picture of a world map with various shades of blue to demonstrate the heatmap of global data residency regulations.
    Source: InCountry, 2021

    Examples of Data Residency Requirements

    Country

    Data Type

    Local Storage Requirements

    Australia

    Personal data – heath record

    My Health Records Act 2012

    China

    Personal information — critical information infrastructure operators

    Cybersecurity law

    Government cloud data

    Opinions of the Office of the Central Leading Group for Cyberspace Affairs on Strengthening Cybersecurity Administration of Cloud Computing Services for Communist Party and Government Agencies

    India

    Government email data

    The Public Records Act of 1993

    Indonesia

    Data held by electronic system operator for the public service

    Regulation 82 concerning “Electronic System and Transaction Operation”

    Germany

    Government cloud service data

    Criteria for the procurement and use of cloud services by the federal German administration

    Russia

    Personal data

    The amendments of Data Protection Act No. 152 FZ

    Vietnam

    Data held by internet service providers

    The Decree on Management, Provision, and Use of Internet Services and Information Content Online (Decree 72)

    US

    Government cloud service data

    Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

    3.3.1 Identify data localization obligations

    1-2 hours

    1. Work with your business leaders to identify and document the jurisdictions where your organization is operating in or providing services and products to consumers within.
    2. Work with your legal team to identify and document all relevant data localization obligations for the data your organization generates, collects, and processes in order to operate your business.
    3. Record your data localization obligations in the table below.

    Jurisdiction

    Relevant Regulations

    Local Storage Requirements

    Date Type

    Input

    Output

    • List of jurisdictions your organization is operating in
    • Relevant security and data protection regulations
    • Data inventory and data flows
    • Completed list of data localization obligations

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.2 Integrate obligations into your IT system design

    1-2 hours

    1. Work with your IT department to design the IT architecture and systems to satisfy the data localization requirements.
    2. The table below provides a checklist for integrating privacy considerations into your IT systems.

    Item

    Consideration

    Answer

    Supporting Document

    1

    Have you identified business services that process data that will be subject to localization requirements?

    2

    Have you identified IT systems associated with the business services mentioned above?

    3

    Have you established a data inventory (i.e. data types, business purposes) for the IT systems mentioned above?

    4

    Have you established a data flow diagram for the data identified above?

    5

    Have you identified the types of data that should be stored locally?

    6

    Have you confirmed whether a copy of the data locally stored will satisfy the obligations?

    7

    Have you confirmed whether an IT redesign is needed or whether modifications (e.g. adding a server) to the IT systems would satisfy the obligations?

    8

    Have you confirmed whether access from another jurisdiction is allowed?

    9

    Have you identified how long the data should be stored?

    Input

    Output

    • Data localization obligations
    • Business services that process data that will be subject to localization requirements
    • IT systems associated with business services
    • Data inventory and data flows
    • Completed checklist of localization obligations for IT system design

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: Medium to High

    Impact: High

    Cross-Border Transfer

    Gap Controls

    • Know where you transfer your data.
    • Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data.
    • Adopt and implement a proper cross-border data transfer mechanism in accordance with applicable privacy laws and regulations.
    • Re-evaluate at appropriate intervals.

    Which cross-border transfer mechanism should I choose?

    Transfer Mechanism

    Advantages

    Disadvantages

    Standard Contractual Clauses (SCC)

    • Easy to implement
    • No DPA (data processing agreement) approval
    • Not suitable for complex data transfers
    • Do not meet business agility
    • Needs legal solution

    Binding Corporate Rules (BCRs)

    • Meets business agility needs
    • Raises trust in the organization
    • Doubles as solution for art. 24/25 of the GDPR
    • Sets high compliance maturity level
    • Takes time to draft/implement
    • Requires DPA approval (scrutiny)
    • Requires culture of compliance
    • Approved by one "lead" authority and two other "co-lead“ authorities
    • Takes usually between six and nine months for the approval process only

    Code of Conduct

    • Raises trust in the sector
    • Self-regulation instead of law
    • No code of conduct approved yet
    • Takes time to draft/implement
    • Requires DPA approval and culture of compliance
    • Needs of organization may not be met

    Certification

    • Raises trust in the organization
    • No certification schemes available yet
    • Risk of compliance at minimum necessary
    • Requires audits

    Consent

    • Legal certainty
    • Transparent
    • Administrative burden
    • Some data subjects are incapable of consenting all or nothing

    3.3.3 Document data processing activities

    1-2 hours

    1. Identify and document the following information:
      • Name of business process
      • Purposes of processing
      • Lawful basis
      • Categories of data subjects and personal data
      • Data subject categories
      • Which system the data resides in
      • Recipient categories
      • Third country/international organization
      • Documents for appropriate safeguards for international transfer (adequacy, SCCs, BCRs, etc.)
      • Description of mitigating measures

    Input

    Output

    • Name of business process
    • Categories of personal data
    • Which system the data resides
    • Third country/international organization
    • Documents for appropriate safeguards for international transfer
    • Completed list of data processing activities

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.4 Choose the right mechanism

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different requirements for the cross-border transfer of personal data. For example, the EU’s GDPR and China’s Personal Information Protection Law require proper cross-border transfer mechanisms before the data transfers. Your organization should decide which cross-border transfer mechanism is the best fit for your cross-border data transfer scenarios.
    2. Use the following table to identify and document the pros and cons of each data transfer mechanism and the final decision.

    Data Transfer Mechanism

    Pros

    Cons

    Final Decision

    SCC

    BCR

    Code of Conduct

    Certification

    Consent

    Input

    Output

    • List of relevant data transfer mechanisms
    • Assessment of the pros and cons of each mechanism
    • Final decision regarding which data transfer mechanism is the best fit for your organization

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Privacy team
    • Security team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.5 Implement the appropriate controls

    1-3 hours

    • One of the most common mechanisms is standard contractual clauses (SCCs).
    • Use Info-Tech’s Standard Contractual Clauses Template to facilitate your cross-border transfer activities.
    • Identify and check whether the following core components are covered in your SCC and record the results in the table below.
    # Core Components Status Note
    1 Purpose and scope
    2 Effect and invariability of the Clauses
    3 Description of the transfer(s)
    4 Data protection safeguards
    5 Purpose limitation
    6 Transparency
    7 Accuracy and data minimization
    8 Duration of processing and erasure or return of data
    9 Storage limitation
    10 Security of processing
    11 Sensitive data
    12 Onward transfers
    13 Processing under the authority of the data importer
    14 Documentation and compliance
    15 Use of subprocessors
    16 Data subject rights
    17 Redress
    18 Liability
    19 Local laws and practices affecting compliance with the Clauses
    20 Noncompliance with the Clauses and termination
    21 Description of data processing activities, such as list of parties, description of transfer, etc.
    22 Technical and organizational measures
    InputOutput
    • Description of the transfer(s)
    • Duration of processing and erasure or return of data
    • Onward transfers
    • Use of subprocessors
    • Etc.
    • Draft of the standard contractual clauses (SCC)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Data Breach

    Gap Controls

    • Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    • Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    • Integrate breach notification obligations into security incident response process.

    Examples of Data Breach Notification Obligations

    Location

    Regulation/ Standard

    Reporting Obligation

    EU

    GDPR

    72 hours

    China

    PIPL

    Immediately

    US

    HIPAA

    No later than 60 days

    Canada

    PIPEDA

    As soon as feasible

    Global

    PCI DSS

    • Visa – immediately after breach discovered
    • Mastercard – within 24 hours of discovering breach
    • American Express – immediately after breach discovered

    Summary of US State Data Breach Notification Statutes

    The image contains a graph to show the summary of the US State Data Breach Notification Statutes.

    Source: Davis Wright Tremaine

    3.3.6 Identify data breach notification obligations

    1-2 hours

    1. Identify jurisdictions that your organization is operating in and that impose different obligations for data breach reporting.
    2. Document the notification obligations for various business scenarios, such as controller to DPA, controller to data subject, and processor to controller.
    3. Record your data breach obligations in the table below.
    Region Regulation/Standard Reporting Obligation

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of data breach reporting obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.7 Integrate data breach notification into incident response

    1-2 hours

    • Integrate breach notification obligations into the security incident response process. Understand the security incident management framework.
    • All incident runbooks follow the same process: detection, analysis, containment, eradication, recovery, and post-incident activity.
    • The table below provides a basic checklist for you to consider when implementing your data breach and incident handling process.
    # Phase Considerations Status Notes
    1 Prepare Ensure the appropriate resources are available to best handle an incident.
    2 Detect Leverage monitoring controls to actively detect threats.
    3 Analyze Distill real events from false positives.
    4 Contain Isolate the threat before it can cause additional damage.
    5 Eradicate Eliminate the threat from your operating environment.
    6 Recover Restore impacted systems to a normal state of operations.
    7 Report Report data breaches to relevant regulators and data subjects if required.
    8 Post-Incident Activities Conduct a lessons-learned post-mortem analysis.
    InputOutput
    • Security and data protection incident response steps
    • Key considerations for integrating data breach notifications into incident response
    • Data breach notifications integrated into the incident response process
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Security team
    • Privacy team
    • Legal team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Compliance with local obligations

    Likelihood: High

    Impact: Medium to High

    Third-Party Risk

    Gap Controls

    • Build an end-to-end third-party security and privacy risk management process.
    • Perform internal due diligence prior to selecting a service provider.
    • Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.

    End-to-End Third-Party Security and Privacy Risk Management

    1. Pre-Contract
    • Due diligence check
  • Signing of Contract
    • Data processing agreement
  • Post-Contract
    • Continuous monitoring
    • Regular check or audit
  • Termination of Contract
    • Data deletion
    • Access deprovisioning

    Examples of Vendor Security Management Requirements

    Region

    Law/Standard

    Section

    EU

    General Data Protection Regulation (GDPR)

    Article 28 (1)

    Article 46 (1)

    US

    Health Insurance Portability and Accountability Act (HIPAA)

    §164.308(b)(1)

    US

    New York Department of Financial Services Cybersecurity Requirements

    500.11(a)

    Global

    ISO 27002:2013

    15.1.1

    15.1.2

    15.1.3

    15.2.1

    15.2.2

    US

    NIST 800-53

    SA-12

    SA-12 (2)

    US

    NIST Cybersecurity Framework

    ID-SC-1

    ID-SC-2

    ID-SC-3

    ID-SC-4

    Canada

    OSFI Cybersecurity Guidelines

    4.25

    4.26

    3.3.8 Identify vendor security and data protection requirements

    1-2 hours

    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic reassessments.
    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Identify and document your vendor security and data protection requirements in the table below.
    Region Law/Standard Section Requirements

    Input

    Output

    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Documentation of vendor security and data protection obligations in applicable jurisdictions

    Materials

    Participants

    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.9 Build due diligence questionnaire

    1-2 hours

    Perform internal due diligence prior to selecting a service provider.

    1. Build and right-size your vendor security questionnaire by leveraging Info-Tech’s Vendor Security Questionnaire template.
    2. Document your vendor security questionnaire in the table below.
    # Question Vendor Request Vendor Comments
    1 Document Requests
    2 Asset Management
    3 Governance
    4 Supply Chain Risk Management
    5 Identify Management, Authentication, and Access Control
    InputOutput
    • List of regions and jurisdictions your business is operating in
    • List of relevant regulations and standards
    • Business security and data protection requirements and expectations
    • Draft of due diligence questionnaire
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    3.3.10 Build appropriate data processing agreement

    1-2 hours

    1. Stipulate the security and privacy protection obligations of the third party in a legally binding document such as contract or data processing agreement, etc.
    2. Leverage Info-Tech’s Data Processing Agreement Template to put the language into your legally binding document.
    3. Use the table below to check whether core components of a typical DPA are covered in your document.
    # Core Components Status Note
    1 Processing of personal data
    2 Scope of application and responsibilities
    3 Processor's obligations
    4

    Controller's obligations

    5 Data subject requests
    6 Right to audit and inspection
    7 Subprocessing
    8 Data breach management
    9 Security controls
    10 Transfer of personal data
    11 Duty of confidentiality
    12 Compliance with applicable laws
    13 Service termination
    14 Liability and damages
    InputOutput
    • Processing of personal data
    • Processor’s obligations
    • Controller’s obligations
    • Subprocessing
    • Etc.
    • Draft of data processing agreement (DPA)
    MaterialsParticipants
    • Guidelines for Compliance With Local Security and Privacy Laws Template
    • Legal team
    • Privacy team
    • Security team
    • IT leadership
    • Risk Management

    Download the Guidelines for Compliance With Local Security and Privacy Laws Template

    Summary of Accomplishment

    Problem Solved

    By following Info-Tech’s methodology for securing global operations, you have:

    • Evaluated the security context of your organization’s global operations.
    • Identified security risks scenarios unique to high-risk jurisdictions and assessed the exposure of critical assets.
    • Planned and executed a response.

    You have gone through a deeper analysis of two key risk scenarios that affect global operations:

    • Travel to high-risk jurisdictions.
    • Compliance risk.

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.

    workshop@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    The image contains a picture of Michel Hebert.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    The image contains a screenshot of High-Risk Travel Jurisdictions.

    Identify High-Risk Jurisdictions

    Develop requirements to identify high-risk jurisdictions.

    The image contains a screenshot of Build Risk Scenarios.

    Build Risk Scenarios

    Build risk scenarios to capture assets, vulnerabilities, threats, and the potential effect of a compromise.

    External Research Contributors

    Ken Muir

    CISO

    LMC Security

    Premchand Kurup

    CEO

    Paramount Computer Systems

    Preeti Dhawan

    Manager, Security Governance

    Payments Canada

    Scott Wiggins

    Information Risk and Governance

    CDPHP

    Fritz Y. Jean Louis

    CISO

    Globe and Mail

    Eric Gervais

    CIO

    Ovivo Water

    David Morrish

    CEO

    MBS Techservices

    Evan Garland

    Manager, IT Security

    Camosun College

    Jacopo Fumagalli

    CISO

    Axpo

    Dennis Leon

    Governance and Security Manager

    CPA Canada

    Tero Lehtinen

    CIO

    Planmeca Oy

    Related Info-Tech Research

    Build an IT Risk Management Program

    • Build a program to identify, evaluate, assess, and treat IT risks.
    • Monitor and communicate risks effectively to support business decision making.

    Combine Security Risk Management Components Into One Program

    • Develop a program focused on assessing and managing information system risks.
    • Build a governance structure that integrates security risks within the organization’s broader approach to risk management.

    Build an Information Security Strategy

    • Build a holistic, risk-aware strategy that aligns to business goals.
    • Develop a roadmap of prioritized initiatives to implement the strategy over 18 to 36 months.

    Bibliography

    2022 Cost of Insider Threats Global Report.” Ponemon Institute, NOVIPRO, 9 Feb. 2022. Accessed 25 May 22.

    “Allianz Risk Barometer 2022.” Allianz Global Corporate & Specialty, Jan. 2022. Accessed 25 May 22.

    Bickley, Shaun. “Security Risk Management: a basic guide for smaller NGOs”. European Interagency Security Forum (EISF), 2017. Web.

    “Biden Administration Warns against spyware targeting dissidents.” New York Times, 7 Jan 22. Accessed 20 Jan 2022.

    Boehm, Jim, et al. “The risk-based approach to cybersecurity.” McKinsey & Company, October 2019. Web.

    “Cost of a Data Breach Report 2021.” IBM Security, July 2021. Web.

    “Cyber Risk in Asia-Pacific: The Case for Greater Transparency.” Marsh & McLennan Companies, 2017. Web.

    “Cyber Risk Index.” NordVPN, 2020. Accessed 25 May 22

    Dawson, Maurice. “Applying a holistic cybersecurity framework for global IT organizations.” Business Information Review, vol. 35, no. 2, 2018, pp. 60-67.

    “Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 16 Apr 2018. Web.

    “Global Cybersecurity Index 2020.” International Telecommunication Union (ITU), 2021. Accessed 25 May 22.

    “Global Risk Survey 2022.” Control Risks, 2022. Accessed 25 May 22.

    “International Travel Guidance for Government Mobile Devices.” Federal Mobility Group (FMG), Aug. 2021. Accessed 18 Nov 2021.

    Kaffenberger, Lincoln, and Emanuel Kopp. “Cyber Risk Scenarios, the Financial System, and Systemic Risk Assessment.” Carnegie Endowment for International Peace, September 2019. Accessed 11 Jan 2022.

    Koehler, Thomas R. Understanding Cyber Risk. Routledge, 2018.

    Owens, Brian. “Cybersecurity for the travelling scientist.” Nature, vol. 548, 3 Aug 2017. Accessed 19 Jan. 2022.

    Parsons, Fintan J., et al. “Cybersecurity risks and recommendations for international travellers.” Journal of Travel Medicine, vol. 1, no. 4, 2021. Accessed 19 Jan 2022.

    Quinn, Stephen, et al. “Identifying and estimating cybersecurity risk for enterprise risk management.” National Institute of Standards and Technology (NIST), Interagency or Internal Report (IR) 8286A, Nov. 2021.

    Quinn, Stephen, et al. “Prioritizing cybersecurity risk for enterprise risk management.” NIST, IR 8286B, Sept. 2021.

    “Remaining cyber safe while travelling security recommendations.” Government of Canada, 27 April 2022. Accessed 31 Jan 2022.

    Stine, Kevin, et al. “Integrating cybersecurity and enterprise risk management.” NIST, IR 8286, Oct. 2020.

    Tammineedi, Rama. “Integrating KRIs and KPIs for effective technology risk management.” ISACA Journal, vol. 4, 1 July 2018.

    Tikk, Eneken, and Mika Kerttunen, editors. Routledge Handbook of International Cybersecurity. Routledge, 2020.

    Voo, Julia, et al. “National Cyber Power Index 2020.” Belfer Center for Science and International Affairs, Harvard Kennedy School, Sept. 2020. Web.

    Zhang, Fang. “Navigating cybersecurity risks in international trade.” Harvard Business Review, Dec 2021. Accessed 31 Jan 22.

    Appendix

    Insider Threat

    Key Risk Scenario

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a picture of the Gap Controls. The controls include: Policy and Awareness, Identification, Monitoring and Visibility, which leads to Cooperation.

    • Identification: Effective and efficient management of insider threats begins with a threat and risk assessment to establish which assets and which employees to consider, especially in jurisdictions associated with sensitive or critical data. You need to pay extra attention to employees who are working in satellite offices in jurisdictions with loose security and privacy laws.
    • Monitoring and Visibility: Organizations should monitor critical assets and groups with privileged access to defend against malicious behavior. Implement an insider threat management platform that provides your organization with the visibility and context into data movement, especially cross-border transfers that might cause security and privacy breaches.
    • Policy and Awareness Training: Insider threats will persist without appropriate action and culture change. Training and consistent communication of best practices will mitigate vulnerabilities to accidental or negligent attacks. Customized training materials using local languages and role-based case studies might be needed for employees in high-risk jurisdictions.
    • Cooperation: An effective insider threat management program should be built with cross-team functions such as Security, IT, Compliance and Legal, etc.

    For more holistic approach, you can leverage our Reduce and Manage Your Organization’s Insider Threat Risk blueprint.

    Info-Tech Insight

    You can’t just throw tools at a human problem. While organizations should monitor critical assets and groups with privileged access to defend against malicious behavior, good management and supervision can help detect attacks and prevent them from happening in the first place.

    Insider threats are not industry specific, but malicious insiders are

    Industry

    Actors

    Risks

    Tactics

    Motives

    State and Local Government

    • Full-time employees
    • Current employees
    • Privileged access to personally identifiable information, financial assets, and physical property
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Recognition
    • Benefiting foreign entity

    Information Technology

    • Equal mix of former and current employees
    • Privileged access to networks or systems as well as data
    • Highly technical attacks
    • Received or transferred fraudulent funds
    • Revenge
    • Financial gain

    Healthcare

    • Majority were full-time and current employees
    • Privileged access to customer data with personally identifiable information, financial assets
    • Abuse of privileged access
    • Received or transferred fraudulent funds
    • Financial gain
    • Entitlement

    Finance and Insurance

    • Majority were full-time and current employees
    • Authorized users
    • Electronic financial assets
    • Privileged access to customer data
    • Created or used fraudulent accounts
    • Fraudulent purchases
    • Identity theft
    • Financial gain
    • Gambling addiction
    • Family pressures
    • Multiple motivations

    Source: Carnegie Mellon University Software Engineering Institute, 2019

    Advanced Persistent Threat

    Key Risk Scenario #4

    Likelihood: Medium to High

    Impact: High

    Gap Controls

    The image contains a screenshot of the Gap Controls listed: Prevent, Detect, Analyze, Respond.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Effective anti-malware, diligent patching and vulnerability management, and strong human-centric security are essential.

    Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.

    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape.

    Respond: Organizations can’t rely on ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Best practices moving forward

    Defense in Depth

    Lock down your organization. Among other tactics, control administrative privileges, leverage threat intelligence, use IP whitelisting, adopt endpoint protection and two-factor authentication, and formalize incident response measures.

    Block Indicators

    Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives. Actively block indicators and act upon gathered intelligence.

    Drive Adoption

    Create organizational situational awareness around security initiatives to drive adoption of foundational security measures: network hardening, threat intelligence, red-teaming exercises, and zero-day mitigation, policies, and procedures.

    Supply Chain Security

    Security extends beyond your organization. Ensure your organization has a comprehensive view of your organizational threat landscape and a clear understanding of the security posture of any managed service providers in your supply chain.

    Awareness and Training

    Conduct security awareness and training. Teach end users how to recognize current cyberattacks before they fall victim – this is a mandatory first line of defense.

    Additional Resources

    Follow only official sources of information to help you assess risk

    The image contains an image highlighting a few additional resources.

    As misinformation is a major attack vector for malicious actors, follow only reliable sources for cyberalerts and actionable intelligence. Aggregate information from these reliable sources.

    Federal Cyber Agency Alerts

    Informational Resources

    Info-Tech Insight

    The CISA Shields Up site provides the latest cyber risk updates on the Russia-Ukraine conflict and should provide the most value in staying informed.

    Create a Buyer Persona and Journey

    • Buy Link or Shortcode: {j2store}558|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers' emails go unopened and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Our Advice

    Critical Insight

    • Marketing leaders in possession of well-researched and up-to-date buyer personas and journeys dramatically improve product market fit, lead gen, and sales results.
    • Success starts with product, marketing, and sales alignment on targeted personas.
    • Speed to deploy is enabled via initial buyer persona attribute discovery internally.
    • However, ultimate success requires buyer interviews, especially for the buyer journey.
    • Leading marketers update journey maps every six months as disruptive events such as COVID-19 and new media and tech platform advancements require continual innovation.

    Impact and Result

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Create a Buyer Persona and Journey Research & Tools

    Start here – read the Executive Brief

    Our Executive Brief summarizes the challenges faced when buyer persona and journeys are ill-defined. It describes the attributes of, and the benefits that accrue from, a well-defined persona and journey and the key steps to take to achieve success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive an aligned initial draft of buyer persona

    Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    2. Interview buyers and validate persona and journey

    Hold initial buyer interviews, test initial results, and continue with interviews.

    3. Prepare communications and educate stakeholders

    Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.

    • Buyer Persona and Journey Summary Template
    [infographic]

    Workshop: Create a Buyer Persona and Journey

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Align Team, Identify Persona, and Document Current Knowledge

    The Purpose

    Organize, drive alignment on target persona, and capture initial views.

    Key Benefits Achieved

    Steering committee and project team roles and responsibilities clarified.

    Product, marketing, and sales aligned on target persona.

    Build initial team understanding of persona.

    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    Outputs

    Documented steering committee and working team

    Executive Brief on personas and journey

    Personas and initial targets

    Documented team knowledge

    2 Validate Initial Work and Identify Buyer Interviewees

    The Purpose

    Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.

    Key Benefits Achieved

    Interview efficiently using 75-question interview guide.

    Gain analyst help in persona validation, reducing workload.

    Activities

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    Outputs

    Analyst-validated initial findings

    Target interviewee types

    3 Schedule and Hold Buyer Interviews

    The Purpose

    Validate current persona hypothesis and flush out those attributes only derived from interviews.

    Key Benefits Achieved

    Get to a critical mass of persona and journey understanding quickly.

    Activities

    3.1 Identify actual list of 15-20 interviewees.

    3.2 Hold interviews and use interview guides over the course of weeks.

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    Outputs

    List of interviewees; calls scheduled

    Initial review – “are you going in the right direction?”

    Completed interviews

    4 Summarize Findings and Provide Actionable Guidance to Colleagues

    The Purpose

    Summarize persona and journey attributes and provide activation guidance to team.

    Key Benefits Achieved

    Understanding of product market fit requirements, messaging, and marketing, and sales asset content.

    Activities

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/executives and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    Outputs

    Complete findings

    Action items for team members

    Plan for activation

    5 Measure Impact and Results

    The Purpose

    Measure results, adjust, and improve.

    Key Benefits Achieved

    Activation of outcomes; measured results.

    Activities

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    5.3 Reconvene team to review results.

    Outputs

    Activation review

    List of suggested next steps

    Further reading

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    B2B marketers without documented personas and journeys often experience the following:

    • Contacts fail to convert to leads because messaging fails to resonate with buyers.
    • Products fail to reach targets given shallow understanding of buyer needs.
    • Sellers’ emails go unopened, and attempts at discovery fail due to no understanding of buyer challenges, pain points, and needs.

    Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.

    Common Obstacles

    Despite being critical elements, organizations struggle to build personas due to:

    • A lack of alignment and collaboration among marketing, product, and sales.
    • An internal focus; or a lack of true customer centricity.
    • A lack of tools and techniques for building personas and buyer journeys.

    In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.

    SoftwareReviews’ Approach

    With a common framework and target output, clients will:

    • Align marketing, sales, and product, and collaborate together to share current knowledge on buyer personas and journeys.
    • Target 12-15 customers and prospects to interview and validate insights. Share that with customer-facing staff.
    • Activate the insights for more customer-centric lead generation, product development, and selling.

    Clients who activate findings from buyer personas and journeys will see a 50% results improvement.

    SoftwareReviews Insight:
    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Buyer personas and journeys: A go-to-market critical success factor

    Marketers – large and small – will fail to optimize product-market fit, lead generation, and sales effectiveness without well-defined buyer personas and a buyer journey.

    Critical Success Factors of a Successful G2M Strategy:

    • Opportunity size and business case
    • Buyer personas and journey
    • Competitively differentiated product hypothesis
    • Buyer-validated commercial concept
    • Sales revenue plan and program cost budget
    • Consolidated communications to steering committee

    Jeff Golterman, Managing Director, SoftwareReviews Advisory

    “44% of B2B marketers have already discovered the power of Personas.”
    – Hasse Jansen, Boardview.io!, 2016

    Documenting buyer personas enables success beyond marketing

    Documenting buyer personas has several essential benefits to marketing, sales, and product teams:

    • Achieve a better understanding of your target buyer – by building a detailed buyer persona for each type of buyer and keeping it fresh, you take a giant step toward becoming a customer-centric organization.
    • Team alignment on a common definition – will happen when you build buyer personas collaboratively and among those teams that touch the customer.
    • Improved lead generation – increases dramatically when messaging and marketing assets across your lead generation engine better resonate with buyers because you have taken the time to understand them deeply.
    • More effective selling – is possible when sellers apply persona development output to their interactions with prospects and customers.
    • Better product-market fit – increases when product teams more deeply understand for whom they are designing products. Documenting buyer challenges, pain points, and unmet needs gives product teams what they need to optimize product adoption.

    “It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
    – Emma Bilardi, Product Marketing Alliance, 2020

    Buyer understanding activates just about everything

    Without the deep buyer insights that persona and journey capture enables, marketers are suboptimized.

    Buyer Persona and Journey

    • Product design
    • Customer targeting
    • Personalization
    • Messaging
    • Content marketing
    • Lead gen & scoring
    • Sales Effectiveness
    • Customer retention

    “Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
    – Plexure, 2020

    Does your organization need buyer persona and journey updating?

    “Yes,” if experiencing one or more key challenges:

    • Sales time is wasted on unqualified leads
    • Website abandon rates are high
    • Lead gen engine click-through rates are low
    • Ideal customer profile is ill defined
    • Marketing asset downloads are low
    • Seller discovery with prospects is ineffective
    • Sales win/loss rates drop due to poor product-market fit
    • Higher than desired customer churn

    SoftwareReviews Advisory Insight:
    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Outcomes and benefits

    Building your buyer persona and journey using our methodology will enable:

    • Greater stakeholder alignment – when marketing, product, and sales agree on personas, less time is wasted on targeting alternate personas.
    • Improved product-market fit – when buyers see both pain-relieving features and value-based pricing, “because you asked vs. guessed,” win rates increase.
    • Greater open and click-through rates – because you understood buyer pain points and motivations for solution seeking, you’ll see higher visits and engagement with your lead gen engine, and because you asked “what asset types do you find most helpful” your CTAs become ”lead-gen magnets” because you’ve offered the right asset types in your content marketing strategy.
    • More qualified leads – because you defined a more accurate ideal customer profile (ICP) and your lead scoring algorithm has improved, sellers see more qualified leads.
    • Increased sales cycle velocity – since you learned from personas their content and engagement preferences and what collateral types they need during the down-funnel sales discussions, sales calls are more productive and sales cycles shrink.

    Our methodology for buyer persona and journey creation

    1. Document Team Knowledge of Buyer Persona and Drive Alignment 2. Interview Target Buyer Prospects and Customers 3. Create Outputs and Apply to Marketing, Sales, and Product
    Phase Steps
    1. Outline a vision for buyer persona and journey creation and identify stakeholders.
    2. Pull stakeholders together, identify initial buyer persona, and begin to document team knowledge about buyer persona (and journey where possible).
    3. Validate with industry and marketing analyst’s initial buyer persona, and identify list of buyer interviewees.
    1. Hold interviews and document and share findings.
    2. Validate initial drafts of buyer persona and create initial documented buyer journey. Review findings among key stakeholders, steering committee, and supporting analysts.
    3. Complete remaining interviews.
    1. Summarize findings.
    2. Convene steering committee/exec. and working team for final review.
    3. Communicate to key stakeholders in product, marketing, sales, and customer success for activation.
    Phase Outcomes
    1. Steering committee and team selection
    2. Team insights about buyer persona documented
    3. Buyer persona validation with industry and marketing analysts
    4. Sales, marketing, and product alignment
    1. Interview guide
    2. Target interviewee list
    3. Buyer-validated buyer persona
    4. Buyer journey documented with asset types, channels, and “how buyers buy” fully documented
    1. Education deck on buyer persona and journey ready for use with all stakeholders: product, field marketing, sales, executives, customer success, partners
    2. Activation will update product-market fit, optimize lead gen, and improve sales effectiveness

    Our approach provides interview guides and templates to help rebuild buyer persona

    Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:

    • Functional – helps you find and locate your target personas
    • Emotive – deepens team understanding of buyer initiatives, motivations for seeking alternatives, challenges they face, pain points for your offerings to address, and terminology that describes the “space”
    • Solution – enables greater product market fit
    • Behavioral – clarifies how to communicate with personas and understand their content preferences
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    Buyer journeys are constantly shifting

    If you didn’t remap buyer journeys in 2021, you may be losing to competitors that did. Leaders remap buyer journey frequently.

    • The multi-channel buyer journey is constantly changing. Today’s B2B buyer uses industry research sites, vendor content marketing assets, software reviews sites, contacts with vendor salespeople, events participation, peer networking, consultants, emails, social media sites, and electronic media to research purchasing decisions.
    • COVID-19 has dramatically decreased face-to-face interaction. We estimate a B2B buyer spent 20-25% more time online in 2021 than pre-COVID-19 researching software buying decisions. This has diminished the importance of face-to-face selling and given dramatic rise to digital selling and outbound marketing.
    • Content marketing has exploded, but without mapping the buyer journey and knowing where – by channel –and when – by buyer journey step – to offer content marketing assets, we will fail to convert prospects into buyers.

    “~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
    – Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021

    SoftwareReviews Advisory Insight:
    Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    You’ll be more successful by following our overall guidance

    Overarching insight

    Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.

    Align Your Team

    Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.

    Jump-Start Persona Development

    Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.

    Buyer Interviews Are a Must

    While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.

    Watch for Disruption

    Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.

    Advanced Buyer Journey Discovery

    Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.

    Tools and templates to speed your success

    This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.

    To support your buyer persona and journey creation, we’ve created the enclosed tools

    Buyer Persona Creation Template

    A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.

    Buyer Persona and Journey Interview Guide and Data Capture Tool

    For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.

    Buyer Persona and Journey Summary Template

    A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.

    SoftwareReviews offers two levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    The "do-it-yourself" step-by-step instructions begin with Phase 1.

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    A Guided Implementation is a series of analysts inquiries with you and your team.

    Diagnostics and consistent frameworks are used throughout each option.

    Guided Implementation

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.

    For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.

    Your engagement managers will work with you to schedule analyst calls.

    What does our GI on buyer persona and journey mapping look like?

    Drive an Aligned Initial Draft of Buyer Persona

    • Call #1: Collaborate on vision for buyer persona and the buyer journey. Review templates and sample outputs. Identify your team.
    • Call #2: Review work in progress on capturing working team knowledge of buyer persona elements.
    • Call #3: (Optional) Review Info-Tech’s research-sourced persona insights.
    • Call #4: Validate the persona WIP with Info-Tech analysts. Review buyer interview approach and target list.

    Interview Buyers and Validate Persona and Journey

    • Call #5: Revise/review interview guide and final interviewee list; schedule interviews.
    • Call #6: Review interim interview finds; adjust interview guide.
    • Call #7: Use interview findings to validate/update persona and build journey map.
    • Call #8: Add supporting analysts to final stakeholder review.

    Prepare Communications and Educate Stakeholders

    • Call #9: Review output templates completed with final persona and journey findings.
    • Call #10: Add supporting analysts to stakeholder education meetings for support and help with addressing questions/issues.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Persona, and Document Current Knowledge Validate Initial Work and Identify Buyer Interviewees Schedule and Hold Buyer interviews Summarize Findings and Provide Actionable Guidance to Colleagues Measure Impact and Results
    Activities

    1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.

    1.2 Identify buyer persona choices and settle on an initial target.

    1.3 Document team knowledge about buyer persona (and journey where possible).

    2.1 Share initial insights with covering industry analyst.

    2.2 Hear from industry analyst their perspectives on the buyer persona attributes.

    2.3 Reconcile differences; update “current understanding.”

    2.4 Identify interviewee types by segment, region, etc.

    3.1 Identify actual list of 15-20 interviewees.

    A gap of up to a week for scheduling of interviews.

    3.2 Hold interviews and use interview guides (over the course of weeks).

    3.3 Hold review session after initial 3-4 interviews to make adjustments.

    3.4 Complete interviews.

    4.1 Summarize findings.

    4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.

    4.3 Convene steering committee/exec. and working team for final review.

    4.4 Schedule meetings with colleagues to action results.

    5.1 Review final copy, assets, launch/campaign plans, etc.

    5.2 Develop/review implementation plan.

    A period of weeks will likely intervene to execute and gather results.

    5.3 Reconvene team to review results.

    Deliverables
    1. Documented steering committee and working team
    2. Executive Brief on personas and journey
    3. Personas and initial targets
    4. Documented team knowledge
    1. Analyst-validated initial findings
    2. Target interviewee types
    1. List of interviewees; calls scheduled
    2. Initial review – “are we going in the right direction?”
    3. Completed interviews
    1. Complete findings
    2. Action items for team members
    3. Plan for activation
    1. Activation review
    2. List of suggested next steps

    Phase 1
    Drive an Aligned Initial Draft of Buyer Persona

    This Phase walks you through the following activities:

    • Develop an understanding of what comprises a buyer persona and journey, including their importance to overall go-to-market strategy and execution.
    • Sample outputs.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Representative(s) from Sales
    • Executive Leadership

    1.1 Establish the team and align on shared vision

    Input

    • Typically a joint recognition that buyer personas have not been fully documented.
    • Identify working team members/participants (see below), and an executive sponsor.

    Output

    • Communication of team members involved and the make-up of steering committee and working team
    • Alignment of team members on a shared vision of “Why Build Buyer Personas and Journey” and what key attributes define both.

    Materials

    • N/A

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    60 minutes

    1. Schedule inquiry with working team members and walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation.
    2. Optional: Have the (SoftwareReviews Advisory) SRA analyst walk the team through the Buyer Persona and Journey Executive Brief PowerPoint presentation as part of your session.

    Review the Create a Buyer Persona Executive Brief (Slides 3-14)

    1.2 Document team knowledge of buyer persona

    Input

    • Working team member knowledge

    Output

    • Initial draft of your buyer persona

    Materials

    • Buyer Persona Creation Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    2-3 sessions of 60 minutes each

    1. Schedule meeting with working team members and, using the Buyer Persona Template, lead the team in a discussion that documents current team knowledge of the target buyer persona.
    2. Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template (and later, the buyer journey). Once the team learns the process for working on the initial persona, the development of additional personas will become more efficient.
    3. Place the PowerPoint template in a shared drive for team collaboration. Expect to schedule several 60-minute meets. Quicken collaboration by encouraging team to “do their homework” by sharing persona knowledge within the shared drive version of the template. Your goal is to get to an initial agreed upon version that can be shared for additional validation with industry analyst(s) in the next step.

    Download the Buyer Persona Creation Template

    1.3 Validate with industry analysts

    Input

    • Identify gaps in persona from previous steps

    Output

    • Further validated buyer persona

    Materials

    • Bring your Buyer Persona Creation Template to the meeting to share with analysts

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Info-Tech analyst covering your product category and SoftwareReviews marketing analyst

    30 minutes

    1. Schedule meeting with working team members and discuss which persona areas require further validation from an Info-Tech analyst who has worked closely with those buyers within your persona.

    60 minutes

    1. Schedule an inquiry with the appropriate Info-Tech analyst and SoftwareReviews Advisory analyst to share current findings and see:
      1. Info-Tech analyst provide content feedback given what they know about your target persona and product category.
      2. SoftwareReviews Advisory analyst provide feedback on persona approach and to coach any gaps or important omissions.
    2. Tabulate results and update your persona summary. At this point you will likely require additional validation through interviews with customers and prospects.

    1.4 Identify interviewees and prepare for interviews

    Input

    • Identify segments within which you require persona knowledge
    • Understand your persona insight gaps

    Output

    • List of interviewees

    Materials

    • Interviewee recording template on following slide
    • Interview guide questions found within the Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Identify the types of customers and prospects that will best represent your target persona. Choose interviewees that when interviewed will inform key differences among key segments (geographies, company size, mix of customers and prospects, etc.).
    2. Recruit interviewees and schedule interviews for 45 minutes.
    3. Keep track of Interviewees using the slide following this one.
    4. In preparation for interviews, review the Buyer Persona and Journey Interview Guide and Data Capture Tool. Review the two sets of questions:
      1. Buyer Persona-Related – use to validate areas where you still have gaps in your persona, OR if you are starting with a blank persona and wish to build your personas entirely based on customer and prospect interviews.
      2. Buyer-Journey Related, which we will focus on in the next phase.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    The image shows a table titled ‘Interviewee List.’ A note next to the title indicates: Here you will document your interviewee list and outreach plan. A note in the Segment column indicates: Ensure you are interviewing personas across segments that will give you the insights you need, e.g. by size, by region, mix of customers and prospects. A note in the Title column reads: Vary your title types up or down in the “buying center” if you are seeking to strengthen buying center dynamics understanding. A note in the Roles column reads: Vary your role types according to decision-making roles (decision maker, influencer, ratifier, coach, user) if you are seeking to strengthen decision-making dynamics understanding.

    Phase 2
    Interview Buyers and Validate Persona and Journey

    This Phase walks you through the following activities:

    • Developing final interview guide.
    • Interviewing buyers and customers.
    • Adjusting approach.
    • Validating buyer persona.
    • Crafting buyer journey
    • Gaining analyst feedback.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Representative(s) from Sales

    2.1 Hold interviews

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Hold interviews and adjust your interviewing approach as you go along. Uncover where you are not getting the right answers, check with working team and analysts, and adjust.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2 Use interview findings to validate what’s needed for activation

    Input

    • List of interviewees
    • Final list of questions

    Output

    • Buyer perspectives on their personas and buyer journeys
    • Stakeholder feedback that actionable insights are resulting from interviews

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and Data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    2 hours

    1. Convene your team, with marketing analysts, and test early findings: It’s wise to test initial interview results to check that you are getting the right insights to understand and validate key challenges, pain points, needs, and other vital areas pertaining to the buyer persona. Are the answers you are getting enabling you to complete the Summary slides for later communications and training for Sales?
    2. Check when doing buyer journey interviews that you are getting actionable answers that drive messaging, what asset types are needed, what the marketing channel mix is, and other vital insights to activate the results. Are the answers you are getting adequate to give guidance to campaigners, content marketers, and sales enablement?
    3. See the following slides for detailed questions that need to be answered satisfactorily by your team members that need to “activate” the results.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    2.2.1 Are you getting what you need from interviews to inform the buyer persona?

    Test that you are on the right track:

    1. Are you getting the functional answers so you can guide sellers to the right roles? Can you guide marketers/campaigners to the right “Ideal Customer Profile” for lead scoring?
    2. Are you capturing the right emotive areas that will support message crafting? Solutioning? SEM/SEO?
    3. Are you capturing insights into “how they decide” so sellers are well informed on the decision-making dynamics?
    4. Are you getting a strong understanding of content, interaction preferences, and news and information sources so sellers can outreach more effectively, you can pinpoint media spend, and content marketing can create the right assets?
    Functional – “to find them”
    Job Role Title Org. Chart Dynamics Buying Center Firmographics
    Emotive – “what they do and jobs to be done”
    Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? Buyer Need: They may have multiple needs; which need is most likely met with the offering? Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue?
    Decision Criteria – “how they decide”
    Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through?
    Solution Attributes – “what does the ideal solution look like”
    Steps in “Jobs to Be Done” Elements of the “Ideal Solution” Business outcomes from ideal solution Opportunity scope; other potential users Acceptable price for value delivered Alternatives that see consideration Solution sourcing: channel, where to buy
    Behavioral Attributes – “how to approach them successfully”
    Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)?

    2.2.2 Are you getting what you need from interviews to support the buyer journey?

    Our approach helps you define the buyer journey

    Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.

    2.3 Continue interviews

    Input

    • Final adjustments to list of interview questions

    Output

    • Final buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona Creation Template
    • Buyer Persona and Journey Interview Guide and data Capture Tool

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 weeks

    1. Continue customer and prospect interviews.
    2. Ensure you are gaining the segment perspectives needed.
    3. Complete the “Summary” columns within the Buyer Persona and Journey Interview Guide and Data Capture Tool.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Phase 3
    Prepare Communications and Educate Stakeholders

    This Phase walks you through the following activities:

    • Creating outputs for key stakeholders
    • Communicating final findings and supporting marketing, sales, and product activation.

    This Phase involves the following stakeholders:

    • Program leadership
    • Product Marketing
    • Product Management
    • Sales
    • Field Marketing/Campaign Management
    • Executive Leadership

    3.1 Summarize interview results and convene full working team and steering committee for final review

    Input

    • Buyer persona and journey interviews detail

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Interview Guide and Data Capture Tool
    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • CMO/Sponsoring Executive (Optional)
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • SoftwareReviews marketing analyst

    1-2 hours

    1. Summarize interview results within the Buyer Persona and Journey Summary Template.

    Download the Buyer Persona and Journey Interview Guide and Data Capture Tool

    Download the Buyer Persona and Journey Summary Template

    3.2 Convene executive steering committee and working team to review results

    Input

    • Buyer persona and journey interviews summary

    Output

    • Buyer perspectives on their personas and buyer journeys

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales

    1-2 hours

    1. Present final persona and journey results to the steering committee/executives and to working group using the summary slides interview results within the Buyer Persona and Journey Summary Template to finalize results.

    Download the Buyer Persona and Journey Summary Template

    3.3 Convene stakeholder meetings to activate results

    Input

    • Buyer persona and journey interviews summary

    Output

    Activation of key learnings to drive:

    • Better product –market fit
    • Lead gen
    • Sales effectiveness
    • Awareness

    Materials

    • Buyer Persona and Journey Summary Template

    Participants

    • Initiative Manager – individual leading the buyer persona and journey initiative
    • Working Team – typically representatives in Product Marketing, Product Management, and Sales
    • Stakeholder team members (see left)

    4-5 hours

    Present final persona and journey results to each stakeholder team. Key presentations include:

    1. Product team to validate product market fit.
    2. Content marketing to provide messaging direction for the creation of awareness and lead gen assets.
    3. Campaigners/Field Marketing for campaign-related messaging and to identify asset types required to be designed and delivered to support the buyer journey.
    4. Social media strategists for social post copy, and PR for other awareness-building copy.
    5. Sales enablement/training to enable updating of sales collateral, proposals, and sales training materials. Sellers to help with their targeting, prospecting, and crafting of outbound messaging and talk tracks.

    Download the Buyer Persona and Journey Summary Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Better alignment of customer/buyer-facing teams such as in product, marketing, sales, and customer success.
    • Messaging that can be used by marketing, sales, and social teams that will resonate with buyer initiatives, pain points, sought-after “pain relief,” and value.
    • Places in the digital and physical universe where your prospects “hang out” so you can optimize your media spend.
    • More effective use of marketing assets and sales collateral that align with the way your prospect needs to consume information throughout their buyer journey to make a decision in your solution area.

    And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com

    1-888-670-8889

    Related Software Reviews Research

    Optimize Lead Generation With Lead Scoring

    • Save time and money and improve your sales win rates when you apply our methodology to score contacts with your lead gen engine more accurately and pass better qualified leads over to your sellers.
    • Our methodology teaches marketers to develop your own lead scoring approach based upon lead/contact profile vs. your Ideal Customer Profile (ICP) and scores contact engagement. Applying the methodology to arrive at your own approach to scoring will mean reduced lead gen costs, higher conversion rates, and increased marketing-influenced wins.

    Bibliography

    Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.

    Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.

    Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.

    Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.

    Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.

    “Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.

    Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.

    Effective IT Communications

    • Buy Link or Shortcode: {j2store}429|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Lead
    • Parent Category Link: /lead

    IT communications are often considered ineffective. This is demonstrated by:

    • A lack of inclusion or time to present in board meetings.
    • Confusion around IT priorities and how they align to organizational objectives.
    • Segregating IT from the rest of the organization.
    • The inability to secure the necessary funding for IT-led initiatives.
    • IT employees not feeling supported or engaged.

    Our Advice

    Critical Insight

    • No one is born a good communicator. Every IT employee needs to spend the time and effort to grow their communication skills; with constant change and worsening IT crises, IT cannot afford to communicate poorly anymore.
    • The skills needed to communicate effectively as a front=line employee or CIO are the same. It is important to begin the development of these skills from the beginning of one's career.
    • Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.

    Impact and Result

    Communications is a responsibility of all members of IT. This is demonstrated through:

    • Engaging in two-way communications that are continuous and evolving.
    • Establishing a communications strategy – and following the plan.
    • Increasing the skills of all IT employees when it comes to communications.
    • Identifying audiences and their preferred means of communication.

    Effective IT Communications Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Effective IT Communications Capstone Deck – A resource center to ensure you never start communications from a blank page again.

    This capstone blueprint highlights the components, best practices, and importance of good communication for all IT employees.

    • Effective IT Communications Storyboard

    2. IT Townhall Template – A ready-to-use template to help you engage with IT employees and ensure consistent access to information.

    IT town halls must deliver value to employees, or they will withdraw and miss key messages. To engage employees, use well-crafted communications in an event that includes crowd-sourced contents, peer involvement, recognition, significant Q&A time allotment, organizational discussions, and goal alignment.

    • IT Townhall Template

    3. IT Year in Review Template – A ready-to-use template to help communicate IT successes and future objectives.

    This template provides a framework to build your own IT Year In Review presentation. An IT Year In Review presentation typically covers the major accomplishments, challenges, and initiatives of an organization's information technology (IT) department over the past year.

    • IT Year in Review Template

    Infographic

    Further reading

    Effective IT Communications

    Empower IT employees to communicate well with any stakeholder across the organization.

    Analyst perspective

    There has never been an expectation for IT to communicate well.

    Brittany Lutes

    Brittany Lutes
    Research Director
    Info-Tech Research Group

    Diana MacPherson

    Diana MacPherson
    Senior Research Analyst
    Info-Tech Research Group

    IT rarely engages in proper communications. We speak at, inform, or tell our audience what we believe to be important. But true communications seldom take place.

    Communications only occur when channels are created to ensure the continuous opportunity to obtain two-way feedback. It is a skill that is developed over time, with no individual having an innate ability to be better at communications. Each person in IT needs to work toward developing their personal communications style. The problem is we rarely invest in development or training related to communications. Information and technology fields spend time and money developing hard skills within IT, not soft ones.

    The benefits associated with communications are immense: higher business satisfaction, funding for IT initiatives, increased employee engagement, better IT to business alignment, and the general ability to form ongoing partnerships with stakeholders. So, for IT departments looking to obtain these benefits through true communications, develop the necessary skills.

    Executive summary

    Your Challenge Common Obstacles Info-Tech’s Approach
    IT communications are often considered ineffective. This is demonstrated by:
    • A lack of inclusion or time to present in board meetings.
    • Confusion around IT priorities and how they align to organizational objectives.
    • Segregating IT from the rest of the organization.
    • An inability to secure the necessary funding for IT-led initiatives.
    • IT employees not feeling supported or engaged.
    Frequently, these barriers have prevented IT communications from being effective:
    • Using technical jargon when a universal language is needed.
    • Speaking at organization stakeholders rather than engaging through dialogue.
    • Understanding the needs of the audience.
    Overall, IT has not been expected to engage in good communications or taken a proactive approach to communicate effectively.
    Communications is a responsibility of all members of IT. This is demonstrated through:
    • Engaging in two-way communications that are continuous and evolving.
    • Establishing a communications strategy – and following the plan.
    • Increasing the skills of all IT employees when it comes to communications.
    • Identifying audiences and their preferred means of communication.

    Info-Tech Insight
    No one is born a good communicator. Every IT employee needs to spend the time and effort to grow their communication skills as constant change and worsening IT crises mean that IT cannot afford to communicate poorly anymore.

    Your challenge

    Overall satisfaction with IT is correlated to satisfaction with IT communications

    Chart showing satisfaction with it and communications

    The bottom line? For every 10% increase in communications there 8.6% increase in overall IT satisfaction. Therefore, when IT communicates with the organization, stakeholders are more likely to be satisfied with IT overall.

    Info-Tech Diagnostic Programs, N=330 organizations

    IT struggles to communicate effectively with the organization:

    • CIOs are given minimal time to present to the board or executive leaders about IT’s value and alignment to business goals.
    • IT initiatives are considered complicated and confusing.
    • The frequency and impact of IT crises are under planned for, making communications more difficult during a major incident.
    • IT managers do not have the skills to communicate effectively with their team.
    • IT employees do not have the skills to communicate effectively with one another and end users.

    Common obstacles

    IT is prevented from communicating effectively due to these barriers:

    • Difficulty assessing the needs of the audience to inform the language and means of communication that should be used.
    • Using technical jargon rather than translating the communication into commonly understood terms.
    • Not receiving the training required to develop communication skills across IT employees.
    • Frequently speak at organization stakeholders rather than engaging through dialogue.
    • Beginning many communications from a blank page, especially crisis communications.
    • Difficulty presenting complex concepts in a short time to an audience in a digestible and concise manner without diluting the point.

    Effective IT communications are rare:

    53% of CXOs believe poor communication between business and IT is a barrier to innovation.
    Source: Info-Tech CEO-CIO Alignment Survey, 2022

    69% of those in management positions don’t feel comfortable even communicating with their staff.”
    Source: TeamStage, 2022

    Info-Tech’s approach

    Effective communications is not a broadcast but a dialogue between communicator and audience in a continuous feedback loop.

    Continuous loop of dialogue

    The Info-Tech difference:

    1. Always treat every communication as a dialogue, enabling the receiver of the message to raise questions, concerns, or ideas.
    2. Different audiences will require different communications. Be sure to cater the communication to the needs of the receiver(s).
    3. Never assume the communication was effective. Create measures and adjust the communications to get the desired outcome.

    Common IT communications

    And the less common but still important communications

    Communicating Up to Board or Executives

    • Board Presentations
    • Executive Leadership Committee Meetings
    • Technology Updates
    • Budget Updates
    • Risk Updates
    • Year in Review

    Communicating Across the Organization

    • Townhalls – external to IT
    • Year in Review
    • Crisis Email
    • Intranet Communication
    • Customer/Constituent Requests for Information
    • Product Launches
    • Email
    • Watercooler Chat

    Communicating Within IT

    • Townhalls – internal to IT
    • Employee 1:1s
    • Team Meetings
    • Project Updates
    • Project Collaboration Sessions
    • Year in Review
    • All-Hands Meeting
    • Employee Interview
    • Onboarding Documentation
    • Vendor Negotiation Meetings
    • Vendor Product Meetings
    • Email
    • Watercooler Chat

    Insight Summary

    Overarching insight
    IT cannot afford to communicate poorly given the overwhelming impact and frequency of change related to technology. Learn to communicate well or get out of the way of someone who can.

    Insight 1: The skills needed to communicate effectively as a frontline employee or a CIO are the same. It’s important to begin the development of these skills from the beginning of one’s career.
    Insight 2: Time is a non-renewable resource. Any communication needs to be considered valuable and engaging by the audience or they will be unforgiving.
    Insight 3: Don’t make data your star. It is a supporting character. People can argue about the collection methods or interpretation of the data, but they cannot argue the story you share.
    Insight 4: Measure if the communication is being received and resulting in the desired outcome. If not, modify what and how the message is being expressed.
    Insight 5: Messages are also non-verbal. Practice using your voice and body to set the right tone and impact your audience.

    Communication principles

    Follow these principles to support all IT communications.

    Two-Way

    Incorporate feedback loops into your communication efforts. Providing stakeholders with the opportunity to voice their opinions and ideas will help gain their commitment and buy-in.

    Timely

    Frequent communications mitigate rumors and the spread of misinformation. Provide warning before the implementation of any changes whenever possible. Communicate as soon as possible after decisions have been made.

    Consistent

    Make sure the messaging is consistent across departments, mediums, and presenters. Provide managers with key phrases to support the consistency of messages.

    Open & Honest

    Transparency is a critical component of communication. Always tell employees that you will share information as soon as you can. This may not be as soon as you receive the information but as soon as sharing it is acceptable.

    Authentic

    Write messages in a way that embodies the personality of the organization. Don’t spin information; position it within the wider organizational context.

    Targeted

    Use your target audience profiles to determine which audiences need to consume which messages and what mediums should be employed.

    Importance of IT being a good communicator

    Don’t pay the price for poor communication.

    IT needs to communicate well because:

    • IT risk mitigation and technology initiative funding are dependent on critical stakeholders comprehending the risk impact and initiative benefit in easy-to-understand terms.
    • IT employees need clear and direct information to feel empowered and accountable to do their jobs well.
    • End users who have a good experience engaging in communications with IT employees have an overall increase in satisfaction with IT.
    • Continuously demonstrating IT’s value to the organization comes when those initiatives are clearly aligned to overall objectives.
    • Communication prevents assumptions and further miscommunication from happening among IT employees who are usually impacted and fear change the most.

    “Poor communication results in employee misunderstanding and errors that cost approximately $37 billion.”
    – Intranet Connections, 2019

    Effective communication enables organizational strategy and facilitates a two-way exchange

    Effective communication facilitates a two-way exchange

    What makes internal communications effective?

    To be effective, internal communications must be strategic. They should directly support organizational objectives, reinforce key messages to make sure they drive action, and facilitate two-way dialogue, not just one-way messaging.

    Measure the value of the communication

    Communication effectiveness can be measured through a variety of metrics:

    • Increase in Productivity
    • “When employees are offered better communication technology and skills, productivity can increase by up to 30%” (Expert Market, 2022).
    • Increase in Understanding Decision Rationale
    • Employees who report understanding the rationale behind the business decisions made by the executive leadership team (ELT) are 3.6x more likely to be engaged, compared to those who were not (McLean & Company Engagement Survey Database, 2022; N=133,167 responses, 187 organizations).
    • Increase in Revenue
    • Collaboration amongst C-suite executives led to a 27% increase in revenue compared to low collaborating C-suites (IBM, 2021).
    • Increase in End-User Satisfaction
    • 80.9% of end users are satisfied with IT’s ability to communicate with them regarding the information they need to perform their job (Info-Tech’s End-User Satisfaction Survey Database, N=20,617 end users from 126 organizations).

    Methods to determine effectiveness:

    • CIO Business Vision Survey
    • Engagement surveys
    • Focus groups
    • Suggestion boxes
    • Team meetings
    • Random sampling
    • Informal feedback
    • Direct feedback
    • Audience body language
    • Repeating the message back

    How to navigate the research center

    This research center is intended to ensure that IT never starts their communications from a blank page again:

    Tools to help IT be better communicators

    “‘Effectiveness’ can mean different things, and effectiveness for your project is going to look different than it would for any other project.”
    – Gale McCreary in WikiHow, 2022

    Audience: Organizational leadership

    Speaking with Board and executive leaders about strategy, risk, and value

    Keep in mind:

    1 2 3
    Priorities Differ Words Matter The Power of Three
    What’s important to you as CIO is very different from what is important to a board or executive leadership team or even the individual members of these groups. Share only what is important or relevant to the stakeholder(s). Simplify the message into common language whenever possible. A good test is to ensure that someone without any technical background could understand the message. Keep every slide to three points with no more than three words. You are the one to translate this information into a worth-while story to share.

    “Today’s CIOs have a story to tell. They must change the old narrative and describe the art of the (newly) possible. A great leader rises to the occasion and shares a vision that inspires the entire organization.”
    – Dan Roberts, CIO, 2019

    Communications for board presentations

    Secure funding and demonstrate IT as a value add to business objectives.

    DEFINING INSIGHT

    Stop presenting what is important to you as the CIO and present to the board what is important to them.

    Why does IT need to communicate with the board?

    • To get their buy-in and funding for critical IT initiatives.
    • To ensure that IT risks are understood and receive the funding necessary to mitigate.
    • To change the narrative of IT as a service provider to a business enabler.

    FRAMEWORK

    Framework for board presentations

    CHECKLIST

    Do’s & Don’ts of Communicating Board Presentations:

    Do: Ensure you know all the members of the board and their strengths/areas of focus.

    Do: Ensure the IT objectives and initiatives align to the business objectives.

    Do: Avoid using any technical jargon.

    Do: Limit the amount of data you are using to present information. If it can’t stand alone, it isn’t a strong enough data point.

    Do: Avoid providing IT service metrics or other operational statistics.

    Do: Demonstrate how the organization’s revenue is impacted by IT activities.

    Do: Tell a story that is compelling and excited.

    OUTCOME

    Organization Alignment

    • Approved organization objectives and IT objectives are aligned and supporting one another.

    Stakeholder Buy-In

    • Board members all understand what the future state of IT will look like – and are excited for it!

    Awareness on Technology Trends

    • It is the responsibility of the CIO to ensure the board is aware of critical technology trends that can impact the future of the organization/industry.

    Risks

    • Risks are understood, the impact they could have on the organization is clear, and the necessary controls required to mitigate the risk are funded.

    Communications for business updates

    Continuously build strong relationships with all members of business leadership.

    DEFINING INSIGHT

    Business leaders care about themselves and their goals – present ideas and initiatives that lean into this self-interest.

    Why does IT need to communicate business updates?

    • The key element here is to highlight how IT is impacting the organization’s overall ability to meet goals and targets.
    • Ensure all executive leaders know about and understand IT’s upcoming initiatives – and how they will be involved.

    FRAMEWORK

    Framework for business updates

    CHECKLIST

    Do’s & Don’ts of Communicating Business Updates:

    Do: Ensure IT is given sufficient time to present with the rest of the business leaders.

    Do: Ensure the goals of IT are clear and can be depicted visually.

    Do: Tie every IT goal to the objectives of different business leaders.

    Do: Avoid using any technical jargon.

    Do: Reinforce the positive benefits business leaders can expect.

    Do: Avoid providing IT service metrics or other operational statistics.

    Do: Demonstrate how IT is driving the digital transformation of the organization.

    OUTCOME

    Better Reputation

    • Get other business leaders to see IT as a value add to any initiative, making IT an enabler not an order taker.

    Executive Buy-In

    • Executives are concerned about their own budgets; they want to embrace all the innovation but within reason and minimal impact to their own finances.

    Digital Transformation

    • Indicate and commit to how IT can help the different leaders deliver on their digital transformation activities.

    Relationship Building

    • Establish trust with the different leaders so they want to engage with you on a regular basis.

    Audience: Organization wide

    Speaking with all members of the organization about the future of technology – and unexpected crises.

    1 2 3
    Competing to Be Heard Measure Impact Enhance the IT Brand
    IT messages are often competing with a variety of other communications simultaneously taking place in the organization. Avoid the information-overload paradox by communicating necessary, timely, and relevant information. Don’t underestimate the benefit of qualitative feedback that comes from talking to people within the organization. Ensure they read/heard and absorbed the communication. IT might be a business enabler, but if it is never communicated as such to the organization, it will only be seen as a support function. Use purposeful communications to change the IT narrative.

    Less than 50% of internal communications lean on a proper framework to support their communication activities.
    – Philip Nunn, iabc, 2020

    Communications for strategic IT initiatives

    Communicate IT’s strategic objectives with all business stakeholders and users.

    DEFINING INSIGHT

    IT leaders struggle to communicate how the IT strategy is aligned to the overall business objectives using a common language understood by all.

    Why does IT need to communicate its strategic objectives?

    • To ensure a clear and consistent view of IT strategic objectives can be understood by all stakeholders within the organization.
    • To demonstrate that IT strategic objectives are aligned with the overall mission and vision of the organization.

    FRAMEWORK

    Framework for IT strategic initiatives

    CHECKLIST

    Do’s & Don’ts of Communicating IT Strategic Objectives:

    Do: Ensure all IT leaders are aware of and understand the objectives in the IT strategy.

    Do: Ensure there is a visual representation of IT’s goals.

    Do: Ensure the IT objectives and initiatives align to the business objectives.

    Do: Avoid using any technical jargon.

    Do: Provide metrics if they are relevant, timely, and immediately understandable.

    Do: Avoid providing IT service metrics or other operational statistics.

    Do: Demonstrate how the future of the organization will benefit from IT initiatives.

    OUTCOME

    Organization Alignment

    • All employees recognize the IT strategy as being aligned, even embedded, into the overall organization strategy.

    Stakeholder Buy-In

    • Business and IT stakeholders alike understand what the future state of IT will look like – and are excited for it!

    Role Clarity

    • Employees within IT are clear on how their day-to-day activities impact the overall objectives of the organization.

    Demonstrate Growth

    • Focus on where IT is going to be maturing in the coming one to two years and how this will benefit all employees.

    Communications for crisis management

    Minimize the fear and chaos with transparent communications.

    DEFINING INSIGHT

    A crisis communication should fit onto a sticky note. If it’s not clear, concise, and reassuring, it won’t be effectively understood by the audience.

    Why does IT need to communicate when a crisis occurs?

    • To ensure all members of the organization have an understanding of what the crisis is, how impactful that crisis is, and when they can expect more information.
    • “Half of US companies don’t have a crisis communication plan” (CIO, 2017).

    FRAMEWORK

    Framework for crisis management

    CHECKLIST

    Do’s & Don’ts of Communicating During a Crisis:

    Do: Provide timely and regular updates about the crisis to all stakeholders.

    Do: Involve the Board or ELT immediately for transparency.

    Do: Avoid providing too much information in a crisis communication.

    Do: Have crisis communication statements ready to be shared at any time for possible or common IT crises.

    Do: Highlight that employee safety and wellbeing is top priority.

    Do: Work with members of the public relations team to prepare any external communications that might be required.

    OUTCOME

    Ready to Act

    • Holding statements for possible crises will eliminate the time and effort required when the crisis does occur.

    Reduce Fears

    • Prevent employees from spreading concerns and not feeling included in the crisis.

    Maintain Trust

    • Ensure Board and ELT members trust IT to respond in an appropriate manner to any crisis or major incident.

    Eliminate Negative Reactions

    • Any crisis communication should be clear and concise enough when done via email.

    Audience: IT employees

    IT employees need to receive and obtain regular transparent communications to better deliver on their expectations.

    Keep in mind:

    1 2 3
    Training for All Listening Is Critical Reinforce Collaboration
    From the service desk technician to CIO, every person within IT needs to have a basic ability to communicate. Invest in the training necessary to develop this skill set. It seems simple, but as humans we do an innately poor job at listening to others. It’s important you hear employee concerns, feedback, and recommendations, enabling the two-way aspect of communication. IT employees will reflect the types of communications they see. If IT leaders and managers cannot collaborate together, then teams will also struggle, leading to productivity and quality losses.

    “IT professionals who […] enroll in communications training have a chance to both upgrade their professional capabilities and set themselves apart in a crowded field of technology specialists.”
    – Mark Schlesinger, Forbes, 2021

    Communications for IT activities and tactics

    Get IT employees aligned and clear on their daily objectives.

    DEFINING INSIGHT

    Depending on IT goals, the structure might need to change to support better communication among IT employees.

    Why does IT need to communicate IT activities?

    • To ensure all members of the project team are aligned with their tasks and responsibilities related to the project.
    • To be able to identify, track, and mitigate any problems that are preventing the successful delivery of the project.

    FRAMEWORK

    Framework for IT activities & tactics

    CHECKLIST

    Do’s & Don’ts of Communicating IT Activities:

    Do: Provide metrics that define how success of the project will be measured.

    Do: Demonstrate how each project aligns to the overarching objectives of the organization.

    Do: Avoid having large meetings that include stakeholders from two or more projects.

    Do: Consistently create a safe space for employees to communicate risks related to the project(s).

    Do: Ensure the right tools are being leveraged for in-office, hybrid, and virtual environments to support project collaboration.

    Do: Leverage a project management software to reduce unnecessary communications.

    OUTCOME

    Stakeholder Adoption

    • Create a standard communication template so stakeholders can easily find and apply communications.

    Resource Allocation

    • Understand what the various asks of IT are so employees can be adequately assigned to tasks.

    Meet Responsibly

    • Project status meetings are rarely valuable or insightful. Use meetings for collaboration, troubleshooting, and knowledge sharing.

    Encourage Engagement

    • Recognize employees and their work against critical milestones, especially for projects that have a long timeline.

    Communications for everyday IT

    Engage employees and drive results with clear and consistent communications.

    DEFINING INSIGHT

    Employees are looking for empathy to be demonstrated by those they are interacting with, from their peers to managers. Yet, we rarely provide it.

    Why does IT need to communicate on regularly with itself?

    • Regular communication ensures employees are valued, empowered, and clear about their expectations.
    • 97% of employees believe that their ability to perform their tasks efficiently is impacted by communication (Expert Market, 2022).

    FRAMEWORK

    Framework for everyday IT

    CHECKLIST

    Do’s & Don’ts of Communicating within IT:

    Do: Have responses for likely questions prepared and ready to go.

    Do: Ensure that all leaders are sharing the same messages with their teams.

    Do: Avoid providing irrelevant or confusing information.

    Do: Speak with your team on a regular basis.

    Do: Reinforce the messages of the organization every chance possible.

    Do: Ensure employees feel empowered to do their jobs effectively.

    Do: Engage employees in dialogue. The worst employee experience is when they are only spoken at, not engaged with.

    OUTCOME

    Increased Collaboration

    • Operating in a vacuum or silo is no longer an option. Enable employees to successfully collaborate and deliver holistic results.

    Role Clarity

    • Clear expectations and responsibilities eliminate confusion and blame game. Engage employees and create a positive work culture with role clarity.

    Prevent Rumors

    • Inconsistent communication often leads to information sharing and employees spreading an (in)accurate narrative.

    Organizational Insight

    • Employees trust the organization’s direction because they are aware of the different activities taking place and provided with a rationale about decisions.

    Case Study

    Amazon

    INDUSTRY
    E-Commerce

    SOURCE
    Harvard Business Review

    Jeff Bezos has definitely taken on unorthodox approaches to business and leadership, but one that many might not know about is his approach to communication. Some of the key elements that he focused on in the early 2000s when Amazon was becoming a multi-billion-dollar empire included:

    • Banning PowerPoint for all members of the leadership team. They had to learn to communicate without the crutch of the most commonly used presentation tool.
    • Leveraging memos that included specific action steps and clear nouns
    • Reducing all communication to an eighth-grade reading level, including pitches for new products (e.g. Kindle).

    Results

    While he was creating the Amazon empire, 85% of Jeff Bezos’ communication was written in a way that an eighth grader could read. Communicating in a way that was easy to understand and encouraging his leadership team to do so as well is one of the many reasons this business has grown to an estimated value of over $800B.

    “If you cannot simplify a message and communicate it compellingly, believe me, you cannot get the masses to follow you.”
    – Indra Nooyi, in Harvard Business Review, 2022

    Communication competency expectations

    Communication is a business skill; not a technical skill.

    Demonstrated Communication Behavior
    Level 1: Follow Has sufficient communication skills for effective dialogue with others.
    Level 2: Assist Has sufficient communication skills for effective dialogue with customers, suppliers, and partners.
    Level 3: Apply Demonstrates effective communication skills.
    Level 4: Enable Communicates fluently, orally, and in writing and can present complex information to both technical and non-technical audiences.
    Level 5: Ensure, Advise Communicates effectively both formally and informally.
    Level 6: Initiate, Influence Communicates effectively at all levels to both technical and non-technical audiences.
    Level 7: Set Strategy, Inspire, Mobilize Understands, explains, and presents complex ideas to audiences at all levels in a persuasive and convincing manner.

    Source: Skills Framework for the Information Age, 2021

    Key KPIs for communication with any stakeholder

    Measuring communication is hard; use these to determine effectiveness.

    Goal Key Performance Indicator (KPI) Related Resource
    Obtain board buy-in for IT strategic initiatives X% of IT initiatives that were approved to be funded. Number of times technical initiatives were asked to be explained further. Using our Board Presentation Review service
    Establish stronger relationships with executive leaders X% of business leadership satisfied with the statement “IT communicates with your group effectively.” Using the CIO Business Vision Diagnostic
    Organizationally, people know what products and services IT provides X% of end users who are satisfied with communications around changing services or applications. Using the End-User Satisfaction Survey
    Organizational reach and understanding of the crisis. Number of follow-up tickets or requests related to the crisis after the initial crisis communication was sent. Using templates and tools for crisis communications
    Project stakeholders receive sufficient communication throughout the initiative. X% overall satisfaction with the quality of the project communications. Using the PPM Customer Satisfaction Diagnostic
    Employee feedback is provided, heard, and acted on X% of satisfaction employees have with managers or IT leadership to act on employee feedback. Using the Employee Engagement Diagnostic Program

    Standard workshop communication activities

    Introduction
    Communications overview.

    Plan
    Plan your communications using a strategic tool.

    Compose
    Create your own message.

    Deliver
    Practice delivering your own message.

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Research contributors and experts

    Anuja Agrawal, National Communications Director, PwC

    Anuja Agrawal
    National Communications Director
    PwC

    Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industries in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, and M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions, combined with in-person engagement, to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.

    Nastaran Bisheban, Chief Technology Officer, KFC Canada

    Nastaran Bisheban
    Chief Technology Officer
    KFC Canada

    A passionate technologist, and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.

    Heidi Davidson, Co-Founder & CEO, Galvanize Worldwide and Galvanize On Demand

    Heidi Davidson
    Co-Founder & CEO
    Galvanize Worldwide and Galvanize On Demand

    Dr. Heidi Davidson is the co-founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the co-founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.

    Eli Gladstone, Co-Founder, Speaker Labs

    Eli Gladstone
    Co-Founder
    Speaker Labs

    Eli is a co-founder of Speaker Labs. He has spent over six years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he’s not coaching others on how to build and deliver the perfect presentation, you’ll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good-enough jumpshot to avoid being a liability on the basketball court.

    Francisco Mahfuz, Keynote Speaker & Storytelling Coach

    Francisco Mahfuz
    Keynote Speaker & Storytelling Coach

    Francisco Mahfuz has been telling stories in front of audiences for a decade and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organizations and has worked with organizations like Pepsi, HP, the United Nations, Santander, and Cornell University. He’s the author of Bare: A Guide to Brutally Honest Public Speaking and the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He’s received a BA in English Literature from Birkbeck University in London.

    Sarah Shortreed, EVP & CTO, ATCO Ltd.

    Sarah Shortreed
    EVP & CTO
    ATCO Ltd.

    Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed’s skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management, and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM, and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.

    Eric Silverberg, Co-Founder, Speaker Labs

    Eric Silverberg
    Co-Founder
    Speaker Labs

    Eric is a co-founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he’s not running workshops to help people grow in their careers, there’s a good chance you’ll find him with his wife and dog, drinking Diet Coke, and rewatching iconic episodes of the reality TV show Survivor! He’s such a die-hard fan, that you’ll probably see him playing the game one day.

    Stephanie Stewart, Communications Officer & DR Coordinator, Info Security Services Simon Fraser University

    Stephanie Stewart
    Communications Officer & DR Coordinator
    Info Security Services Simon Fraser University

    Steve Strout, President, Miovision Technologies

    Steve Strout
    President
    Miovision Technologies

    Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle, and SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving “on-time and on-budget.” Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users” Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters), and Morris Communications. He has served on boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.

    Info-Tech Research Group Contributors:

    Sanchia Benedict, Research Lead
    Antony Chan Executive Counsellor
    Janice Clatterbuck, Executive Counsellor
    Ahmed Jowar, Research Specialist
    Dave Kish, Practice Lead
    Nick Kozlo, Senior Research Analyst
    Heather Leier Murray, Senior Research Analyst
    Amanda Mathieson, Research Director
    Carlene McCubbin, Practice Lead
    Joe Meier, Executive Counsellor
    Andy Neill, AVP Research
    Thomas Randall, Research Director

    Plus an additional two contributors who wish to remain anonymous.

    Related Info-Tech Research

    Boardroom Presentation Review

    • You will come away with a clear, concise, and compelling board presentation that IT leaders can feel confident presenting in front of their board of directors.
    • Add improvements to your current board presentation in terms of visual appeal and logical flow to ensure it resonates with your board of directors.
    • Leverage a best-of-breed presentation template.

    Build a Better Manager

    • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
    • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Crisis Communication Guides

    During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:

    • Draft a communication strategy.
    • Tailor messages to your audience.
    • Draft employee crisis communications.
    Use this guide to equip leadership to communicate in times of crisis.

    Bibliography

    “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.

    Gallo, Carmine. “How Great Leaders Communicate.” Harvard Business Review, 23 November 2022

    Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab, 15 December 2021.

    Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market, 13 June 2022.

    “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.

    McCreary, Gale. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow, 31 March 2023.

    Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.

    Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc, 26 October 2020.

    Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.

    Price. David A. “Pixar Story Rules.” Stories From the Frontiers of Knowledge, 2011.

    Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.

    Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.” Forbes, 2021.

    Stanten, Andrew. “Planning for the Worst: Crisis Communications 101.” CIO, 25 May 2017.

    State of the American Workplace Report. Gallup, 6 February 2020.

    “The CIO Revolution.” IBM, 2021.

    “The State of High Performing Teams in Tech 2022.” Hypercontex, 2022.

    Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.

    Determine the Future of Microsoft Project in Your Organization

    • Buy Link or Shortcode: {j2store}357|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • You use Microsoft tools to manage your work, projects, and/or project portfolio.
    • Its latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.
    • The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.
    • Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Our Advice

    Critical Insight

    • The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes. If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek.
    • Rather than choosing tools based on your gaps, assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Impact and Result

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) based upon your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    Determine the Future of Microsoft Project in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should make sense of the MS Project and M365 landscapes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your tool needs

    Assess your work management tool landscape, current state maturity, and licensing needs to inform a purpose-built work management action plan.

    • M365 Task Management Tool Guide
    • M365 Project Management Tool Guide
    • M365 Project Portfolio Management Tool Guide
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Microsoft Project & M365 Licensing Tool
    • Project Portfolio Management Maturity Assessment Workbook (With Tool Analysis)
    • Project Management Maturity Assessment Workbook (With Tool Analysis)

    2. Weigh your MS Project implementation options

    Get familiar with Project for the web’s extensibility as well as the MS Gold Partner ecosystem as you contemplate the best implementation approach(s) for your organization.

    • None
    • None

    3. Finalize your implementation approach

    Prepare a boardroom-ready presentation that will help you communicate your MS Project and M365 action plan to PMO and organizational stakeholders.

    • Microsoft Project & M365 Action Plan Template

    Infographic

    Workshop: Determine the Future of Microsoft Project in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Driving Forces and Risks

    The Purpose

    Assess the goals and needs as well as the risks and constraints of a work management optimization.

    Take stock of your organization’s current work management tool landscape.

    Key Benefits Achieved

    Clear goals and alignment across workshop participants as well as an understanding of the risks and constraints that will need to be mitigated to succeed.

    Current-state insight into the organization’s work management tool landscape.

    Activities

    1.1 Review the business context.

    1.2 Explore the M365 work management landscape.

    1.3 Identify driving forces for change.

    1.4 Analyze potential risks.

    1.5 Perform current-state analysis on work management tools.

    Outputs

    Business context

    Current-state understanding of the task, project, and portfolio management options in M365 and how they align with the organization’s ways of working

    Goals and needs analysis

    Risks and constraints analysis

    Work management tool overview

    2 Determine Tool Needs and Process Maturity

    The Purpose

    Determine your organization’s work management tool needs as well as its current level of project management and project portfolio management process maturity.

    Key Benefits Achieved

    An understanding of your tooling needs and your current levels of process maturity.

    Activities

    2.1 Review tool audit dashboard and conduct the final audit.

    2.2 Identify current Microsoft licensing.

    2.3 Assess current-state maturity for project management.

    2.4 Define target state for project management.

    2.5 Assess current-state maturity for project portfolio management.

    2.6 Define target state for project portfolio management.

    Outputs

    Tool audit

    An understanding of licensing options and what’s needed to optimize MS Project options

    Project management current-state analysis

    Project management gap analysis

    Project portfolio management current-state analysis

    Project portfolio management gap analysis

    3 Weigh Your Implementation Options

    The Purpose

    Take stock of your implementation options for Microsoft old project tech and new project tech.

    Key Benefits Achieved

    An optimized implementation approach based upon your organization’s current state and needs.

    Activities

    3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.

    3.2 Review the business case for Microsoft licensing.

    3.3 Get familiar with Project for the web.

    3.4 Assess the MS Gold Partner Community.

    3.5 Conduct a feasibility test for PFTW.

    Outputs

    M365 and Project Plan needs assessment

    Business case for additional M365 and MS Project licensing

    An understand of Project for the web and how to extend it

    MS Gold Partner outreach plan

    A go/no-go decision for extending Project for the web on your own

    4 Finalize Implementation Approach

    The Purpose

    Determine the best implementation approach for your organization and prepare an action plan.

    Key Benefits Achieved

    A purpose-built implementation approach to help communicate recommendations and needs to key stakeholders.

    Activities

    4.1 Decide on the implementation approach.

    4.2 Identify the audience for your proposal.

    4.3 Determine timeline and assign accountabilities.

    4.4 Develop executive summary presentation.

    Outputs

    An implementation plan

    Stakeholder analysis

    A communication plan

    Initial executive presentation

    5 Next Steps and Wrap-Up (offsite)

    The Purpose

    Finalize your M365 and MS Project work management recommendations and get ready to communicate them to key stakeholders.

    Key Benefits Achieved

    Time saved in developing and communicating an action plan.

    Stakeholder buy-in.

    Activities

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Outputs

    Finalized executive presentation

    A gameplan to communicate your recommendations to key stakeholders as well as a roadmap for future optimization

    Further reading

    Determine the Future of Microsoft Project in Your Organization

    View your task management, project management, and project portfolio management options through the lens of M365.

    EXECUTIVE BRIEF

    Analyst Perspective

    Microsoft Project is an enigma

    Microsoft Project has dominated its market since being introduced in the 1980s, yet the level of adoption and usage per license is incredibly low.

    The software is ubiquitous, mostly considered to represent its category for “Project Management.” Yet, the software is conflated with its “Portfolio Management” offerings as organizations make platform decisions with Microsoft Project as the incorrectly identified incumbent.

    And incredibly, Microsoft has dominated the next era of productivity software with the “365” offerings. Yet, it froze the “Project” family of offerings and introduced the not-yet-functional “Project for the web.”

    Having a difficult time understanding what to do with, and about, Microsoft Project? You’re hardly alone. It’s not simply a question of tolerating, embracing, or rejecting the product: many who choose a competitor find they’re still paying for Microsoft Project-related licensing for years to come.

    If you’re in the Microsoft 365 ecosystem, use this research to understand your rapidly shifting landscape of options.

    (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    Executive Summary

    Your Challenge

    You use Microsoft (MS) tools to manage your work, projects, and/or project portfolio.

    Their latest offering, Project for the web, is new and you’re not sure what to make of it. Microsoft says it will soon replace Microsoft Project and Project Online, but the new software doesn’t seem to do what the old software did.

    The organization has adopted M365 for collaboration and work management. Meetings happen on Teams, projects are scoped a bit with Planner, and the operations group uses Azure Boards to keep track of what they need to get done.

    Despite your reservations about the new project management software, Microsoft software has become even more ubiquitous.

    Common Obstacles

    M365 provides the basic components for managing tasks, projects, and project portfolios, but there is no instruction manual for making those parts work together.

    M365 isn’t the only set of tools at play. Business units and teams across the organization have procured other non-Microsoft tools for work management without involving IT.

    Microsoft’s latest project offering, Project for the web, is still evolving and you’re never sure if it is stable or ready for prime time. The missing function seems to involve the more sophisticated project planning disciplines, which are still important to larger, longer, and costlier projects.

    Common Obstacles

    Follow Info-Tech’s path in this blueprint to:

    • Perform a tool audit to trim your work management tool landscape.
    • Navigate the MS Project and M365 licensing landscape.
    • Make sense of what to do with Project for the web and take the right approach to rolling it out (i.e. DIY or MS Gold Partner driven) for your needs.
    • Create an action plan to inform next steps.

    After following the program in this blueprint, you will be prepared to advise the organization on how to best leverage the rapidly shifting work management options within M365 and the place of MS Project within it.

    M365 and, within it, O365 are taking over

    Accelerated partly by the pandemic and the move to remote work, Microsoft’s market share in the work productivity space has grown exponentially in the last two years.

    70% of Fortune 500 companies purchased 365 from Sept. 2019 to Sept. 2020. (Thexyz blog, 2020)

    In its FY21 Q2 report, Microsoft reported 47.5 million M365 consumer subscribers – an 11.2% increase from its FY20 Q4 reporting. (Office 365 for IT Pros, 2021)

    As of September 2020, there were 258,000,000 licensed O365 users. (Thexyz blog, 2020)

    In this blueprint, we’ll look at what the what the phenomenal growth of M365 means for PMOs and project portfolio practitioners who identify as Microsoft shops

    The market share of M365 warrants a fresh look at Microsoft’s suite of project offerings

    For many PMO and project portfolio practitioners, the footprint of M365 in their organizations’ work management cultures is forcing a renewed look at Microsoft’s suite of project offerings.

    The complicating factor is this renewed look comes at a transitional time in Microsoft’s suite of project and portfolio offerings.

    • The market dominance of MS Project Server and Project Online are wanning, with Microsoft promising the end-of-life for Online sometime in the coming years.
    • Project Online’s replacement, Project for the web, is a viable task management and lightweight project management tool, but its viability as a replacement for the rigor of Project Online is at present largely a question mark.
    • Related to the uncertainty and promise around Project for the web, the Dataverse and the Power Platform offer a glimpse into a democratized future of work management tools but anything specific about that future has yet to solidify.

    Microsoft Project has 66% market share in the project management tool space. (Celoxis, 2018)

    A copy of MS project is sold or licensed every 20 seconds. (Integent, 2013)

    MS Project is evolving to meet new work management realities

    It also evolved to not meet the old project management realities.

    • The lines between traditional project management and operational task management solutions are blurring as organizations struggle to keep up with demands.
    • To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.
    • “Work management” is among the latest buzzwords in IT consulting. With Project for the web (PFTW), Azure Boards, and Planner, Microsoft is attempting to compete with lighter and better-adopted tools like Trello, Basecamp, Asana, Wrike, and Monday.com.
    • Buyers of project and work management software have struggled to understand how PFTW will still be usable if it gets the missing project management function from MS Project.

    Info-Tech Insight

    Beware of the Software Granularity Paradox.

    Common opinion 1: “Plans and estimates that are granular enough to be believable are too detailed to manage and maintain.”

    Common opinion 2: “Plans simple enough to publish aren’t detailed enough to produce believable estimates.”

    In other words, software simple enough to get widely adopted doesn’t produce believable plans. Software that can produce believable plans is too complex to use at scale.

    A viable task and project management option must walk the line between these dichotomies.

    M365 gives you the pieces, but it’s on PMO users to piece them together in a viable way

    With the new MS Project and M365, it’s on PMOs to avoid the granularity paradox and produce a functioning solution that fits with the organization’s ways of working.

    Common perception still sees Microsoft Project as a rich software tool. Thus, when we consider the next generation of Microsoft Project, it’s easy to expect a newer and friendlier version of what we knew before.

    In truth, the new solution is a collection of partially integrated but largely disparate tools that each satisfy a portion of the market’s needs. While it looks like a rich collection of function when viewed through high-level requirements, users will find:

    • Overlaps, where multiple tools satisfy the same functional requirement (e.g. “assign a task”)
    • Gaps, where a tool doesn’t quite do enough and you’re forced to incorporate another tool (e.g. reverting back to Microsoft Project for advanced resource planning)
    • Islands, where tools don’t fluently talk to each other (e.g. Planner data integrated in real-time with portfolio data, which requires clunky, unstable, decentralized end-user integrations with Microsoft Power Automate)
    A colourful arrangement of Microsoft programs arranged around a pile of puzzle pieces.

    Info-Tech's approach

    Use our framework to best leverage the right MS Project offerings and M365 components for your organization’s work management needs.

    The Info-Tech difference:

    1. A simple to follow framework to help you make sense of a chaotic landscape.
    2. Practical and tactical tools that will help you save time.
    3. Leverage industry best practices and practitioner-based insights.
    An Info-Tech framework titled 'Determine the Future of Microsoft Project in Your Organization, subtitle 'View your task, project, and portfolio management options through the lens of Microsoft 365'. There are four main sections titled 'Background', 'Approaches', 'Deployments', and 'Portfolio Outcomes'. In '1) Background' are 'Analyze Content', 'Assess Constraints', and 'Determine Goals and Needs'. In '2) Approaches' are 'DIY: Are you ready to do it yourself?' 'Info-Tech: Can our analysts help?', and 'MS Gold Partner: Are you better off with a third party?'. In '3) Deployments' are five sections: 'Personal Task Management', Barriers to Portfolio Outcomes: Isolated to One Person. 'Team Task Management', Barriers to Portfolio Outcomes: Isolated to One Team. 'Project Portfolio Management', Barriers to Portfolio Outcomes: Isolated to One Project. 'Project Management', Barriers to Portfolio Outcomes: Functionally Incomplete. 'Enterprise Project and Portfolio Management', Barriers to Portfolio Outcomes: Underadopted. In '4) Portfolio Outcomes' are 'Informed Steering Committee', 'Increased Project Throughput', 'Improved Portfolio Responsiveness', 'Optimized Resource Utilization', and 'Reduced Monetary Waste'.

    Determine the Future of Microsoft Project in Your Organization

    View your task, project, and portfolio management options through the lens of Microsoft 365.

    1. Background

    • Analyze Content
    • Assess Constraints
    • Determine Goals and Needs

    2. Approaches

    • DIY – Are you ready to do it yourself?
    • Info-Tech – Can our analysts help?
    • MS Gold Partner – Are you better off with a third party?

    3. Deployments

      Task Management

    • Personal Task Management
      • Who does it? Knowledge workers
      • What is it? To-do lists
      • Common Approaches
        • Paper list and sticky notes
        • Light task tools
      • Applications
        • Planner
        • To Do
      • Level of Rigor 1/5
      • Barriers to Portfolio Outcomes: Isolated to One Person
    • Team Task Management
      • Who does it? Groups of knowledge workers
      • What is it? Collaborative to-do lists
      • Common Approaches
        • Kanban boards
        • Spreadsheets
        • Light task tools
      • Applications
        • Planner
        • Azure Boards
        • Teams
      • Level of Rigor 2/5
      • Barriers to Portfolio Outcomes: Isolated to One Team
    • Project Management

    • Project Portfolio Management
      • Who does it? PMO Directors, Portfolio Managers
      • What is it?
        • Centralized list of projects
        • Request and intake handling
        • Aggregating reporting
      • Common Approaches
        • Spreadsheets
        • PPM software
        • Roadmaps
      • Applications
        • Project for the Web
        • Power Platform
      • Level of Rigor 3/5
      • Barriers to Portfolio Outcomes: Isolated to One Project
    • Project Management
      • Who does it? Project Managers
      • What is it? Deterministic scheduling of related tasks
      • Common Approaches
        • Spreadsheets
        • Lists
        • PM software
        • PPM software
      • Applications
        • Project Desktop Client
      • Level of Rigor 4/5
      • Barriers to Portfolio Outcomes: Functionally Incomplete
    • Enterprise Project and Portfolio Management

    • Enterprise Project and Portfolio Management
      • Who does it? PMO and ePMO Directors, Portfolio Managers, Project Managers
      • What is it?
        • Centralized request and intake handling
        • Resource capacity management
        • Deterministic scheduling of related tasks
      • Common Approaches
        • PPM software
      • Applications
        • Project Online
        • Project Desktop Client
        • Project Server
      • Level of Rigor 5/5
      • Barriers to Portfolio Outcomes: Underadopted

    4. Portfolio Outcomes

    • Informed Steering Committee
    • Increased Project Throughput
    • Improved Portfolio Responsiveness
    • Optimized Resource Utilization
    • Reduced Monetary Waste

    Info-Tech's methodology for Determine the Future of MS Project for Your Organization

    1. Determine Your Tool Needs

    2. Weigh Your MS Project Implementation Options

    3. Finalize Your Implementation Approach

    Phase Steps

    1. Survey the M365 Work Management Tools
    2. Perform a Process Maturity Assessment to Help Inform Your M365 Starting Point
    3. Consider the Right MS Project Licenses for Your Stakeholders
    1. Get Familiar With Extending Project for the Web Using Power Apps
    2. Assess the MS Gold Partner Community
    1. Prepare an Action Plan

    Phase Outcomes

    1. Work Management Tool Audit
    2. MS Project and Power Platform Licensing Needs
    3. Project Management and Project Portfolio Management Maturity Assessment
    1. Project for the Web Readiness Assessment
    2. MS Gold Partner Outreach Plan
    1. MS Project and M365 Action Plan Presentation

    Insight Summary

    Overarching blueprint insight: Microsoft Parts Sold Separately. Assembly required.

    The various MS Project offerings (but most notably the latest, Project for the web) hold the promise of integrating with the rest of M365 into a unified work management solution. However, out of the box, Project for the web and the various platforms within M365 are all disparate utilities that need to be pieced together in a purpose-built manner to make use of them for holistic work management purposes.

    If you’re looking for a cohesive product out of the box, look elsewhere. If you’re looking to assemble a wide array of work, project, and portfolio management functions across different functions and departments, you may have found what you seek

    Phase 1 insight: Align your tool choice to your process maturity level.

    Rather than choosing tools based on your gaps, make sure to assess your current maturity level so that you optimize your investment in the Microsoft landscape.

    Phase 2 insight: Weigh your options before jumping into Microsoft’s new tech.

    Microsoft’s new Project plans (P1, P3, and P5) suggest there is a meaningful connection out of the box between its old tech (Project desktop, Project Server, and Project Online) and its new tech (Project for the web).

    However, the offerings are not always interoperable.

    Phase 3 insight: Keep the iterations small as you move ahead with trials and implementations.

    Organizations are changing as fast as the software we use to run them.

    If you’re implementing parts of this platform, keep the changes small as you monitor the vendors for new software versions and integrations.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable: Microsoft Project & M365 Action Plan Template

    The Action Plan will help culminate and present:

    • Context and Constraints
    • DIY Implementation Approach
    Or
    • MS Partner Implementation Approach
    • Future-State Vision and Goals
    Samples of Info-Tech's key deliverable 'Microsoft Project and M365 Action Plan Template'.

    Tool Audit Workbook

    Sample of Info-Tech deliverable 'Tool Audit Workbook'.

    Assess your organization's current work management tool landscape and determine what tools drive value for individual users and teams and which ones can be rationalized.

    Force Field Analysis

    Sample of Info-Tech deliverable 'Force Field Analysis'.

    Document the driving and resisting forces for making a change to your work management tools.

    Maturity Assessments

    Sample of Info-Tech deliverable 'Maturity Assessments'.

    Use these assessments to identify gaps in project management and project portfolio management processes. The results will help guide process improvement efforts and measure success and progress.

    Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech deliverable 'Microsoft Project and M365 Licensing Tool'.

    Determine the best licensing options and approaches for your implementation of Microsoft Project.

    Curate your work management tools to harness valuable portfolio outcomes

    • Increase Project Throughput

      Do more projects by ensuring the right projects and the right amount of projects are approved and executed.
    • Support an Informed Steering Committee

      Easily compare progress of projects across the portfolio and enable the leadership team to make decisions.
    • Improve portfolio responsiveness

      Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Optimize Resource Utilization

      Assign the right resources to approved projects and minimize the chronic over-allocation of resources that leads to burnout.
    • Reduce Monetary Waste

      Terminate low-value projects early and avoid sinking additional funds into unsuccessful ventures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 3 to 4 months.

      Introduction

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Phase 1

    • Call #2: Explore the M365 work management landscape.
    • Call #3: Discuss Microsoft Project Plans and their capabilities.
    • Call #4: Assess current-state maturity.
    • Phase 2

    • Call #5: Get familiar with extending Project for the web using Power Apps.
    • Call #6: Assess the MS Gold Partner Community.
    • Phase 3

    • Call #7: Determine approach and deployment.
    • Call #8: Discuss action plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1
    Assess Driving Forces and Risks

    Day 2
    Determine Tool Needs and Process Maturity

    Day 3
    Weigh Your Implementation Options

    Day 4
    Finalize Implementation Approach

    Day 5
    Next Steps and Wrap-Up (offsite)

    Activities

    • 1.1 Review the business context.
    • 1.2 Explore the M365 work management landscape.
    • 1.3 Identify driving forces for change.
    • 1.4 Analyze potential risks.
    • 1.5 Perform current-state analysis on work management tools.
    • 2.1 Review tool audit dashboard and conduct the final audit.
    • 2.2 Identify current Microsoft licensing.
    • 2.3 Assess current-state maturity for project management.
    • 2.4 Define target state for project management.
    • 2.5 Assess current-state maturity for project portfolio management.
    • 2.6 Define target state for project portfolio management.
    • 3.1 Prepare a needs assessment for Microsoft 365 and Project Plan licenses.
    • 3.2 Review the business case for Microsoft licensing.
    • 3.3 Get familiar with Project for the web.
    • 3.4 Assess the MS Gold Partner Community.
    • 3.5 Conduct a feasibility test for PFTW.
    • 4.1 Decide on the implementation approach.
    • 4.2 Identify the audience for your proposal.
    • 4.3 Determine timeline and assign accountabilities.
    • 4.4 Develop executive summary presentation.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Force Field Analysis
    2. Tool Audit Workbook
    1. Tool Audit Workbook
    2. Project Management Maturity Assessment
    3. Portfolio Management Maturity Assessment
    1. Microsoft Project and M365 Licensing Tool
    1. Microsoft Project & M365 Action Plan
    1. Microsoft Project & M365 Action Plan

    Determine the Future of Microsoft Project for Your Organization

    Phase 1: Determine Your Tool Needs

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Explore the Microsoft Project Plans and their capabilities
    • Step 1.3: Assess the maturity of your current PM & PPM capabilities
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • Tool Audit
    • Microsoft Project Licensing Analysis
    • Project Management Maturity Assessment
    • Project Portfolio Management Maturity Assessments

    Step 1.1

    Survey the M365 Work Management Landscape

    Activities

    • 1.1.1 Distinguish between task, project, and portfolio capabilities
    • 1.1.2 Review Microsoft’s offering for task, project, and portfolio management needs
    • 1.1.4 Assess your organizational context and constraints
    • 1.1.3 Explore typical deployment options

    This step will walk you through the following activities:

    • Assessing your organization’s context for project and project portfolio management
    • Documenting the organization’s constraints
    • Establishing the organization’s goals and needs

    This step involves the following participants:

    • PMO Director
    • Resource Managers
    • Project Managers
    • Knowledge Workers

    Outcomes of Step

    • Knowledge of the Microsoft ecosystem as it relates to task, project, and portfolio management
    • Current organizational context and constraints

    Don’t underestimate the value of interoperability

    The whole Microsoft suite is worth more than the sum of its parts … if you know how to put it together.

    38% of the worldwide office suite market belongs to Microsoft. (Source: Statistica, 2021)

    1 in 3 small to mid-sized organizations moving to Microsoft Project say they are doing so because it integrates well with Office 365. (Source: CBT Nuggets, 2018)

    There’s a gravity to the Microsoft ecosystem.

    And while there is no argument that there are standalone task management tools, project management tools, or portfolio management tools that are likely more robust, feature-rich, and easier to adopt, it’s rare that you find an ecosystem that can do it all, to an acceptable level.

    That is the value proposition of Microsoft: the ubiquity, familiarity, and versatility. It’s the Swiss army knife of software products.

    The work management landscape is evolving

    With M365, Microsoft is angling to become the industry leader, and your organization’s hub, for work management.

    Workers lose up to 40% of their time multi-tasking and switching between applications. (Bluescape, 2018)

    25 Context switches – On average, workers switch between 10 apps, 25 times a day. (Asana, 2021)

    “Work management” is among the latest buzzwords in IT consulting.

    What is work management? It was born of a blurring of the traditional lines between operational or day-to-day tasks and project management tasks, as organizations struggle to keep up with both operational and project demands.

    To make the software easier to use, modern work management doesn’t involve the complexities from days past. You won’t find anywhere to introduce complex predecessor-successor relationships, unbalanced assignments with front-loading or back-loading, early-start/late-finish, critical path, etc.

    Indeed, with Project for the web, Azure Boards, Planner, and other M365 utilities, Microsoft is attempting to compete with lighter and better-adopted tools (e.g. Trello, Wike, Monday.com).

    The Microsoft world of work management can be understood across three broad categories

    1. Task Management

      Task management is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.
    2. Project Management

      Project management (PM) is a methodical approach to planning and guiding project processes from start to finish. Implementing PM processes helps establish repeatable steps and controls that enable project success. Documentation of PM processes leads to consistent results and dependable delivery on expectations.
    3. Portfolio Management

      Project portfolio management (PPM) is a strategic approach to approving, prioritizing, resourcing, and reporting on project. In addition, effective PPM should nurture the completion of projects in the portfolio in the most efficient way and track the extent to which the organization is realizing the intended benefits from completed projects.

    The slides ahead explain each of these modes of working in the Microsoft ecosystem in turn. Further, Info-Tech’s Task, Project, and Project Portfolio Management Tool Guides explain these areas in more detail.

    Use Info-Tech’s Tool Guides assess your MS Project and M365 work management options

    Lean on Info-Tech’s Tool Guides as you navigate Microsoft’s tasks management, project management, and project portfolio management options.

    • The slides ahead take you through a bird’s-eye view of what your MS Project and M365 work management options look like across Info-Tech’s three broad categories
    • In addition to these slides, Info-Tech has three in-depth tool guides that take you through your operational task management, project management, and project portfolio management options in MS Project and M365.
    • These tool guides can be leveraged as you determine whether Microsoft has the required toolset for your organization’s task, project, and project portfolio management needs.

    Download Info-Tech’s Task Management, Project Management, and Project Portfolio Management Tool Guides

    Task Management Overview

    What is task management?

    • It is essentially the same as keeping track of a to-do list. While you can have a project-related task, you can also have a non-project-related task. The sum of project and non-project tasks make up the work that you need to complete.

    What are the benefits of task management using applications within the MS suite?

    • Many organizations already own the tools and don't have to go out and buy something separately.
    • There is easy integration with other MS applications.

    What is personal task management?

    • Tools that allow you to structure work that is visible only to you. This can include work from tasks you are going to be completing for yourself and tasks you are completing as part of a larger work effort.

    What is team task management?

    • Tools that allow users to structure work that is visible to a group. When something is moved or changed, it affects what the group is seeing because it is a shared platform.

    Get familiar with the Microsoft product offerings for task management

    A diagram of Microsoft products and what they can help accomplish. It starts on the right with 'Teams' and 'Outlook'. Both can flow through to 'Personal Task Management' with products 'Teams Tasks' and 'To-Do', but Teams also flows into 'Team Task Management' with products 'Planner' and 'Project for the web'. See the next two slides for more details on these modes of working.

    Download the M365 Task Management Tool Guide

    Personal Task Management

    The To-Do list

    • Who does it?
      • Knowledge workers
    • What is it?
      • How each knowledge worker organizes their individual work tasks in M365
    • When is it done?
      • As needed throughout the day
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • DIY and self-developed
      • Usually not repeatable and evolves depending on work location and tools available
      • Not governed

    Microsoft differentiator:

    Utilities like Planner and To-Do make it easier to turn what are often ad hoc approaches into a more repeatable process.

    Team Task Management

    The SharedTo-Do list

    • Who does it?
      • Groups of knowledge workers
    • What is it?
      • Temporary and permanent collections of knowledge workers
    • When is it done?
      • As needed or on a pre-determined cadence
    • Where is it done?
      • Paper
      • Digital location
    • How is it done?
      • User norms are established organically and adapted based upon the needs of the team.
      • To whatever extent processes are repeatable in the first place, they remain repeatable only if the team is a collective.
      • Usually governed within the team and not subject to wider visibility.

    Microsoft differentiator:

    Teams has opened personal task management tactics up to more collaborative approaches.

    Project Management Overview

    2003

    Project Server: This product serves many large enterprise clients, but Microsoft has stated that it is at end of life. It is appealing to industries and organizations where privacy is paramount. This is an on-premises system that combines servers like SharePoint, SQL, and BI to report on information from Project Desktop Client. To realize the value of this product, there must be adoption across the organization and engagement at the project-task level for all projects within the portfolio.

    2013

    Project Online: This product serves many medium enterprise clients. It is appealing for IT departments who want to get a rich set of features that can be used to intake projects, assign resources, and report on project portfolio health. It is a cloud solution built on the SharePoint platform, which provides many users a sense of familiarity. However, due to the bottom-up reporting nature of this product, again, adoption across the organization and engagement at the project task level for all projects within the portfolio is critical.

    2020

    Project for the web: This product is the newest on the market and is quickly being evolved. Many O365 enthusiasts have been early adopters of Project for the web despite its limited features when compared to Project Online. It is also a cloud solution that encourages citizen developers by being built on the MS Power Platform. This positions the product well to integrate with Power BI, Power Automate, and Power Apps. It is, so far, the only MS product that lends itself to abstracted portfolio management, which means it doesn’t rely on project task level engagement to produce portfolio reports. The portfolio can also run with a mixed methodology by funneling Project, Azure Boards, and Planner boards into its roadmap function.

    Get familiar with the Microsoft product offerings for project management

    A diagram of Microsoft products and what they can help accomplish in Personal and Team Project Management. Products listed include 'Project Desktop Client', 'Project Online', 'SharePoint', 'Power Platform', 'Azure DevOps', 'Project for the web', Project Roadmap', 'Project Home', and 'Project Server'. See the next slide for more details on personal and team project management as modes of working.

    Download the M365 Project Management Tool Guide

    Project Management

    Orchestrating the delivery of project work

    • Who does it?
      • Project managers
    • What is it?
      • Individual project managers developing project plans and schedules in the MS Project Desktop Client
    • When is it done?
      • Throughout the lifecycle of the project
    • Where is it done?
      • Digital location
    • How is it done?
      • Used by individual project managers to develop and manage project plans.
      • Common approaches may or may not involve reconciliation of resource capacity through integration with Active Directory.
      • Sometimes usage norms are established by organizational project management governance standards, though individual use of the desktop client is largely ungoverned.

    Microsoft differentiator:

    For better or worse, Microsoft’s core solution is veritably synonymous with project management itself and has formally contributed to the definition of the project management space.

    Project Portfolio Management Overview

    Optimize what you’re already using and get familiar with the Power Platform.

    What does PPM look like within M365?

    • The Office suite in the Microsoft 365 suite boasts the world’s most widely used application for the purposes of abstracted and strategic PPM: Excel. For the purposes of PPM, Excel is largely implemented in a suboptimal fashion, and as a result, organizations fail to gain PPM adoption and maturation through its use.
    • Until very recently, Microsoft toolset did not explicitly address abstracted PPM needs.
    • However, with the latest version of M365 and Project for the web, Microsoft is boasting of renewed PPM capabilities from its toolset. These capabilities are largely facilitated through what Microsoft is calling its Power Platform (i.e. a suite of products that includes Power, Power Apps, and Power Automate).

    Explore the Microsoft product offering for abstracted project portfolio management

    A diagram of Microsoft products for 'Adaptive or Abstracted Portfolio Management'. Products listed include 'Excel', 'MS Lists', 'Forms', 'Teams', and the 'Power Platform' products 'Power BI', 'Power Apps', and 'Power Automate'. See the next slide for more details on adaptive or abstracted portfolio management as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Project Portfolio Management

    Doing the right projects, at the right time, with the right resources

    • Who does it?
      • PMO directors; portfolio managers
    • What is it?
      A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool, either homegrown or commercial
    • How is it done?
      • Currently in M365, PPM approaches are largely self-developed, though Microsoft Gold Partners are commonly involved.
      • User norms are still evolving, along with the software’s (Project for the web) function.

    Microsoft differentiator:

    Integration between Project for the web and Power Apps allows for custom approaches.

    Project Portfolio Management Overview

    Microsoft’s legacy project management toolset has contributed to the definition of traditional or enterprise PPM space.

    A robust and intensive bottom-up approach that requires task level roll-ups from projects to inform portfolio level data. For this model to work, reconciliation of individual resource capacity must be universal and perpetually current.

    If your organization has low or no maturity with PPM, this approach will be tough to make successful.

    In fact, most organizations under adopt the tools required to effectively operate with the traditional project portfolio management. Once adopted and operationalized, this combination of tools gives the executives the most precise view of the current state of projects within the portfolio.

    Explore the Microsoft product offering for enterprise project portfolio management

    A diagram of Microsoft products for 'Enterprise or Traditional Portfolio Management'. Products listed include 'Project Desktop Client', 'SharePoint', 'Project Online', 'Azure DevOps', 'Project Roadmaps', and 'Project Home'. See the next slide for more details on this as a mode of working.

    Download the M365 Project Portfolio Management Tool Guide

    Enterprise Project and Portfolio Management

    Bottom-up approach to managing the project portfolio

    • Who does it?
      • PMO and ePMO directors; portfolio managers
      • Project managers
    • What is it?
      • A strategic approach to approving, prioritizing, resourcing, and reporting on projects using applications in M365 and Project for the web. In distinction to enterprise PPM, a top-down or abstracted approach is applied, meaning PPM data is not tied to project task details.
    • Where is it done?
      • Digital tool that is usually commercial.
    • How is it done?
      • Microsoft Gold Partner involvement is highly likely in successful implementations.
      • Usage norms are long established and customized solutions are prevalent.
      • To be successful, use must be highly governed.
      • Reconciliation of individual resource capacity must be universal and perpetually current.

    Microsoft differentiator:

    Microsoft’s established network of Gold Partners helps to make this deployment a viable option.

    Assess your current tool ecosystem across work management categories

    Use Info-Tech’s Tool Audit Workbook to assess the value and satisfaction for the work management tools currently in use.

    • With the modes of working in mind that have been addressed in the previous slides and in Info-Tech’s Tool Guides, the activity slides ahead encourage you to engage your wider organization to determine all of the ways of working across individuals and teams.
    • Depending on the scope of your work management optimization, these engagements may be limited to IT or may extend to the business.
    • Use Info-Tech’s Tool Audit Workbook to help you gather and make sense of the tool data you collect. The result of this activity is to gain insight into the tools that drive value and fail to drive value across your work management categories with a view to streamline the organization’s tool ecosystem.

    Download Info-Tech’s Tool Audit Workbook

    Sample of Info-Tech's Tool Audit Workbook.

    1.2.1 Compile list of tools

    1-3 hours

    Input: Information on tools used to complete task, project, and portfolio tasks

    Output: Analyzed list of tools

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, Business Stakeholders

    1. Identify the stakeholder groups that are in scope. For each group that you’ve identified, brainstorm the different tools and artifacts that are necessary to get the task, project, and project portfolio management functions done.
    2. Make sure to record the tool name and specify its category (standard document, artifact, homegrown solution, or commercial solution).
    3. Think about and discuss how often the tool is being used for each use case across the organization. Document whether its use is required. Then assess reporting functionality, data accuracy, and cost.
    4. Lastly, give a satisfaction rating for each use case.

    Excerpt from the Tool Audit Workbook

    Excerpt from Info-Tech's Tool Audit Workbook on compiling tools.

    1.2.1 Review dashboard

    1-3 hours

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    Discuss the outputs of the Dashboards tab to inform your decision maker on whether to pass or fail the tool for each use case.

    Sample of a BI dashboard used to evaluate the usefulness of tools. Written notes include: 'Slice the data based on stakeholder group, tool, use case, and category', and 'Review the results of the questionnaire by comparing cost and satisfaction'.

    1.2.1 Execute final audit

    1 hour

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Prioritized list of PPM decision-making support needs

    Materials: Whiteboard/Flip Charts, Tool Audit Workbook

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, CIO

    1. Using the information available, schedule time with the leadership team to present the results.
    2. Identify the accountable party to make the final decision on what current tools pass or fail the final audit.
    3. Mind the gap presented by the failed tools and look to possibilities within the M365 and Microsoft Project suite. For each tool that is deemed unsatisfactory for the future state, mark it as “Fail” in column O on tab 2 of the Tool Audit Workbook. This will ensure the item shows in the “Fail” column on tab 4 of the tool when you refresh the data.
    4. For each of the tools that “fail” your audit and that you’re going to make recommendations to rationalize in a future state, try to capture the annual total current-state spending on licenses, and the work modes the tool currently supports (i.e. task, project, and/or portfolio management).
    5. Additionally, start to think about future-state replacements for each tool within or outside of the M365/MS Project platforms. As we move forward to finalize your action plan in the last phase of this blueprint, we will capture and present this information to key stakeholders.

    Document your goals, needs, and constraints before proceeding

    Use Info-Tech’s Force Field Analysis Tool to help weigh goals and needs against risks and constraints associated with a work management change.

    • Now that you have discussed the organization’s ways of working and assessed its tool landscape – and made some initial decisions on some tool options that might need to change across that landscape – gather key stakeholders to define (a) why a change is needed at this time and (b) to document some of the risks and constraints associated with changing.
    • Info-Tech’s Force Field Analysis Tool can be used to capture these data points. It takes an organizational change management approach and asks you to consider the positive and negative forces associated with a work management tool change at this time.
    • The slides ahead walk you through a force field analysis activity and help you to navigate the relevant tabs in the Tool.

    Download Info-Tech's Force Field Analysis Tool

    Sample of Info-Tech's Force Field Analysis Tool.

    1.2.1 Identify goals and needs (1 of 2)

    Use tab 1 of the Force Field Analysis Workbook to assess goals and needs.

    30 minutes

    Input: Opportunities associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted opportunities based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. Brainstorm opportunities associated with exploring and/or implementing Microsoft Project and the Microsoft 365 suite of products for task, project, and project portfolio management.
    2. Document relevant opportunities in tab 1 of the Force Field Analysis Tool. For each driving force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the driving force is a concern (i.e. with this force is the organization looking to mature, integrate, scape, or accelerate?).
    3. In addition, assess the ease of achieving or realizing each goal or need and the impact of realizing them on the PMO and/or the organization.
    4. See the next slide for a screenshot that helps you navigate tab 1 of the Tool.

    Download the Force Field Analysis Tool

    1.2.1 Identify goals and needs (2 of 2)

    Screenshot of tab 1 of the Force Field Analysis Workbook.

    Screenshot of tab 1 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Opportunities', 'Category', 'Source', 'Ease of Achieving', and 'Impact on PMO/Organization'.

    In column B on tab 1, note the specific opportunities the group would like to call out.

    In column C, categorize the goal or need being articulated by the list of drop-down options: will it accelerate the time to benefit? Will it help to integrate systems and data sources? Will it mature processes and the organization overall? Will it help to scale across the organization? Choose the option that best aligns with the opportunity.

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the ease of realizing each goal or need for the organization. Will it be relatively easy to manifest or will there be complexities to implementing it?

    In column F, use the drop-down menus to indicate the positive impact of realizing or achieving each need on the PMO and/or the organization.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 1 are summarized in graphical form from columns B to G. On tab 3, these goals and needs results are contrasted with your inputs on tab 2 (see next slide).

    1.2.2 Identify risk and constraints (1 of 2)

    Use tab 2 of the Force Field Analysis Workbook to assess opposing forces to change.

    30 minutes

    Input: Risks associated with determining the use case for Microsoft Project and M365 in your organization

    Output: Plotted risks based on probability and impact

    Materials: Whiteboard/Flip Charts, Force Field Analysis Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. With the same working group from 1.2.1, brainstorm risks, constraints, and other opposing forces pertaining to your potential future state.
    2. Document relevant opposing forces in tab 2 of the Force Field Analysis Tool. For each opposing force for the change (note: a driving force can include goals and needs) that is identified, provide a category that explains why the opposing force is a concern (i.e. will it impact or is it impacted by time, resources, maturity, budget, or culture?).
    3. In addition, assess the likelihood of the risk or constraint coming to light and the negative impact of it coming to light for your proposed change.
    4. See the next slide for a screenshot that helps you navigate tab 2 of the Force Field Analysis Tool.

    Download the Force Field Analysis Tool

    1.2.2 Identify risk and constraints (2 of 2)

    Screenshot of tab 2 of the Force Field Analysis Workbook.

    Screenshot of tab 2 of the Force Field Analysis Workbook. There are five columns referred to as columns B through F with the headings 'Risks and Constraints', 'Category', 'Source', 'Likelihood of Constraint/Risk/Resisting Force Being Felt', and 'Impact to Derailing Goals and Needs'.

    In column B on tab 2, note the specific risks and constraints the group would like to call out.

    In column C, categorize the risk or constraint being articulated by the list of drop-down options: will it impact or is it impacted by time, resources, budget, culture or maturity?

    In column D, categorize the source of the goal or need as internal or external.

    In column E, use the drop-down menus to indicate the likelihood of each risk or constraint materializing during your implementation. Will it definitely occur or is there just a small chance it could come to light?

    In column F, use the drop-down menus to indicate the negative impact of the risk or constraint to achieving your goals and needs.

    On tab 3 of the Force Field Analysis Workbook, your inputs on tab 2 are summarized in graphical form from columns I to N. On tab 3, your risk and constraint results are contrasted with your inputs on tab 1 to help you gauge the relative weight of driving vs. opposing forces.

    Step 1.2

    Explore the Microsoft Project Plans and their capabilities

    Activities

    • 1.1.1 Review the Microsoft 365 licensing features
    • 1.1.2 Explore the Microsoft Project Plan licenses
    • 1.1.3 Prepare a needs assessment for Microsoft 365 and Project Plan licenses

    This step will walk you through the following activities:

    • Review the suite of task management, project management, and project portfolio management options available in Microsoft 365.
    • Prepare a preliminary checklist of required M365 apps for your stakeholders.

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Preliminary requirements for an M365 project management and project portfolio management tool implementation

    Microsoft recently revamped its project plans to balance its old and new tech

    Access to the new tech, Project for the web, comes with all license types, while Project Online Professional and Premium licenses have been revamped as P3 and P5.

    Navigating Microsoft licensing is never easy, and Project for the web has further complicated licensing needs for project professionals.

    As we’ll cover in step 2.1 of this blueprint, Project for the web can be extended beyond its base lightweight work management functionality using the Power Platform (Power Apps, Power Automate, and Power BI). Depending on the scope of your implementation, this can require additional Power Platform licensing.

    • In this step, we will help you understand the basics of what’s already included in your enterprise M365 licensing as well as what’s new in Microsoft’s recent Project licensing plans (P1, P3, and P5).
    • As we cover toward the end of this step, you can use Info-Tech’s MS Project and M365 Licensing Tool to help you understand your plan and licensing needs. Further assistance on licensing can be found in the Task, Project, and Portfolio Management Tool Guides that accompany this blueprint and Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era.

    Download Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era

    Licensing features for knowledge workers

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up-to-date information on licensing, visit the Microsoft website.

    Bundles are extremely common and can be more cost effective than à la carte options for the Microsoft products.

    The biggest differentiator between M365 and O365 is that the M365 product also includes Windows 10 and Enterprise Mobility and Security.

    The color coding in the diagram indicates that the same platform/application suite is available.

    Platform or Application M365 E3 M365 E5 O365 E1 O365 E3 O365 E5
    Microsoft Forms X X X X X
    Microsoft Lists X X X X X
    OneDrive X X X X X
    Planner X X X X X
    Power Apps for Office 365 X X X X X
    Power Automate for Office X X X X X
    Power BI Pro X X
    Power Virtual Agents for Teams X X X X X
    SharePoint X X X X X
    Stream X X X X X
    Sway X X X X X
    Teams X X X X X
    To Do X X X X X

    Get familiar with Microsoft Project Plan 1

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • New project managers
    • Zero-allocation project managers
    • Individuals and organizations who want to move out of Excel into something less fragile (easily breaking formulas)

    What does it include?

    • Access to Project Home, a landing page to access all project plans you’ve created or have been assigned to.
    • Access to Grid View, Board View, and Timeline (Gantt) View to plan and manage your projects with Project for the web
    • Sharing Project for the web plans across Microsoft Teams channels
    • Co-authoring on project plans

    When does it make sense?

    • Lightweight project management
    • No process to use bottom-up approach for resourcing data
    • Critical-path analysis is not required
    • Organization does not have an appetite for project management rigor

    Get familiar with Microsoft Project Plan 3

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Organizations with complex projects
    • Large project teams are required to complete project work
    • Organizations have experience using project management software

    What does it include?

    Everything in Project Plan 1 plus the following:

    • Reporting through Power BI Report template apps (note that there are no pre-built reports for Project for the web)
    • Access to build a Roadmap of projects from Project for the web and Azure DevOps with key milestones, statuses, and deadlines
    • Project Online to submit and track timesheets for project teams
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is an established discipline at the organization
    • Critical-path analysis is commonly used
    • Organization has some appetite for project management rigor
    • Resources are expected to submit timesheets to allow for more precise resource management data

    Get familiar with Microsoft Project Plan 5

    Please note that licensing packages are frequently subject to change. This is up to date as of August 2021. For the most up to date information on licensing, visit the Microsoft website.

    Who is a good fit?

    • Experienced and dedicated project managers
    • Experienced and dedicated PMO directors
    • Dedicated portfolio managers
    • Organizations proficient at sustaining data in a standard tool

    What does it include?

    Everything in Project Plan 3 plus the following:

    • Portfolio selection and optimization
    • Demand management
    • Enterprise resource planning and management through deterministic task and resource scheduling
    • MS Project Desktop Client to support resource management

    When does it make sense?

    • Project management is a key success factor at the organization
    • Organization employs a bottom-up approach for resourcing data
    • Critical-path analysis is required
    • Formal project portfolio management processes are well established
    • The organization is willing to either put in the time, energy, and resources to learn to configure the system through DIY or is willing to leverage a Microsoft Partner to help them do so

    What’s included in each plan (1 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Project Home Essentially a landing page that allows you to access all the project plans you've created or that you're assigned to. It amalgamates plans created in Project for the web, the Project for the web app in Power Apps, and Project Online. X X X
    Grid view One of three options in which to create your project plans in Project for the web (board view and timeline view are the other options). You can switch back and forth between the options. X X X
    Board view One of three options in which to create your project plans in Project for the web (grid view and timeline view are the other options). You can switch back and forth between the options. X X X
    Timeline (Gantt) view One of three options in which to create your project plans in Project for the web (board view and grid view are the other options). You can switch back and forth between the options. X X X
    Collaboration and communication This references the ability to add Project for the web project plans to Teams channels. X X X
    Coauthoring Many people can have access to the same project plan and can update tasks. X X X
    Project planning and scheduling For this the marketing lingo says "includes familiar scheduling tools to assign project tasks to team members and use different views like Grid, Board, and Timeline (Gantt chart) to oversee the schedule." Unclear how this is different than the project plans in the three view options above. X X X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    What’s included in each plan (2 of 2)

    Plan details are up to date as of September 2021. Plans and pricing can change often. Visit the Microsoft website to validate plan options and get pricing details.
    MS Project Capabilities Info-Tech's Editorial Description P1 P3 P5
    Reporting This seems to reference Excel reports and the Power BI Report Template App, which can be used if you're using Project Online. There are no pre-built reports for Project for the web, but third-party Power Apps are available. O X X
    Roadmap Roadmap is a platform that allows you to take one or more projects from Project for the web and Azure DevOps and create an organizational roadmap. Once your projects are loaded into Roadmap you can perform additional customizations like color status reporting and adding key days and milestones. O X X
    Timesheet submission Project Online and Server 2013 and 2016 allow team members to submit timesheets if the functionality is required. O X X
    Resource management The rich MS Project client supports old school, deterministic project scheduling at the project level. O X X
    Desktop client The full desktop client comes with P3 and P5, where it acts as the rich editor for project plans. The software enjoys a multi-decade market dominance as a project management tool but was never paired with an enterprise collaboration server engine that enjoyed the same level of success. O X X
    Portfolio selection and optimization Portfolio selection and optimization has been offered as part of the enterprise project and portfolio suite for many years. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Demand Management Enterprise demand management is targeted at the most rigorous of project portfolio management practices. Most people taking advantage of this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X
    Enterprise resource planning and management The legacy MS Project Online/Server platform supports enterprise-wide resource capacity management through an old-school, deterministic task and resource scheduling engine, assuming scaled-out deployment of Active Directory. Most people succeeding with this capability have used a Microsoft Partner to formalize and operationalize the feature. O O X

    X - Functionality Included in Plan

    O - Functionality Not Included in Plan

    Use Info-Tech’s MS Project and M365 Licensing Tool

    Leverage the analysis in Info-Tech’s MS Project & M365 Licensing Tool to help inform your initial assumptions about what you need and how much to budget for it.

    • The Licensing Tool can help you determine what Project Plan licensing different user groups might need as well as additional Power Platform licensing that may be required.
    • It consists of four main tabs: two set-up tabs where you can validate the plan and pricing information for M365 and MS Project; an analysis tab where you set up your user groups and follow a survey to assess their Project Plan needs; and another analysis tab where you can document your Power Platform licensing needs across your user groups.
    • There is also a business case tab that breaks down your total licensing needs. The outputs of this tab can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Sample of Info-Tech's Microsoft Project and M365 Licensing Tool.

    1.2.1 Conduct a needs assessment

    1-2 hours

    Input: List of key user groups/profiles, Number of users and current licenses

    Output: List of Microsoft applications/capabilities included with each license, Analysis of user group needs for Microsoft Project Plan licenses

    Materials: Microsoft Project & 365 Licensing Tool

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    1. As a group, analyze the applications included in your current or desired 365 license and calculate any additional Power Platform licensing needs.
    2. Screenshot of the 'Application/Capabilities' screen from the 'Microsoft Project and M365 Licensing Tool'.
    3. Within the same group, use the drop-down menus to analyze your high-level MS Project requirements by selecting whether each capability is necessary or not.
    4. Your inputs to the needs assessment will determine the figures in the Business Case tab. Consider exporting this information to PDF or other format to distribute to stakeholders.
    5. Screenshot of the 'Business Case' tab from the 'Microsoft Project and M365 Licensing Tool'.

    Download Info-Tech's Microsoft Project & M365 Licensing Tool

    Step 1.3

    Assess the maturity of your current PM & PPM capabilities

    Activities

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step will walk you through the following activities:

    • Assess current state project and project portfolio management processes and tools
    • Determine target state project and project portfolio management processes and tools

    This step usually involves the following participants:

    • PMO/Portfolio Manager
    • Project Managers
    • CIO and other executive stakeholders
    • Other project portfolio stakeholders (project and IT workers)

    Outcomes of Step

    • Current and target state maturity for project management and project portfolio management processes

    Project portfolio management and project management are more than tools

    Implementing commercial tools without a matching level of process discipline is a futile exercise, leaving organizations frustrated at the wasted time and money.

    • The tool is only as good as the data that is input. There is often a misunderstanding that a tool will be “automatic.” While it is true that a tool can help make certain processes easier and more convenient by aggregating information, enhancing reporting, and coauthoring, it will not make up the data. If data becomes stale, the tool is no longer valid for accurate decision making.
    • Getting people onboard and establishing a clear process is often the hardest part. As IT folk, it can be easy to get wrapped up in the technology. All too often excitement around tools can drown out the important requisites around people and process. The reality is people and process are a necessary condition for a tool to be successful. Having a tool will not be sufficient to overcome obstacles like poor stakeholder buy-in, inadequate governance, and the absence of a standard operating procedure.

    • Slow is the way to go. When deciding what tools to purchase, start small and scale up rather than going all in and all too often ending up with many unused features and fees.

    "There's been a chicken-egg debate raging in the PPM world for decades: What comes first, the tool or the process? It seems reasonable to say, ‘We don't have a process now, so we'll just adopt the one in the tool.’ But you'll soon find out that the tool doesn't have a process, and you needed to do more planning and analysis before buying the tool." (Barry Cousins, Practice Lead, Project Portfolio Management)

    Assess your process maturity to determine the right tool approach

    Take the time to consider and reflect on the current and target state of the processes for project portfolio management and project management.

    Project Portfolio Management

    • Status and Progress Reporting
      1. Intake, Approval, and Prioritization

        PPM is the practice of selecting the right projects and ensuring the organization has the necessary resources to complete them. PPM should enable executive decision makers to make sense of the excess of demand and give IT the ability to prioritize those projects that are most valuable to the business.
      2. Resource Management

      3. Project Management

        1. Initiation
        2. Planning
        3. Execution
        4. Monitoring and Controlling
        5. Closing
        Tailor a project management framework to fit your organization. Formal methodologies aren’t always the best fit. Take what you can use from formal frameworks and define a right-sized approach to your project management processes.
      4. Project Closure

      5. Benefits Tracking

    Info-Tech’s maturity assessment tools can help you match your tools to your maturity level

    Use Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    • The next few slides in this step take you through using our maturity assessment tools to help gauge your current-state and target-state maturity levels for project management (PM) and project portfolio management (PPM).
    • In addition to the process maturity assessments, these workbooks also help you document current-state support tools and desired target-state tools.
    • The outputs of these workbooks can be used in your MS Project & M365 Action Plan Template, which we will help you develop in phase three of this blueprint.

    Download Info-Tech’s Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool

    Samples of Info-Tech's Project Portfolio Management Maturity Assessment Tool and Project Management Maturity Assessment Tool.

    Conduct a gap analysis survey for both project and project portfolio management.

    • Review the category and activity statements: For each gap analysis tab in the maturity assessments, use the comprehensive activity statements to identify gaps for the organization.
    • Assess the current state: To assess the current state, evaluate whether the statement should be labeled as:
      • Absent: There is no evidence of any activities supporting this process.
      • Initial: Activity is ad hoc and not well defined.
      • Defined: Activity is established and there is moderate adherence to its execution.
      • Repeatable: Activity is established, documented, repeatable, and integrated with other phases of the process.
      • Managed: Activity execution is tracked by gathering qualitative and quantitative feedback

    Once this is documented, take some time to describe the type of tool being used to do this (commercial, home-grown, standardized document) and provide additional details, where applicable.

    Define the target state: Repeat the assessment of activity statements for the target state. Then gauge the organizational impact and complexity of improving each capability on a scale of very low to very high.

    Excerpt from Info-Tech's Project Portfolio Management Maturity Assessment Tool, the 'PPM Current State Target State Maturity Assessment Survey'. It has five columns whose purpose is denoted in notes. Column 1 'Category within the respective discipline'; Column 2 'Statement to consider'; Column 3 'Select the appropriate answer for current and target state'; Column 4 'Define the tool type'; Column 5 'Provide addition detail about the tool'.

    Analyze survey results for project and project portfolio management maturity

    Take stock of the gap between current state and target state.

    • What process areas have the biggest gap between current and target state?
    • What areas are aligned across current and target state?

    Identify what areas are currently the least and most mature.

    • What process area causes the most pain in the organization?
    • What process area is the organization’s lowest priority?

    Note the overall current process maturity.

    • After having done this exercise, does the overall maturity come as a surprise?
    • If so, what are some of the areas that were previously overlooked?
    A table and bar graph documenting and analysis of maturity survey results. The table has four columns labelled 'Process Area', 'Current Process Completeness', 'Current Maturity Level', and 'Target State Maturity'. Rows headers in the 'Process Area' column are 'Intake, Approval, and Prioritization', 'Resource Management', 'Portfolio Reporting', 'Project Closure and Benefits Realization', 'Portfolio Administration', and finally 'Overall Maturity'. The 'Current Process Completeness' column's values are in percentages. The 'Current Maturity Level' and 'Target State Maturity' columns' values can be one of the following: 'Absent', 'Initial', 'Defined', 'Repeatable', or 'Managed'. The bar chart visualizes the levels of the 'Target State' and 'Current State' with 'Absent' from 0-20%, 'Initial' from 20-40%, 'Defined' from 40-60%, 'Repeatable' from 60-80%, and 'Managed' from 80-100%.
    • Identify process areas with low levels of maturity
    • Spot areas of inconsistency between current and target state.
    • Assess the overall gap to get a sense of the magnitude of the effort required to get to the target state.
    • 100% doesn’t need to be the goal. Set a goal that is sustainable and always consider the value to effort ratio.

    Screenshot your results and put them into the MS Project and M365 Action Plan Template.

    Review the tool overview and plan to address gaps (tabs 3 & 4)

    Tool Overview:

    Analyze the applications used to support your project management and project portfolio management processes.

    Look for:

    • Tools that help with processes across the entire PM or PPM lifecycle.
    • Tools that are only used for one specific process.

    Reflect on the overlap between process areas with pain points and the current tools being used to complete this process.

    Consider the sustainability of the target-state tool choice

    Screenshot of a 'Tool Overview' table. Chart titled 'Current-to-Target State Supporting Tools by PPM Activity' documenting the current and target states of different supporting tools by PPM Activity. Tools listed are 'N/A', 'Standardized Document', 'Homegrown Tool', and 'Commercial Tool'.

    You have the option to create an action plan for each of the areas of improvement coming out of your maturity assessment.

    This can include:

    • Tactical Optimization Action: What is the main action needed to improve capability?
    • Related Actions: Is there a cross-over with any actions for other capabilities?
    • Timeframe: Is this near-term, mid-term, or long-term?
    • Proposed Start Date
    • Proposed Go-Live Date
    • RACI: Who will be responsible, accountable, consulted, and informed?
    • Status: What is the status of this action item over time?

    Determine the Future of Microsoft Project for Your Organization

    Phase 2: Weigh Your Implementation Options

    Phase 1: Determine Your Tool Needs

    Phase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach
    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    • A decision on how best to proceed (or not proceed) with Project for the web
    • A Partner outreach plan

    Step 2.1

    Get familiar with extending Project for the web using Power Apps

    Activities

    • Get familiar with Project for the web: how it differs from Microsoft’s traditional project offerings and where it is going
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test

    This step will walk you through the following activities:

    • Get familiar with Project for the web
    • Understand the basics of how to extend Project for the web in Power Apps
    • Perform a feasibility test to determine if taking a DIY approach to extending Project for the web is right for your organization currently

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A decision on how best to proceed (or not proceed) with Project for the web

    Project for the web is the latest of Microsoft’s project management offerings

    What is Project for the web?

    • First introduced in 2019 as Project Service, Project for the web (PFTW) is Microsoft’s entry into the world of cloud-based work management and lightweight project management options.
    • Built on the Power Platform and leveraging the Dataverse for data storage, PFTW integrates with the many applications that M365 users are already employing in their day-to-day work management and collaboration activities.
    • It is available as a part of your M365 subscription with the minimum activation of P1 license – it comes with P3 and P5 licenses as well.
    • From a functionality and user experience perspective, PFTW is closer to applications like Planner or Azure Boards than it is to traditional MS Project options.

    What does it do?

    • PFTW allows for task and dependency tracking and basic timeline creation and scheduling and offers board and grid view options. It also allows real-time coauthoring of tasks among team members scheduled to the same project.
    • PFTW also comes with a product/functionality Microsoft calls Roadmap, which allows users to aggregate multiple project timelines into a single view for reporting purposes.

    What doesn't it do?

    • With PFTW, Microsoft is offering noticeably less traditional project management functionality than its existing solutions. Absent are table stakes project management capabilities like critical path, baselining, resource load balancing, etc.

    Who is it for?

    • Currently, in its base lightweight project management option, PFTW is targeted toward occasional or part-time project managers (not the PMP-certified set) tasked with overseeing and/or collaborating on small to mid-sized initiatives and projects.

    Put Project for the web in perspective

    Out of the box, PFTW occupies a liminal space when it comes to work management options

    • More than a task management tool, but not quite a full project management tool
    • Not exactly a portfolio management tool, yet some PPM reporting functionality is inherent in the PFTW through Roadmap

    The table to the right shows some of the functionality in PFTW in relation to the task management functionality of Planner and the enterprise project and portfolio management functionality of Project Online.

    Table 2.1a Planner Project for the web Project Online
    Coauthoring on Tasks X X
    Task Planning X X X
    Resource Assignments X X X
    Board Views X X X
    MS Teams Integration X X X
    Roadmap X X
    Table and Gantt Views X X
    Task Dependency Tracking X X
    Timesheets X
    Financial Planning X
    Risks and Issues Tracking X
    Program Management X
    Advanced Portfolio Management X

    Project for the web will eventually replace Project Online

    • As early as 2018 Microsoft has been foreshadowing a transition away from the SharePoint-backed Project environments of Server and Online toward something based in Common Data Service (CDS) – now rebranded as the Dataverse.
    • Indeed, as recently as the spring of 2021, at its Reimagine Project Management online event, Microsoft reiterated its plans to sunset Project Online and transition existing Online users to the new environment of Project for the web – though it provided no firm dates when this might occur.
      • The reason for this move away from Online appears to be an acknowledgment that the rigidity of the tool is awkward in our current dynamic, collaborative, and overhead-adverse work management paradigm.
      • To paraphrase a point made by George Bullock, Sr. Product Marketing Manager, for Microsoft at the Reimagine Project Management event, teams want to manage work as they see fit, but the rigidity of legacy solutions doesn’t allow for this, leading to a proliferation of tools and data sprawl. (This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    PFTW is Microsoft’s proposed future-state antidote to this challenge. Its success will depend on how well users are able to integrate the solution into a wider M365 work management setting.

    "We are committed to supporting our customers on Project Online and helping them transition to Project for the Web. No end-of-support has been set for Project Online, but when the time comes, we will communicate our plans on the transition path and give you plenty of advance notice." (Heather Heide, Program Manager, Microsoft Planner and Project. This comment was made during the “Overview of Microsoft Project” session during the Reimagine event.)

    Project for the web can be extended beyond its base lightweight functionality

    Project for the web can be extended to add more traditional and robust project and project portfolio management functionality using the Power Platform.

    Microsoft plans to sunset Project Online in favor of PFTW will at first be a head-scratcher for those familiar with the extensive PPM functionality in Project Online and underwhelmed by the project and portfolio management in PFTW.

    However, having built the solution upon the Power Platform, Microsoft has made it possible to take the base functionality in PFTW and extend it to create a more custom, organizationally specific user experience.

    • With a little taste of what can be done with PFTW by leveraging the Power Platform – and, in particular, Power Apps – it becomes more obvious how we, as users, can begin to evolve the base tool toward a more traditional PPM solution and how, in time, Microsoft’s developers may develop the next iteration of PFTW into something more closely resembling Project Online.

    Before users get too excited about using these tools to build a custom PPM approach, we should consider the time, effort, and skills required. The slides ahead will take you through a series of considerations to help you gauge whether your PMO is ready to go it alone in extending the solution.

    Extending the tool enhances functionality

    Table 2.1a in this step displayed the functionality in PFTW in relation to the task management tool Planner and the robust PPM functionality in Online.

    The table to the right shows how the functionality in PFTW can differ from the base solution and Project Online when it is extended using the model-driven app option in Power Apps.

    Caveat: The list of functionality and processes in this table is sample data.

    This functionality is not inherent in the solution as soon as you integrate with Power Apps. Rather it must be built – and your success in developing these functions will depend upon the time and skills you have available.

    Table 2.1b Project for the web PFTW extended with PowerApps Project Online
    Critical Path X
    Timesheets X
    Financial Planning X X
    Risks and Issues Tracking X X
    Program Management X
    Status Updates X
    Project Requests X
    Business Cases X
    Project Charters X
    Resource Planning and Capacity Management X X
    Project Change Requests X

    Get familiar with the basics of Power Apps before you decide to go it alone

    While the concept of being able to customize and grow a commercial PPM tool is enticing, the reality of low-code development and application maintenance may be too much for resource-constrained PMOs.

    Long story short: Extending PFTW in Power Apps is time consuming and can be frustrating for the novice to intermediate user.

    It can take days, even weeks, just to find your feet in Power Apps, let alone to determine requirements to start building out a custom model-driven app. The latter activity can entail creating custom columns and tables, determining relationships between tables to get required outputs, in addition to basic design activities.

    Time-strapped and resource-constrained practitioners should pause before committing to this deployment approach. To help better understand the commitment, the slides ahead cover the basics of extending PFTW in Power Apps:

    1. Dataverse environments.
    2. Navigating Power App Designer and Sitemap Designer
    3. Customizing tables and forms in the Dataverse

    See Info-Tech’s M365 Project Portfolio Management Tool Guide for more information on Power Apps in general.

    Get familiar with Power Apps licensing

    Power Apps for 365 comes with E1 through E5 M365 licenses (and F3 and F5 licenses), though additional functionality can be purchased if required.

    While extending Project for the web with Power Apps does not at this time, in normal deployments, require additional licensing from what is included in a E3 or E5 license, it is not out of the realm of possibility that a more complex deployment could incur costs not included in the Power Apps for 365 that comes with your enterprise agreement.

    The table to the right shows current additional licensing options.

    Power Apps, Per User, Per App Plan

    Per User Plan

    Cost: US$10 per user per app per month, with a daily Dataverse database capacity of 40 MB and a daily Power Platform request capacity of 1,000. Cost: US$40 per user per month, with a daily Dataverse database capacity of 250 MB and a daily Power Platform request capacity of 5,000.
    What's included? This option is marketed as the option that allows organizations to “get started with the platform at a lower entry point … [or those] that run only a few apps.” Users can run an application for a specific business case scenario with “the full capabilities of Power Apps” (meaning, we believe, that unlicensed users can still submit data via an app created by a licensed user). What's included? A per-user plan allows licensed users to run unlimited canvas apps and model-driven apps – portal apps, the licensing guide says, can be “provisioned by customers on demand.” Dataverse database limits (the 250 MB and 5,000 request capacity mentioned above) are pooled at the per tenant, not the per user plan license, capacity.

    For more on Power Apps licensing, refer to Info-Tech’s Modernize Your Microsoft Licensing for the Cloud Era for more information.

    What needs to be configured?

    Extending Project for the web requires working with your IT peers to get the right environments configured based upon your needs.

    • PFTW data is stored in the Microsoft Dataverse (formerly Common Data Service or CDS).
    • The organization’s Dataverse can be made up of one to many environments based upon its needs. Environments are individual databases with unique proprieties in terms of who can access them and what applications can store data in them.
    • Project for the web supports three different types of environments: default, production, and sandbox.
    • You can have multiple instances of a custom PFTW app deployed across these environments and across different users – and the environment you choose depends upon the use case of each instance.

    Types of Environments

    • Default Environment

      • It is the easiest to deploy and get started with the PFTW Power App in the default environment. However, it is also the most restricted environment with the least room for configuration.
      • Microsoft recommends this environment for simple deployments or for projects that span the organization. This is because everyone in the organization is by default a member of this environment – and, with the least room for configuration, the app is relatively straightforward.
      • At minimum, you need one project license to deploy PFTW in the default environment.
    • Production Environment

      • This environment affords more flexibility for how a custom app can be configured and deployed. Unlike the default environment, deploying a production environment is a manual process (through the Power Platform Admin Center) and security roles need to be set to limit users who can access the environment.
      • Because users can be limited, production environments can be used to support more advanced deployments and can support diverse processes for different teams.
      • At present, you need at least five Project licenses to deploy to production environments.
    • Sandbox Environment

      • This environment is for users who are responsible for the creation of custom apps. It offers the same functionality as a production environment but allows users to make changes without jeopardizing a production environment.

    Resources to provide your IT colleagues with to help in your PFTW deployment:

    1. Project for the web admin help (Product Documentation, Microsoft)
    2. Advanced deployment for Project for the web (Video, Microsoft)
    3. Get Started with Project Power App (Product Support Documentation, Microsoft)
    4. Project for the Web Security Roles (Product Support Documentation, Microsoft)

    Get started creating or customizing a model-driven app

    With the proper environments procured, you can now start extending Project for the web.

    • Navigate to the environment you would like to extend PFTW within. For the purposes of the slides ahead, we’ll be using a sandbox environment for an example. Ensure you have the right access set up for production and sandbox environments of your own (see links on previous slide for more assistance).
    • To begin extending PFTW, the two core features you need to be familiar with before you start in Power Apps are (1) Tables/Entities and (2) the Power Apps Designer – and in particular the Site Map.

    From the Power Apps main page in 365, you can change your environment by selecting from the options in the top right-hand corner of the screen.

    Screenshot of the Power Apps “Apps” page in a sandbox environment. The Project App will appear as “Project” when the application is installed, though it is also easy to create an app from scratch.

    Model-driven apps are built around tables

    In Power Apps, tables (formerly called entities and still referred to as entities in the Power Apps Designer) function much like tables in Excel: they are containers of columns of data for tracking purposes. Tables define the data for your app, and you build your app around them.

    In general, there are three types of tables:

    • Standard: These are out-of-the box tables included with a Dataverse environment. Most standard tables can be customized.
    • Managed: These are tables that get imported into an environment as part of a managed solution. Managed tables cannot be customized.
    • Custom: These types of tables can either be imported from another solution or created directly in the Dataverse environment. To create custom tables, users need to have System Administrator or System Customizer security roles within the Dataverse.

    Tables can be accessed under Data banner on the left-hand panel of your Power Apps screen.

    The below is a list of standard tables that can be used to customize your Project App.

    A screenshot of the 'Data' banner in 'Power Apps' and a list of table names.

    Table Name

    Display Name

    msdyn_project Project
    msdyn_projectchange Change
    msdyn_projectprogram Program
    msdyn_projectrequest Request
    msdyn_projectrisk Risk
    msdyn_projectissue Issue
    msdyn_projectstatusreport Status

    App layouts are designed in the Power App Designer

    You configure tables with a view to using them in the design of your app in the Power Apps Designer.

    • If you’re customizing a Project for the web app manually installed into your production or sandbox environment, you can access Designer by highlighting the app from your list of apps on the Apps page and clicking “Edit” in the ribbon above.
      • If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.
      • If you need to create separate apps in your environment for different PMOs or business units, it is as easy to create an app from scratch as it is to customize the manual install.
    • The App Designer is where you can design the layout of your model-driven app and employ the right data tables.
    Screenshot of the 'App Designer' screen in 'Power Apps'.

    The Site Map determines the navigation for your app, i.e. it is where you establish the links and pages users will navigate. We will review the basics of the sitemap on the next few slides.

    The tables that come loaded into your Project Power App environment (at this time, 37) via the manual install will appear in the Power Apps Designer in the Entity View pane at the bottom of the page. You do not have to use all of them in your design.

    Navigate the Sitemap Designer

    With the components of the previous two slides in mind, let’s walk through how to use them together in the development of a Project app.

    As addressed in the previous slide, the sitemap determines the navigation for your app, i.e. it is where you establish the links and the pages that users will navigate.

    To get to the Sitemap Designer, highlight the Project App from your list of apps on the Apps page and click “Edit” in the ribbon above. If you’re creating a model-driven app from scratch, Designer will open past the “Create a New App” intro screen.

    • To start designing your app layout, click the pencil icon beside the Site Map logo on the App Designer screen.
    • This will take you into the Sitemap Designer (see screenshot to the right). This is where you determine the layout of your app and the relevant data points (and related tables from within the Dataverse) that will factor into your Project App.
    • In the Sitemap Designer, you simply drag and drop the areas, groups, and subareas you want to see in your app’s user interface (see next slide for more details).
    Screenshot of the 'Sitemap Designer' in 'Power Apps'.

    Use Areas, Groups, and Subareas as building blocks for your App

    Screenshots of the main window and the right-hand panel in the 'Sitemap Designer', and of the subarea pop-up panel where you connect components to data tables. The first two separate elements into 'Area', 'Group', and 'Subarea'.

    Drag and drop the relevant components from the panel on the right-hand side of the screen into the main window to design the core pieces that will be present within your user interface.

    For each subarea in your design, use the pop-up panel on the right-hand side of the screen to connect your component the relevant table from within your Dataverse environment.

    How do Areas, Groups, and Subareas translate into an app?

    Screenshots of the main window in the 'Sitemap Designer' and of a left-hand panel from a published 'Project App'. There are notes defining the terms 'Area', 'Group', and 'Subarea' in the context of the screenshot.

    The names or titles for your Areas and Groups can be customized within the Sitemap Designer.

    The names or titles for your Subareas is dependent upon your table name within the Dataverse.

    Area: App users can toggle the arrows to switch between Areas.

    Group: These will change to reflect the chosen Area.

    Subarea: The tables and forms associated with each subarea.

    How to properly save and publish your changes made in the Sitemap Designer and Power Apps Designer:

    1. When you are done making changes to your components within the Sitemap Designer, and want your changes to go live, hit the “Publish” button in the top right corner; when it has successfully published, select “Save and Close.”
    2. You will be taken back to the Power App Designer homepage. Hit “Save,” then “Publish,” and then finally “Play,” to go to your app or “Save and Close.”

    How to find the right tables in the Dataverse

    While you determine which tables will play into your app in the Sitemap Designer, you use the Tables link to customize tables and forms.

    Screenshots of the tables search screen and the 'Tables' page under the 'Data' banner in 'Power Apps'.

    The Tables page under the Data banner in Power Apps houses all of the tables available in your Dataverse environment. Do not be overwhelmed or get too excited. Only a small portion of the tables in the Tables folder in Power Apps will be relevant when it comes to extending PFTW.

    Find the table you would like to customize and/or employ in your app and select it. The next slides will look at customizing the table (if you need to) and designing an app based upon the table.

    To access all the tables in your environment, you’ll need to ensure your filter is set correctly on the top right-hand corner of the screen, otherwise you will only see a small portion of the tables in your Dataverse environment.

    If you’re a novice, it will take you some time to get familiar with the table structure in the Dataverse.

    We recommend you start with the list of tables listed on slide. You can likely find something there that you can use or build from for most PPM purposes.

    How to customize a table (1 of 3)

    You won’t necessarily need to customize a table, but if you do here are some steps to help you get familiar with the basics.

    Screenshot of the 'Columns' tab, open in the 'msdyn_project table' in 'Power Apps'.

    In this screenshot, we are clicked into the msdyn_project (display name: Project) table. As you can see, there are a series of tabs below the name of the table, and we are clicked into the Columns tab. This is where you can see all of the data points included in the table.

    You are not able to customize all columns. If a column that you are not able to customize does not meet your needs, you will need to create a custom column from the “+Add column” option.

    “Required” or “Optional” status pertains to when the column or field is used within your app. For customizable or custom columns this status can be set when you click into each column.

    How to customize a table (2 of 3)

    Create a custom “Status” column.

    By way of illustrating how you might need to customize a table, we’ll highlight the “msdyn_project_statecode” (display name: Project Status) column that comes preloaded in the Project (msdyn_project) table.

    • The Project Status column only gives you a binary choice. While you are able to customize what that binary choice is (it comes preloaded with “Active” and “Inactive” as the options) you cannot add additional choices – so you cannot set it to red/yellow/green, the most universally adopted options for status in the project portfolio management world.
    • Because of this, let’s look at the effort involved in creating a choice and adding a custom column to your table based upon that choice.
    Screenshots of the '+New choice' button in the 'Choices' tab and the 'New choice' pane that opens when you click it.

    From within the Choices tab, click “+New choice” option to create a custom choice.

    A pane will appear to the right of your screen. From there you can give your choice a name, and under the “Items” header, add your list of options.

    Click save. Your custom choice is now saved to the Choices tab in the Dataverse environment and can be used in your table. Further customizations can be made to your choice if need be.

    How to customize a table (3 of 3)

    Back in the Tables tab, you can put your new choice to work by adding a column to a table and selecting your custom choice.

    Screenshots of the pop-up window that appear when you click '+Add Column', and details of what happens when you select the data type 'Choice'.

    Start by selecting “+ Add Column” at the top left-hand side of your table. A window will appear on the right-hand side of the page, and you will have options to name your column and choose the data type.

    As you can see in this screenshot to the left, data type options include text, number and date types, and many more. Because we are looking to use our custom choice for this example, we are going to choose “Choice.”

    When you select “Choice” as your data type, all of the choice options available or created in your Dataverse environment will appear. Find your custom choice – in this example the one name “RYG Status” – and click done. When the window closes, be sure to select “Save Table.”

    How to develop a Form based upon your table (1 of 3 – open the form editor)

    A form is the interface users will engage with when using your Project app.

    When the Project app is first installed in your environment, the main user form will be lacking, with only a few basic data options.

    This form can be customized and additional tabs can be added to your user interface.

    1. To do this, go to the table you want to customize.
    2. In the horizontal series of tabs at the top of the screen, below the table title select the “Forms” option.
    3. Click on the main information option or select Edit Form for the form with “Main” under its form type. A new window will open where you can customize your form.
    Screenshot of the 'Forms' tab, open in the 'msdyn_project' table in 'Power Apps'.

    Select the Forms tab.

    Start with the form that has “Main” as its Format Type.

    How to develop a Form based upon your table (2 of 3 – add a component)

    Screenshot of the 'Components' window in 'Power Apps' with a list of layouts as a window to the right of the main screen where you can name and format the chosen layout.

    You can add element like columns or sections to your form by selecting the Components window.

    In this example, we are adding a 1-Column section. When you select that option from the menu options on the left of the screen, a window will open to the right of the screen where you can name and format the section.

    Choose the component you would like to add from the layout options. Depending on the table element you are looking to use, you can also add input options like number inputs and star ratings and pull in related data elements like a project timeline.

    How to develop a Form based upon your table (3 of 3 – add table columns)

    Screenshot of the 'Table Columns' window in 'Power Apps' and instructions for adding table columns.

    If you click on the “Table Columns” option on the left-hand pane, all of the column options from within your table will appear in alphabetical order.

    When clicked within the form section you would like to add the new column to, select the column from the list of option in the left-hand pane. The new data point will appear within the section. You can order and format section elements as you would like.

    When you are done editing the form, click the “Save” icon in the top right-hand corner. If you are ready for your changes to go live within your Project App, select the “Publish” icon in the top right-hand corner. Your updated form will go live within all of the apps that use it.

    The good and the bad of extending Project for the web

    The content in this step has not instructed users how to extend PFTW; rather, it has covered three basic core pieces of Power Apps that those interesting in PFTW need to be aware of: Dataverse environments, the Power Apps and Sitemaps Designers, and Tables and associated Forms.

    Because we have only covered the very tip of the iceberg, those interested in going further and taking a DIY approach to extending PFTW will need to build upon these basics to unlock further functionality. Indeed, it takes work to develop the product into something that begins to resemble a viable enterprise project and portfolio management solution. Here are some of the good and the bad elements associated with that work:

    The Good:

    • You can right-size and purpose build: add as much or as little project management rigor as your process requires. Related, you can customize the solution in multiple ways to suit the needs of specific business units or portfolios.
    • Speed to market: it is possible to get up and running quickly with a minimum-viable product.

    The Bad:

    • Work required: to build anything beyond MVP requires independent research and trial and error.
    • Time required: to build anything beyond MVP requires time and skills that many PMOs don’t have.
    • Shadow support costs: ungoverned app creation could have negative support and maintenance impacts across IT.

    "The move to Power Platform and low code development will […increase] maintenance overhead. Will low code solution hit problems at scale? [H]ow easy will it be to support hundreds or thousands of small applications?

    I can hear the IT support desks already complaining at the thought of this. This part of the puzzle is yet to hit real world realities of support because non developers are busy creating lots of low code applications." (Ben Hosking, Software Developer and Blogger, "Why low code software development is eating the world")

    Quick start your extension with the Accelerator

    For those starting out, there is a pre-built app you can import into your environment to extend the Project for the web app without any custom development.

    • If the DIY approach in the previous slides was overwhelming, and you don’t have the budget for a MS Partner route in the near-term, this doesn’t mean that evolving your Project for the web app is unattainable.
    • Thanks to a partnership between OnePlan (one of the MS Gold Partners we detail in the next step) and Microsoft, Project for the web users have access to a free resource to help them evolve the base Project app. It’s called the “Project for the web Accelerator” (commonly referred to as “the Accelerator” for short).
    • Users interested in learning more about, and accessing, this free resource should refer to the links below:
      1. The Future of Microsoft Project Online (source: OnePlan).
      2. Introducing the Project Accelerator (source: Microsoft).
      3. Project for the web Accelerator (source: GitHub)
    Screen shot from one of the dashboards that comes with the Accelerator (image source: GitHub).

    2.1.1 Perform a feasibility test (1 of 2)

    15 mins

    As we’ve suggested, and as the material in this step indicates, extending PFTW in a DIY fashion is not small task. You need a knowledge of the Dataverse and Power Apps, and access to the requisite skills, time, and resources to develop the solution.

    To determine whether your PMO and organization are ready to go it alone in extending PFTW, perform the following activity:

    1. Convene a collection of portfolio, project, and PMO staff.
    2. Using the six-question survey on tab 5 of the Microsoft Project & M365 Licensing Tool (see screenshot to the right) as a jumping off point for a discussion, consider the readiness of your PMO or project organization to undertake a DIY approach to extending and implementing PFTW at this time.
    3. You can use the recommendations on tab 5 of the Microsoft Project & 365 Licensing Tool to inform your next steps, and input the gauge graphic in section 4 of the Microsoft Project & M365 Action Plan Template.
    Screenshots from the 'Project for the Web Extensibility Feasibility Test'.

    Go to tab 5 of the Microsoft Project & M365 Licensing Tool

    See next slide for additional activity details

    2.1.1 Perform a feasibility test (2 of 2)

    Input: The contents of this step, The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Output: Initial recommendations on whether to proceed and how to proceed with a DIY approach to extending Project for the web

    Materials: The Project for the Web Extensibility Feasibility Test (tab 5 in the Microsoft Project & 365 Licensing Tool)

    Participants: Portfolio Manager (PMO Director), Project Managers, Other relevant PMO stakeholders

    Step 2.2

    Assess the Microsoft Gold Partner Community

    Activities

    • Review what to look for in a Microsoft Partner
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner
    • Review three key Partners from the North American market
    • Create a Partner outreach plan

    This step will walk you through the following activities:

    • Review what to look for in a Microsoft Partner.
    • Determine whether your needs would benefit from reaching out to a Microsoft Partner.
    • Review three key Partners from the North American market.

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • Project Managers
    • Other relevant PMO stakeholders

    Outcomes of Step

    • A better understanding of MS Partners
    • A Partner outreach plan

    You don’t have to go it alone

    Microsoft has an established community of Partners who can help in your customizations and implementations of Project for the web and other MS Project offerings.

    If the content in the previous step seemed too technical or overly complex in a way that scared you away from a DIY approach to extending Microsoft’s latest project offering (and at some point in the near future, soon to be its only project offering), Project for the web, fear not.

    You do not have to wade into the waters of extending Project for the web alone, or for that matter, in implementing any other MS Project solution.

    Instead, Microsoft nurtures a community of Silver and Gold partners who offer hands-on technical assistance and tool implementation services. While the specific services provided vary from partner to partner, all can assist in the customization and implementation of any of Microsoft’s Project offerings.

    In this step we will cover what to look for in a Partner and how to assess whether you are a good candidate for the services of a Partner. We will also highlight three Partners from within the North American market.

    The basics of the Partner community

    What is a Microsoft Partner?

    Simply put, an MS Gold Partner is a software or professional services organization that provides sales and services related to Microsoft products.

    They’re resellers, implementors, integrators, software manufacturers, trainers, and virtually any other technology-related business service.

    • Microsoft has for decades opted out of being a professional services organization, outside of its very “leading edge” offerings from MCS (Microsoft Consulting Services) for only those technologies that are so new that they aren’t yet supported by MS Partners.
    • As you can see in the chart on the next slide, to become a silver or gold certified partner, firms must demonstrate expertise in specific areas of business and technology in 18 competency areas that are divided into four categories: applications and infrastructure, business applications, data and AI, and modern workplace and security.

    More information on what it takes to become a Microsoft Partner:

    1. Partner Center (Document Center, Microsoft)
    2. Differentiate your business by attaining Microsoft competencies (Document Center, Microsoft)
    3. Partner Network Homepage (Webpage, Microsoft)
    4. See which partner offer is right for you (Webpage, Microsoft)

    Types of partnerships and qualifications

    Microsoft Partner Network

    Microsoft Action Pack

    Silver Competency

    Gold Competency

    What is it?

    The Microsoft Partner Network (MPN) is a community that offers members tools, information, and training. Joining the MPN is an entry-level step for all partners. The Action Pack is an annual subscription offered to entry-level partners. It provides training and marketing materials and access to expensive products and licenses at a vastly reduced price. Approximately 5% of firms in the Microsoft Partner Network (MPN) are silver partners. These partners are subject to audits and annual competency exams to maintain silver status. Approximately 1% of firms in the Microsoft Partner Network (MPN) are gold partners. These partners are subject to audits and annual competency exams to maintain Gold status.

    Requirements

    Sign up for a membership Annual subscription fee While requirements can vary across competency area, broadly speaking, to become a silver partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.
    While requirements can vary across competency area, broadly speaking, to become a gold partner firms must:
    • Pass regular exams and skills assessments, with at least two individuals on staff with Microsoft Certified Professional Status.
    • Hit annual customer, revenue, and licensing metrics.
    • Pay the annual subscription fee.

    Annual Fee

    No Cost $530 $1800 $5300

    When would a MS Partner be helpful?

    • Project management and portfolio management practitioners might look into procuring the services of a Microsoft Partner for a variety of reasons.
    • Because services vary from partner to partner (help to extend Project for the web, implement Project Server or Project Online, augment PMO staffing, etc.) we won’t comment on specific needs here.
    • Instead, the three most common conditions that trigger the need are listed to the right.

    Speed

    When you need to get results faster than your staff can grow the needed capabilities.

    Cost

    When the complexity of the purchase decision, implementation, communication, training, configuration, and/or customization cannot be cost-justified for internal staff, often because you’ll only do it once.

    Expertise & Skills

    When your needs cannot be met by the core Microsoft technology without significant extension or customization.

    Canadian Microsoft Partners Spotlight

    As part of our research process for this blueprint, Info-Tech asked Microsoft Canada for referrals and introductions to leading Microsoft Partners. We spent six months collaborating with them on fresh research into the underlying platform.

    These vendors are listed below and are highlighted in subsequent slides.

    Spotlighted Partners:

    Logo for One Plan. Logo for PMO Outsource Ltd. Logo for Western Principles.

    Please Note: While these vendors were referred to us by Microsoft Canada and have a footprint in the Canadian market, their footprints extend beyond this to the North American and global markets.

    A word about our approach

    Photo of Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group.
    Barry Cousins
    Project Portfolio Management Practice Lead
    Info-Tech Research Group

    Our researchers have been working with Microsoft Project Online and Microsoft Project Server clients for years, and it’s fair to say that most of these clients (at some point) used a Microsoft Partner in their deployment. They’re not really software products, per se; they’re platforms. As a Microsoft Partner in 2003 when Project Server got its first big push, I heard it loud and clear: “Some assembly required. You might only make 7% on the licensing, but the world’s your oyster for services.”

    In the past few years, Microsoft froze the market for major Microsoft Project decisions by making it clear that the existing offering is not getting updates while the new offering (Project for the web) doesn’t do what the old one did. And in a fascinating timing coincidence, the market substantially adopted Microsoft 365 during that period, which enables access to Project for the web.

    Many of Info-Tech’s clients are justifiably curious, confused, and concerned, while the Microsoft Partners have persisted in their knowledge and capability. So, we asked Microsoft Canada for referrals and introductions to leading Microsoft Partners and spent six months collaborating with them on fresh research into the underlying platform.

    Disclosure: Info-Tech conducted collaborative research with the partners listed on the previous slide to produce this publication. Market trends and reactions were studied, but the only clients identified were in case studies provided by the Microsoft Partners. Info-Tech’s customers have been, and remain, anonymous. (Barry Cousins, Project Portfolio Management Practice Lead, Info-Tech Research Group)

    MS Gold Partner Spotlight:

    OnePlan

    Logo for One Plan.
    Headquarters: San Marcos, California, and Toronto, Ontario
    Number of Employees: ~80
    Active Since: 2007 (as EPMLive)
    Website: www.oneplan.ai

    Who are they?

    • While the OnePlan brand has only been the marketplace for a few years, the company has been a major player in MS Gold Partner space for well over a decade.
    • Born out of EPMLive in the mid-aughts, OnePlan Solutions has evolved through a series of acquisitions, including Upland, Tivitie, and most recently Wicresoft.

    What do they do?

    • Software: Its recent rebranding is largely because OnePlan Solutions is as much a software company as it is a professional services firm. The OnePlan software product is an impressive solution that can be used on its own to facilitate the portfolio approaches outlined on the next slide and that can also integrate with the tools your organization is already using to manage tasks (see here for a full rundown of the solutions within the Microsoft stack and beyond OnePlan can integrate with).
    • Beyond its ability to integrate with existing solutions, as a software product, OnePlan has modules for resource planning, strategic portfolio planning, financial planning, time tracking, and more.

    • PPM Consulting Services: The OnePlan team also offers portfolio management consulting services. See the next slide for a list of its approaches to project portfolio management.

    Markets served

    • US, Canada, Europe, and Australia

    Channel Differentiation

    • OnePlan scales to all the PPM needs of all industry types.
    • Additionally, OnePlan offers insights and functionality specific to the needs of BioTech-Pharma.

    What differentiates OnePlan?

    • OnePlan co-developed the Project Accelerator for Project for the web with Microsoft. The OnePlan team’s involvement in developing the Accelerator and making it free for users to access suggests it is aligned to and has expertise in the purpose-built and collaborative vision behind Microsoft’s move away from Project Online and toward the Power Platform and Teams collaboration.
    • 2021 MS Gold Partner of the Year. At Microsoft’s recent Microsoft Inspire event, OnePlan was recognized as the Gold Partner of the Year for Project and Portfolio Management as well as a finalist for Power Apps and Power Automate.
    • OnePlan Approaches: Below is a list of the services or approaches to project portfolio management that OnePlan provides. See its website for more details.
      • Strategic Portfolio Management: Align work to objectives and business outcomes. Track performance against the proposed objectives outcomes.
      • Agile Portfolio Management: Implement Agile practices across the organization, both at the team and executive level.
      • Adaptive Portfolio Management: Allow teams to use the project methodology and tools that best suit the work/team. Maintain visibility and decision making across the entire portfolio.
      • Professional Services Automation: Use automation to operate with greater efficiency.

    "OnePlan offers a strategic portfolio, financial and resource management solution that fits the needs of every PMO. Optimize your portfolio, financials and resources enterprise wide." (Paul Estabrooks, Vice President at OnePlan)

    OnePlan Case Study

    This case study was provided to Info-Tech by OnePlan.

    Brambles

    INDUSTRY: Supply Chain & Logistics
    SOURCE: OnePlan

    Overview: Brambles plays a key role in the delivery or return of products amongst global trading partners such as manufacturers, distributors and retailers.

    Challenge

    Brambles had a variety of Project Management tools with no easy way of consolidating project management data. The proliferation of project management solutions was hindering the execution of a long-term business transformation strategy. Brambles needed certain common and strategic project management processes and enterprise project reporting while still allowing individual project management solutions to be used as part of the PPM platform.

    Solution

    As part of the PMO-driven business transformation strategy, Brambles implemented a project management “operating system” acting as a foundation for core processes such as project intake, portfolio management, resource, and financial planning and reporting while providing integration capability for a variety of tools used for project execution.

    OnePlan’s new Adaptive PPM platform, combining the use of PowerApps and OnePlan, gives Brambles the desired PPM operating system while allowing for tool flexibility at the execution level.

    Results

    • Comprehensive picture of progress across the portfolio.
    • Greater adoption by allowing flexibility of work management tools.
    • Modern portfolio management solution that enables leadership to make confident decision.

    Solution Details

    • OnePlan
    • Project
    • Power Apps
    • Power Automate
    • Power BI
    • Teams

    Contacting OnePlan Solutions

    www.oneplan.ai

    Joe Larscheid: jlarscheid@oneplan.ai
    Paul Estabrooks: pestabrooks@oneplan.ai
    Contact Us: contact@oneplan.ai
    Partners: partner@oneplan.ai

    Partner Resources. OnePlan facilitates regular ongoing live webinars on PPM topics that anyone can sign up for on the OnePlan website.

    For more information on upcoming webinars, or to access recordings of past webinars, see here.

    Additional OnePlan Resources

    1. How to Extend Microsoft Teams into a Collaborative Project, Portfolio and Work Management Solution (on-demand webinar, OnePlan’s YouTube channel)
    2. What Does Agile PPM Mean To The Modern PMO (on-demand webinar, OnePlan’s YouTube channel)
    3. OnePlan is fused with the Microsoft User Experience (blog article, OnePlan)
    4. Adaptive Portfolio Management Demo – Bringing Order to the Tool Chaos with OnePlan (product demo, OnePlan’s YouTube channel)
    5. How OnePlan is aligning with Microsoft’s Project and Portfolio Management Vision (blog article, OnePlan)
    6. Accelerating Office 365 Value with a Hybrid Project Portfolio Management Solution (product demo, OnePlan’s YouTube channel)

    MS Gold Partner Spotlight:

    PMO Outsource Ltd.

    Logo for PMO Outsource Ltd.

    Headquarters: Calgary, Alberta, and Mississauga, Ontario
    Website: www.pmooutsource.com

    Who are they?

    • PMO Outsource Ltd. is a Microsoft Gold Partner and PMI certified professional services firm based in Alberta and Ontario, Canada.
    • It offers comprehensive project and portfolio management offerings with a specific focus on project lifecycle management, including demand management, resource management, and governance and communication practices.

    What do they do?

    • Project Online and Power Platform Expertise. The PMO Outsource Ltd. team has extensive knowledge in both Microsoft’s old tech (Project Server and Desktop) and in its newer, cloud-based technologies (Project Online, Project for the web, the Power Platform, and Dynamics 365). As the case study in two slides demonstrates, PMO Outsource Ltd. Uses its in-depth knowledge of the Microsoft suite to help organizations automate project and portfolio data collection process, create efficiencies, and encourage cloud adoption.
    • PPM Consulting Services: In addition to its Microsoft platform expertise, the PMO Outsource Ltd. team also offers project and portfolio management consulting services, helping organizations evolve their process and governance structures as well as their approaches to PPM tooling.

    Markets served

    • Global

    Channel Differentiation

    • PMO Outsource Ltd. scales to all the PPM needs of all industry types.

    What differentiates PMO Outsource Ltd.?

    • PMO Staff Augmentation. In addition to its technology and consulting services, PMO Outsource Ltd. offers PMO staff augmentation services. As advertised on its website, it offers “scalable PMO staffing solutions. Whether you require Project Managers, Business Analysts, Admins or Coordinators, [PMO Outsource Ltd.] can fulfill your talent search requirements from a skilled pool of resources.”
    • Multiple and easy-to-understand service contract packages. PMO Outsource Ltd. offers many prepackaged service offerings to suit PMOs’ needs. Those packages include “PMO Management, Admin, and Support,” “PPM Solution, Site and Workflow Configuration,” and “Add-Ons.” For full details of what’s included in these services packages, see the PMO Outsource Ltd. website.
    • PMO Outsource Ltd. Services: Below is a list of the services or approaches to project portfolio management that PMO Outsource Ltd. Provides. See its website for more details.
      • Process Automation, Workflows, and Tools. Facilitate line of sight by tailoring Microsoft’s technology to your organization’s needs and creating custom workflows.
      • PMO Management Framework. Receive a professionally managed PPM methodology as well as governance standardization of processes, tools, and templates.
      • Custom BI Reports. Leverage its expertise in reporting and dashboarding to create the visibility your organization needs.

    "While selecting an appropriate PPM tool, the PMO should not only evaluate the standard industry tools but also analyze which tool will best fit the organization’s strategy, budget, and culture in the long run." (Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.)

    PMO Outsource Ltd. Case Study

    This case study was provided to Info-Tech by PMO Outsource Ltd.

    SAMUEL

    INDUSTRY: Manufacturing
    SOURCE: PMO Outsource Ltd.

    Challenge

    • MS Project 2013 Server (Legacy/OnPrem)
    • Out-of-support application and compliance with Office 365
    • Out-of-support third-party application for workflows
    • No capability for resource management
    • Too many manual processes for data maintenance and server administration

    Solution

    • Migrate project data to MS Project Online
    • Recreate workflows using Power Automate solution
    • Configure Power BI content packs for Portfolio reporting and resource management dashboards
    • Recreate OLAP reports from legacy environment using Power BI
    • Cut down nearly 50% of administrative time by automating PMO/PPM processes
    • Save costs on Server hardware/application maintenance by nearly 75%

    Full Case Study Link

    • For full details about how PMO Outsource Ltd. assisted Samuel in modernizing its solution and creating efficiencies, visit the Microsoft website where this case study is highlighted.

    Contacting PMO Outsource Ltd.

    www.pmooutsource.com

    700 8th Ave SW, #108
    Calgary, AB T2P 1H2
    Telephone : +1 (587) 355-3745
    6045 Creditview Road, #169
    Mississauga, ON L5V 0B1
    Telephone : +1 (289) 334-1228
    Information: info@pmooutsource.com
    LinkedIn: https://www.linkedin.com/company/pmo-outsource/

    Partner Resources. PMO Outsource Ltd.’s approach is rooted within a robust and comprehensive PPM framework that is focused on driving strategic outcomes and business success.

    For a full overview of its PPM framework, see here.

    Additional PMO Outsource Ltd. Resources

    1. 5 Benefits of PPM tools and PMO process automation (blog article, PMO Outsource Ltd.)
    2. Importance of PMO (blog article, PMO Outsource Ltd.)
    3. Meet the Powerful and Reimagined PPM tool for Everyone! (video, PMO Outsource Ltd. LinkedIn page)
    4. MS Project Tips: How to add #Sprints to an existing Project? (video, PMO Outsource Ltd. LinkedIn page)
    5. MS Project Tips: How to add a milestone to your project? (video, PMO Outsource Ltd. LinkedIn page)
    6. 5 Benefits of implementing Project Online Tools (video, PMO Outsource Ltd. LinkedIn page)

    MS Gold Partner Spotlight:

    Western Principles

    Logo for Western Principles.

    Headquarters: Vancouver, British Columbia
    Years Active: 16 Years
    Website: www.westernprinciples.com

    Who are they?

    • Western Principles is a Microsoft Gold Partner and UMT 360 PPM software provider based in British Columbia with a network of consultants across Canada.
    • In the last sixteen years, it has successfully conducted over 150 PPM implementations, helping in the implementation, training, and support of Microsoft Project offerings as well as UMT360 – a software solution provider that, much like OnePlan, enhances the PPM capabilities of the Microsoft platform.

    What do they do?

    • Technology expertise. The Western Principles team helps organizations maximize the value they are getting form the Microsoft Platform. Not only does it offer expertise in all the solutions in the MS Project ecosystem, it also helps organizations optimize their use and understanding of Teams, SharePoint, the Power Platform, and more. In addition to the Microsoft platform, Western Principles is partnered with many other technology providers, including UMT360 for strategic portfolio management, the Simplex Group for project document controls, HMS for time sheets, and FluentPro for integration, back-ups, and migrations.
    • PPM Consulting Services: In addition to its technical services and solutions, Western Principles offers PPM consulting and staff augmentation services.

    Markets served

    • Canada

    Channel Differentiation

    • Western Principles scales to all the PPM needs of all industry types, public and private sector.
    • In addition, its website offers persona-specific information based on the PPM needs of engineering and construction, new product development, marketing, and more.

    What differentiates Western Principles?

    • Gold-certified UMT 360 partner. In addition to being a Microsoft Gold Partner, Western Principles is a gold-certified UMT 360 partner. UMT 360 is a strategic portfolio management tool that integrates with many other work management solutions to offer holistic line of sight into the organization’s supply-demand pain points and strategic portfolio management needs. Some of the solutions UMT 360 integrates with include Project Online and Project for the web, Azure DevOps, Jira, and many more. See here for more information on the impressive functionality in UMT360.
    • Sustainment Services. Adoption can be the bane of most PPM tool implementations. Among the many services Western Principles offers, its “sustainment services” stand out. According to Western Principles’ website, these services are addressed to those who require “continual maintenance, change, and repair activities” to keep PPM systems in “good working order” to help maximize ROI.
    • Western Principles Services: In addition to the above, below is a list of some of the services that Western Principles offers. See its website for a full list of services.
      • Process Optimization: Determine your requirements and process needs.
      • Integration: Create a single source of truth.
      • Training: Ensure your team knows how to use the systems you implement.
      • Staff Augmentation: Provide experienced project team members based upon your needs.

    "One of our principles is to begin with the end in mind. This means that we will work with you to define a roadmap to help you advance your strategic portfolio … and project management capabilities. The roadmap for each customer is different and based on where you are today, and where you need to get to." (Western Principles, “Your Strategic Portfolio Management roadmap,” Whitepaper)

    Contacting Western Principles

    www.westernprinciples.com

    610 – 700 West Pender St.
    Vancouver, BC V6C 1G8
    +1 (800) 578-4155
    Information: info@westernprinciples.com
    LinkedIn: https://www.linkedin.com/company/western-principle...

    Partner Resources. Western Principles provides a multitude of current case studies on its home page. These case studies let you know what the firm is working on this year and the type of support it provides to its clientele.

    To access these case studies, see here.

    Additional Western Principles Resources

    1. Program and Portfolio Roll ups with Microsoft Project and Power BI (video, Western Principles YouTube Channel)
    2. Dump the Spreadsheets for Microsoft Project Online (video, Western Principles YouTube Channel)
    3. Power BI for Project for the web (video, Western Principles YouTube Channel)
    4. How to do Capacity Planning and Resource Management in Microsoft Project Online [Part 1 & Part 2] (video, Western Principles YouTube Channel)
    5. Extend & Integrate Microsoft Project (whitepaper, Western Principles)
    6. Your COVID-19 Return-to-Work Plan (whitepaper, Western Principles)

    Watch Info-Tech’s Analyst-Partner Briefing Videos to lean more

    Info-Tech was able to sit down with the partners spotlighted in this step to discuss the current state of the PPM market and Microsoft’s place within it.

    • All three partners spotlighted in this step contributed to Info-Tech’s research process for this publication.
    • For two of the partners, OnePlan and PMO Outsource Ltd., Info-Tech was able to record a conversation where our analysts and the partners discuss Microsoft’s current MS Project offerings, the current state of the PPM tool market, and the services and the approaches of each respective partner.
    • A third video briefing with Western Principles has not happened yet due to logistical reasons. We are hoping we can include a video chat with our peers at Western Principles in the near future.
    Screenshot form the Analyst-Partner Briefing Videos. In addition to the content covered in this step, you can use these videos for further information about the partners to inform your next steps.

    Download Info-Tech’s Analyst-Partner Briefing Videos (OnePlan & PMO Outsource Ltd.)

    2.2.1 Create a partner outreach plan

    1-3 hours

    Input: Contents of this step, List of additional MS Gold Partners

    Output: A completed partner outreach program

    Materials: MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. With an understanding of the partner ecosystem, compile a working group of PMO peers and stakeholders to produce a gameplan for engaging the MS Gold Partner ecosystem.
      • For additional partner options see Microsoft’s Partner Page.
    2. Using slide 20 in Info-Tech’s MS Project and M365 Action Plan Template, document the Partners you would want or have scheduled briefings with.
      • As you go through the briefings and research process, document the pros and cons and areas of specialized associated with each vendor for your particular work management implementation.

    Download the Microsoft Project & M365 Action Plan Template

    2.2.2 Document your PM and PPM requirements

    1-3 hours

    Input: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment

    Output: MS Project & M365 Action Plan Template

    Materials: Project Portfolio Management Maturity Assessment, Project Management Maturity Assessment, MS Project & M365 Action Plan Template

    Participants: Portfolio Manager (PMO Director), PMO Admin Team, Project Managers, CIO

    1. As you prepare to engage the Partner Community, you should have a sense of where your project management and project portfolio management gaps are to better communicate your tooling needs.
    2. Leverage tab 4 from both your Project Portfolio Management Assessment and Project Management Assessment from step 1.3 of this blueprint to help document and communicate your requirements. Those tabs prioritize your project and portfolio management needs by highest impact for the organization.
    3. You can use the outputs of the tab to inform your inputs on slide 23 of the MS Project & M365 Action Plan Template to present to organizational stakeholders and share with the Partners you are briefing with.

    Download the Microsoft Project & M365 Action Plan Template

    Determine the Future of Microsoft Project for Your Organization

    Phase 3: Finalize Your Implementation Approach

    Phase 1: Determine Your Tool NeedsPhase 2: Weigh Your Implementation Options

    Phase 3: Finalize Your Implementation Approach

    • Step 1.1: Survey the M365 work management landscape
    • Step 1.2: Perform a process maturity assessment to help inform your M365 starting point
    • Step 1.3: Consider the right MS Project licenses for your stakeholders
    • Step 2.1: Get familiar with extending Project for the web using Power Apps
    • Step 2.2: Assess the MS Gold Partner Community
    • Step 3.1: Prepare an action plan

    Phase Outcomes

    An action plan concerning what to do with MS Project and M365 for your PMO or project organization.

    Step 3.1

    Prepare an action plan

    Activities

    • Compile the current state results
    • Prepare an Implementation Roadmap
    • Complete your presentation deck

    This step will walk you through the following activities:

    • Assess the impact of organizational change for the project
    • Develop your vision for stakeholders
    • Compile the current state results and document the implementation approach
    • Create clarity through a RACI and proposed implementation timeline

    This step usually involves the following participants:

    • Portfolio Manager (PMO Director)
    • PMO Admin Team
    • Business Analysts
    • Project Managers

    Outcomes of Step

    • Microsoft Project and M365 Action Plan

    Assess the impact of organizational change

    Be prepared to answer: “What’s in it for me?”

    Before jumping into licensing and third-party negotiations, ensure you’ve clearly assessed the impact of change.

    Tailor the work effort involved in each step, as necessary:

    1. Assess the impact
      • Use the impact assessment questions to identify change impacts.
    2. Plan for change
      • Document the impact on each stakeholder group.
      • Anticipate their response.
      • Curate a compelling message for each stakeholder group.
      • Develop a communication plan.
    3. Act according to plan
      • Identify your executive sponsor.
      • Enable the sponsor to drive change communication.
      • Coach managers on how they can drive change at the individual level.

    Impact Assessment Questions

    • Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    • Will there be a price increase?
    • Will there be a change to compensation and/or rewards?
    • Will the vision or mission of the job change?
    • Will the change span multiple locations/time zones?
    • Are multiple products/services impacted by this change?
    • Will staffing levels change?
    • Will this change increase the workload?
    • Will the tools of the job be substantially different?
    • Will a new or different set of skills be needed?
    • Will there be a change in reporting relationships?
    • Will the workflow and approvals be changed?
    • Will there be a substantial change to scheduling and logistics?

    Master Organizational Change Management Practices blueprint

    Develop your vision for stakeholders

    After careful analysis and planning, it’s time to synthesize your findings to those most impacted by the change.

    Executive Brief

    • Prepare a compelling message about the current situation.
    • Outline the considerations the working group took into account when developing the action plan.
    • Succinctly describe the recommendations proposed by the working group.

    Goals

    • Identify the goals for the project.
    • Explain the details for each goal to develop the organizational rationale for the project.
    • These goals are the building blocks for the change communication that the executive sponsor will use to build a coalition of sponsors.

    Future State Vision

    • Quantify the high-level costs and benefits of moving forward with this project.
    • Articulate the future- state maturity level for both the project and project portfolio management process.
    • Reiterate the organizational rationale and drivers for change.

    "In failed transformations, you often find plenty of plans, directives, and programs, but no vision…A useful rule of thumb: If you can’t communicate the vision to someone in five minutes or less and get a reaction that signifies both understanding and interest, you are not yet done…" (John P. Kotter, Leading Change)

    Get ready to compile the analysis completed throughout this blueprint in the subsequent activities. The outputs will come together in your Microsoft Project and M365 Action Plan.

    Use the Microsoft Project & M365 Action Plan Template to help communicate your vision

    Our boardroom-ready presentation and communication template can be customized using the outputs of this blueprint.

    • Getting stakeholders to understand why you are recommending specific work management changes and then communicating exactly what those changes are and what they will cost is key to the success of your work management implementation.
    • To that end, the slides ahead walk you through how to customize the Microsoft Project & M365 Action Plan Template.
    • Many of the current-state analysis activities you completed during phase 1 of this blueprint can be directly made use of within the template as can the decisions you made and requirements you documented during phase 2.
    • By the end of this step, you will have a boardroom-ready presentation that will help you communicate your future-state vision.
    Screenshot of Info-Tech's Microsoft Project and M365 Action Plan Template with a note to 'Update the presentation or distribution date and insert your name, role, and organization'.

    Download Info-Tech’s Microsoft Project & M365 Action Plan Template

    3.1.1 Compile current state results

    1-3 hours

    Input: Force Field Analysis Tool, Tool Audit Workbook, Project Management Maturity Assessment Tool, Project Portfolio Management Maturity Assessment Tool

    Output: Section 1: Executive Brief, Section 2: Context and Constraints

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the tools introduced throughout this blueprint. Use this information along with organizational knowledge to document the business context and current state.
    2. Update the driving forces for change and risks and constraints slides using your outputs from the Force Field Analysis Tool.
    3. Update the current tool landscape, tool satisfaction, and tool audit results slides using your outputs from the Tool Audit Workbook.
    4. Update the gap analysis results slides using your outputs from the Project Management and Project Portfolio Management Maturity Assessment Tools.

    Screenshots of 'Business Context and Current State' screen from the 'Force Field Analysis Tool', the 'Tool Audit Results' screen from the 'Tool Audit Workbook', and the 'Project Portfolio Management Gap Analysis Results' screen from the 'PM and PPM Maturity Assessments Tool'.

    Download the Microsoft Project & M365 Action Plan Template

    3.2.1 Option A: Prepare a DIY roadmap

    1-3 hours; Note: This is only applicable if you have chosen the DIY route

    Input: List of key PPM decision points, List of who is accountable for PPM decisions, List of who has PPM decision-making authority

    Output: Section 3: DIY Implementation Approach

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 3: DIY Implementation Approach.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Update the Action Plan to articulate the details for total and annual costs of the proposed licensing solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.
    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'DIY Implementation Approach'.

    Download the Microsoft Project and M365 Action Plan Template

    3.2.1 Option b: Prepare a Partner roadmap

    1-3 hours; Note: This is only applicable if you have chosen the Partner route

    Input: Microsoft Project and M365 Licensing Tool, Information on Microsoft Partners

    Output: Section 4: Microsoft Partner Implementation Route

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. As a group, review the results of the Microsoft Project and M365 Licensing Tool. Use this information along with organizational knowledge and discussion with the working group to complete Section 4: Microsoft Partner Implementation Route.
    2. Copy and paste your results from tab 5 of the Microsoft Project and M365 Licensing Tool. Update the Implementation Approach slide to detail the rationale for selecting this option.
    3. Develop an outreach plan for the Microsoft Partners you are planning to survey. Set targets for briefing dates and assign an individual to own any back-and-forth communication. Document the pros and cons of each Partner and gauge interest in continuing to analyze the vendor as a possible solution.
    4. Facilitate a discussion to determine roles and responsibilities for the implementation. Based on the size, risk, and complexity of the implementation, create a reasonable timeline.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' outlining the 'Microsoft Partner Implementation Route'.

    Microsoft Project and M365 Action Plan Template

    3.1.2 Complete your presentation deck

    1-2 hours

    Input: Outputs from the exercises in this blueprint

    Output: Section 5: Future-State Vision and Goals

    Materials: Microsoft Project and M365 Action Plan Template

    Participants: PMO Director, PMO Admin Team, Business Analysts, Project Managers

    1. Put the finishing touches on your presentation deck by documenting your future- state vision and goals.
    2. Prepare to present to your stakeholders.
      • Understand your audience, their needs and priorities, and their degree of knowledge and experiences with technology. This informs what to include in your presentation and how to position the message and goal.
    3. Review the deck beginning to end and check for spelling, grammar, and vertical logic.
    4. Practice delivering the vision for the project through several practice sessions.

    Screenshots from the 'Microsoft Project and M365 Action Plan Template' regarding finishing touches.

    Microsoft Project and M365 Action Plan Template

    Pitch your vision to key stakeholders

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Business Executives

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Identify executive sponsor

    IT Leadership

    • Sections 1-5 with a focus on Section 3 or 4 depending on implementation approach
    • Get buy-in on proposed project
    • Identify skills or resourcing constraints

    Business Managers

    • Section 1: Executive Brief
    • Section 2: Context and Constraints
    • Section 5: Future-State Vision and Goals
    • Get feedback on proposed plan
    • Identify any unassessed risks and organizational impacts

    Business Users

    • Section 1: Executive Brief
    • Support the organizational change management process

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained
    • How you work: Work management and the various ways of working (personal and team task management, strategic project portfolio management, formal project management, and enterprise project and portfolio management).
    • Where you need to go: Project portfolio management and project management current- and target-state maturity levels.
    • What you need: Microsoft Project Plans and requisite M365 licensing.
    • The skills you need: Extending Project for the web.
    • Who you need to work with: Get to know the Microsoft Gold Partner community.
    Deliverables Completed
    • M365 Tool Guides
    • Tool Audit Workbook
    • Force Field Analysis Tool
    • Project Portfolio Management Maturity Assessment Tool
    • Project Management Maturity Assessment Tool
    • Microsoft Project & M365 Action Plan Template

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information
    workshops@infotech.com
    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Photo of Barry Cousins.
    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Perform a work management tool audit

    Gain insight into the tools that drive value or fail to drive value across your work management landscape with a view to streamline the organization’s tool ecosystem.

    Prepare an action plan for your tool needs

    Prepare the right work management tool recommendations for your IT teams and/or business units and develop a boardroom-ready presentation to communicate needs and next steps.

    Research Contributors and Experts

    Neeta Manghnani
    PMO Strategist
    PMO Outsource Ltd.

    Photo of Neeta Manghnani, PMO Strategist, PMO Outsource Ltd.
    • Innovative, performance-driven executive with significant experience managing Portfolios, Programs & Projects, and technical systems for international corporations with complex requirements. A hands-on, dynamic leader with over 20 years of experience guiding and motivating cross-functional teams. Highly creative and brings a blend of business acumen and expertise in multiple IT disciplines, to maximize the corporate benefit from capital investments.
    • Successfully deploys inventive solutions to automate processes and improve the functionality, scalability and security of critical business systems and applications. Leverages PMO/PPM management and leadership skills to meet the strategic goals and business initiatives.

    Robert Strickland
    Principal Consultant & Owner
    PMO Outsource Ltd.

    Photo of Robert Strickland, Principal Consultant and Owner, PMO Outsource Ltd.
    • Successful entrepreneur, leader, and technologist for over 15 years, is passionate about helping organizations leverage the value of SharePoint, O365, Project Online, Teams and the Power Platform. Expertise in implementing portals, workflows and collaboration experiences that create business value. Strategic manager with years of successful experience building businesses, developing custom solutions, delivering projects, and managing budgets. Strong transformational leader on large implementations with a technical pedigree.
    • A digital transformation leader helping clients move to the cloud, collaborate, automate their business processes and eliminate paper forms, spreadsheets and other manual practices.

    Related Info-Tech Research

    • Develop a Project Portfolio Management Strategy
      Time is money; spend it wisely.
    • Establish Realistic IT Resource Management Practices
      Holistically balance IT supply and demand to avoid overallocation.
    • Tailor Project Management Processes to Fit Your Projects
      Spend less time managing processes and more time delivering results

    Bibliography

    “13 Reasons not to use Microsoft Project.” Celoxis, 14 Sept. 2018. Accessed 17 Sept. 2021.

    Advisicon. “Project Online vs Project for the Web.” YouTube, 13 Nov. 2013. Accessed 17 Sept. 2021.

    Branscombe, Mary. “Is Project Online ready to replace Microsoft Project?” TechRepublic, 23 Jan. 2020. Accessed 17 Sept. 2021.

    Chemistruck, Dan. “The Complete Office 365 and Microsoft 365 Licensing Comparison.” Infused Innovations, 4 April 2019. Accessed 17 Sept. 2021.

    “Compare Project management solutions and costs.” Microsoft. Accessed 17 Sept. 2021.

    Day to Day Dynamics 365. “Microsoft Project for the web - Model-driven app.” YouTube, 29 Oct. 2019. Accessed 17 Sept. 2021.

    “Deploying Project for the web.” Microsoft, 24 Aug. 2021. Accessed 17 Sept. 2021.

    “Differentiate your business by attaining Microsoft competencies.” Microsoft, 26 Jan. 2021. Accessed 17 Sept. 2021.

    “Extend & Integrate Microsoft Project.” Western Principles. Accessed 17 Sept. 2021.

    “Get Started with Project Power App.” Microsoft. Accessed 17 Sept. 2021.

    Hosking, Ben. “Why low code software development is eating the world.” DevGenius, May 2021. Accessed 17 Sept. 2021.

    “How in the World is MS Project Still a Leading PM Software?” CBT Nuggets, 12 Nov. 2018. Accessed 17 Sept. 2021.

    Integent. “Project for the Web - Create a Program Entity and a model-driven app then expose in Microsoft Teams.” YouTube, 25 Mar. 2020. Accessed 17 Sept. 2021.

    “Introducing the Project Accelerator.” Microsoft, 10 Mar. 2021. Accessed 17 Sept. 2021.

    “Join the Microsoft Partner Network.” Microsoft. Accessed 17 Sept. 2021.

    Kaneko, Judy. “How Productivity Tools Can Lead to a Loss of Productivity.” Bluescape, 2 Mar. 2018 Accessed 17 Sept. 2021.

    Kotter, John. Leading Change. Harvard Business School Press, 1996.

    Leis, Merily. “What is Work Management.” Scoro. Accessed 17 Sept. 2021.

    Liu, Shanhong. “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statistica, 2021. Web.

    Manghnani, Neeta. “5 Benefits of PPM tools and PMO process automation.” PMO Outsource Ltd., 11 Apr. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 and Office 365 plan options.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft 365 for enterprise.” Microsoft. Accessed 17 Sept. 2021

    “Microsoft Office 365 Usage Statistics.” Thexyz blog, 18 Sept. 2020. Accessed 17 Sept. 2021.

    “Microsoft Power Apps, Microsoft Power Automate and Microsoft Power Virtual Agents Licensing Guide.” Microsoft, June 2021. Web.

    “Microsoft Project service description.” Microsoft, 31 Aug. 2021. Accessed 17 Sept. 2021.

    “Microsoft Project Statistics.” Integent Blog, 12 Dec. 2013. Accessed 17 Sept. 2021.

    Nanji, Aadil . Modernize Your Microsoft Licensing for the Cloud Era. Info-Tech Research Group, 12 Mar. 2020. Accessed 17 Sept. 2021.

    “Number of Office 365 company users worldwide as of June 2021, by leading country.” Statista, 8 June 2021. Accessed 17 Sept. 2021.

    “Overcoming disruption in a digital world.” Asana. Accessed 17 Sept. 2021.

    Pajunen, Antti. “Customizing and extending Project for the web.” Day to Day Dynamics 365, 20 Jan. 2020. Accessed 17 Sept. 2021.

    “Partner Center Documentation.” Microsoft. Accessed 17 Sept. 2021.

    Pragmatic Works. “Building First Power Apps Model Driven Application.” YouTube, 21 June 2019. Accessed 17 Sept. 2021.

    “Project architecture overview.” Microsoft, 27 Mar. 2020. Accessed 17 Sept. 2021.

    “Project for the web Accelerator.” GitHub. Accessed 17 Sept. 2021.

    “Project for the web admin help.” Microsoft, 28 Oct. 2019. Accessed 17 Sept. 2021.

    “Project for the Web – The New Microsoft Project.” TPG. Accessed 17 Sept. 2021.

    “Project for the Web Security Roles.” Microsoft, 1 July 2021. Accessed 17 Sept. 2021.

    “Project Online: Project For The Web vs Microsoft Project vs Planner vs Project Online.” PM Connection, 30 Nov. 2020. Accessed 17 Sept. 2021.

    Redmond, Tony. “Office 365 Insights from Microsoft’s FY21 Q2 Results.” Office 365 for IT Pros, 28 Jan. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Advanced deployment for Project for the web.” YouTube, 4 Aug. 2021. Accessed 17 Sept. 2021.

    Reimagine Project Management with Microsoft. “Overview of Microsoft Project.” YouTube, 29 July 2021. Accessed 17 Sept. 2021.

    “See which partner offer is right for you.” Microsoft. Accessed 17 Sept. 2021.

    Shalomova, Anna. “Microsoft Project for Web 2019 vs. Project Online: What’s Best for Enterprise Project Management?” FluentPro, 23 July 2020. Accessed 17 Sept. 2021.

    Speed, Richard. “One Project to rule them all: Microsoft plots end to Project Online while nervous Server looks on.” The Register, 28 Sept. 2018. Accessed 17 Sept. 2021.

    Spataro, Jared. “A new vision for modern work management with Microsoft Project.” Microsoft, 25 Sept. 2018. Accessed 17 Sept. 2021.

    Stickel, Robert. “OnePlan Recognized as Winner of 2021 Microsoft Project & Portfolio Management Partner of the Year.” OnePlan, 8 July 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “The Future of Project Online.” OnePlan, 2 Mar. 2021. Accessed 17 Sept. 2021.

    Stickel, Robert. “What It Means to be Adaptive.” OnePlan, 24 May 2021. Accessed 17 Sept. 2021.

    “The Future of Microsoft Project Online.” OnePlan. Accessed 17 Sept. 2021.

    Weller, Joe. “Demystifying Microsoft Project Licensing.” Smartsheet, 10 Mar. 2016. Accessed 17 Sept. 2021.

    Western Principles Inc. “Dump the Spreadsheets for Microsoft Project Online.” YouTube, 2 July 2020. Accessed 17 Sept. 2021.

    Western Principles Inc. “Project Online or Project for the web? Which project management system should you use?” YouTube, 11 Aug. 2020. Accessed 17 Sept. 2021.

    “What is Power Query?” Microsoft, 22 July 2021. Web.

    Wicresoft. “The Power of the New Microsoft Project and Microsoft 365.” YouTube, 29 May 2020. Accessed 17 Sept. 2021.

    Wicresoft. “Why the Microsoft Power Platform is the Future of PPM.” YouTube, 11 June 2020. Accessed 17 Sept. 2021.

    Industry-Specific Digital Transformation

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Infographic

    Build a Strategic IT Workforce Plan

    • Buy Link or Shortcode: {j2store}390|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $180,171 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Talent has become a competitive differentiator. To 46% of business leaders, workforce planning is a top priority – yet only 13% do it effectively.
    • CIOs aren’t sure what they need to give the organization a competitive edge or how current staffing line-ups fall short.

    Our Advice

    Critical Insight

    • A well defined strategic workforce plan (SWP) isn’t just a nice-to-have, it’s a must-have.
    • Integrate as much data as possible into your workforce plan to best prepare you for the future. Without knowledge of your future initiatives, you are filling hypothetical holes.
    • To be successful, you need to understand your strategic initiatives, workforce landscape, and external and internal trends.

    Impact and Result

    The workforce planning process does not need to be onerous, especially with help from Info-Tech’s solid planning tools. With the right people involved and enough time invested, developing an SWP will be easier than first thought and time well spent. Leverage Info-Tech’s client-tested 5-step process to build a strategic workforce plan:

    1. Build a project charter
    2. Assess workforce competency needs
    3. Identify impact of internal and external trends
    4. Identify the impact of strategic initiatives on roles
    5. Build and monitor the workforce plan

    Build a Strategic IT Workforce Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strategic workforce plan for IT, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Initiate the project

    Assess the value of a strategic workforce plan and the IT department’s fit for developing one, and then structure the workforce planning project.

    • Build a Strategic Workforce Plan – Phase 1: Initiate the Project
    • IT Strategic Workforce Planning Project Charter Template
    • IT Strategic Workforce Planning Project Plan Template

    2. Analyze workforce needs

    Gather and analyze workforce needs based on an understanding of the relevant internal and external trends, and then produce a prioritized plan of action.

    • Build a Strategic Workforce Plan – Phase 2: Analyze Workforce Needs
    • Workforce Planning Workbook

    3. Build the workforce plan

    Evaluate workforce priorities, plan specific projects to address them, and formalize and integrate strategic workforce planning into regular planning processes.

    • Build a Strategic Workforce Plan – Phase 3: Build and Monitor the SWP
    [infographic]

    Workshop: Build a Strategic IT Workforce Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Project Goals, Metrics, and Current State

    The Purpose

    Develop a shared understanding of the challenges your organization is facing with regards to talent and workforce planning.

    Key Benefits Achieved

    An informed understanding of whether or not you need to develop a strategic workforce plan for IT.

    Activities

    1.1 Identify goals, metrics, and opportunities

    1.2 Segment current roles

    1.3 Identify organizational culture

    1.4 Assign job competencies

    1.5 Assess current talent

    Outputs

    Identified goals, metrics, and opportunities

    Documented organizational culture

    Aligned competencies to roles

    Identified current talent competency levels

    2 Assess Workforce and Analyze Trends

    The Purpose

    Perform an in-depth analysis of how internal and external trends are impacting the workforce.

    Key Benefits Achieved

    An enhanced understanding of the current talent occupying the workforce.

    Activities

    2.1 Assess environmental trends

    2.2 Identify impact on workforce requirements

    2.3 Identify how trends are impacting critical roles

    2.4 Explore viable options

    Outputs

    Complete internal trends analysis

    Complete external trends analysis

    Identified internal and external trends on specific IT roles

    3 Perform Gap Analysis

    The Purpose

    Identify the changing competencies and workforce needs of the future IT organization, including shortages and surpluses.

    Key Benefits Achieved

    Determined impact of strategic initiatives on workforce needs.

    Identification of roles required in the future organization, including surpluses and shortages.

    Identified projects to fill workforce gaps.

    Activities

    3.1 Identify strategic initiatives

    3.2 Identify impact of strategic initiatives on roles

    3.3 Determine workforce estimates

    3.4 Determine projects to address gaps

    Outputs

    Identified workforce estimates for the future

    List of potential projects to address workforce gaps

    4 Prioritize and Plan

    The Purpose

    Prepare an action plan to address the critical gaps identified.

    Key Benefits Achieved

    A prioritized plan of action that will fill gaps and secure better workforce outcomes for the organization.

    Activities

    4.1 Determine and prioritize action items

    4.2 Determine a schedule for review of initiatives

    4.3 Integrate workforce planning into regular planning processes

    Outputs

    Prioritized list of projects

    Completed workforce plan

    Identified opportunities for integration

    Implement Infrastructure Shared Services

    • Buy Link or Shortcode: {j2store}456|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Organizations have service duplications for unique needs. These duplications increase business expenditure.
    • Lack of collaboration between business units to share their services increases business cost and reduces business units’ faith to implement shared services.
    • Transitioning infrastructure to shared services is challenging for many organizations. It requires an accurate planning and efficient communication between participating business units.

    Our Advice

    Critical Insight

    • Identify your current process, tool, and people capabilities before implementing shared services. Understand the financial compensations prior to implementation and assess if your organization is ready for transitioning to shared services model.
    • Do not implement shared services when the nature of the services differs greatly between business units.

    Impact and Result

    • Understand benefits of shared services for the business and determine whether transitioning to shared services would benefit the organization.
    • Identify the best implementation plan based on goals, needs, and services.
    • Build a shared-services process to manage the plan and ensure its success.

    Implement Infrastructure Shared Services Research & Tools

    Start here – Read the Executive Brief

    Read our concise Executive Brief to find out why you should implement shared services, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Conduct gap analysis

    Identify benefits of shared services to your organization and define implementation challenges.

    • Implement Infrastructure Shared Services – Phase 1: Conduct Gap Analysis
    • Shared Services Implementation Executive Presentation
    • Shared Services Implementation Business Case Template
    • Shared Services Implementation Assessment Tool

    2. Choose the right path

    Identify your process and staff capabilities and discover which services will be transitioned to shared services plan. It will also help you to figure out the best model to choose.

    • Implement Infrastructure Shared Services – Phase 2: Choose the Right Path
    • Sample Enterprise Services

    3. Plan the transition

    Discuss an actionable plan to implement shared services to track the project. Walk through a communication plan to document the goals, progress, and expectations with customer stakeholders.

    • Implement Infrastructure Shared Services – Phase 3: Plan the Transition
    • Shared Services Implementation Roadmap Tool
    • Shared Services Implementation Customer Communication Plan
    [infographic]

    Workshop: Implement Infrastructure Shared Services

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Challenges

    The Purpose

    Establish the need for change.

    Key Benefits Achieved

    Set a clear understanding about benefits of shared services to your organization.

    Activities

    1.1 Identify your organization’s main drivers for using a shared services model.

    1.2 Define if it is beneficial to implement shared services.

    Outputs

    Shared services mission

    Shared services goals

    2 Assess Your Capabilities

    The Purpose

    Become aware of challenges to implement shared services and your capabilities for such transition.

    Key Benefits Achieved

    Discover the primary challenges for transitioning to shared services, eliminate resistance factors, and identify your business potentials for implementation.

    Activities

    2.1 Identify your organization’s resistance to implement shared services.

    2.2 Assess process and people capabilities.

    Outputs

    Shared Services Business Case

    Shared Services Assessment

    3 Define the Model

    The Purpose

    Determine the shared services model.

    Key Benefits Achieved

    Identify the core services to be shared and the best model that fits your organization.

    Activities

    3.1 Define core services that will be moved to shared services.

    3.2 Assess different models of shared services and pick the one that satisfies your goals and needs.

    Outputs

    List of services to be transferred to shared services

    Shared services model

    4 Implement and Communicate

    The Purpose

    Define and communicate the tasks to be delivered.

    Key Benefits Achieved

    Confidently approach key stakeholders to make the project a reality.

    Activities

    4.1 Define the roadmap for implementing shared services.

    4.2 Make a plan to communicate changes.

    Outputs

    List of initiatives to reach the target state, strategy risks, and their timelines

    Draft of a communication plan

    Stakeholder Relations

    • Buy Link or Shortcode: {j2store}25|cart{/j2store}
    • Related Products: {j2store}25|crosssells{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance

    The challenge

    • Stakeholders come in a wide variety, often with competing and conflicting demands.
    • Some stakeholders are hard to identify. Those hidden agendas may derail your efforts.
    • Understanding your stakeholders' relative importance allows you to prioritize your IT agenda according to the business needs.

    Our advice

    Insight

    • Stakeholder management is an essential factor in how successful you will be.
    • Stakeholder management is a continuous process. The landscape constantly shifts.
    • You must also update your stakeholder management plan and approach on an ongoing basis.

    Impact and results 

    • Use your stakeholder management process to identify, prioritize, and manage key stakeholders effectively.
    • Continue to build on strengthening your relationships with stakeholders. It will help to gain easier buy-in and support for your future initiatives. 

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Make the case

    Identify stakeholders

    • Stakeholder Management Analysis Tool (xls)

    Analyze your stakeholders

    Assess the stakeholder's influence, interest, standing, and support to determine priority for future actions 

    Manage your stakeholders

    Develop your stakeholder management and communication plans

    • Stakeholder Management Plan Template (doc)
    • Communication Plan Template (doc)

    Monitor your stakeholder management plan performance

    Measure and monitor the success of your stakeholder management process.

     

     

    Performance Measurement

    • Buy Link or Shortcode: {j2store}24|cart{/j2store}
    • Related Products: {j2store}24|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.0/10
    • member rating average dollars saved: $19,436
    • member rating average days saved: 23
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    Reinforce service orientation in your IT organization through IT metrics that make value-driven behavior happen..

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often seen as the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls in order to protect the organization.

    Impact and Result

    • At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach will allow you prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group.Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

    Mitigate the risk surface by reducing the time across the phases ›Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

    Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.)Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

    Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

    Plan risk mitigation strategy ›Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint.Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint.Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    PhaseMeasured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resourcesPhase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'.Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities.For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP TemplateSample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1Step 1.2Step 1.3Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scannedHow to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP TemplateSample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to askDescription
    Is there a hard-dollar impact from downtime?This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust?If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor?Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk?Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company:Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect.Arrow pointing right.Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1Step 2.2Step 2.3Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1Step 3.2Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposureReduction of overall risk due to vulnerabilitiesDecrease in vulnerabilitiesTrack the number of vulnerabilities year after year.
    Appropriate allocation of time and resourcesProper prioritization of vulnerability mitigation activitiesDecrease of critical and high vulnerabilitiesTrack the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the businessMinimize risk when vulnerabilities are detectedRemediate vulnerabilities more quicklyMean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning toolMinimize the ratio, indicating that the tool sees everythingRatio between known assets and what the scanner tracksScanner coverage compared to known assets in the organization.
    Having effective tools to track and addressAccuracy of the scanning toolDifference or ratio between reported vulnerabilities and verified onesNumber of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposureVisibility into persistent vulnerabilities and risk mitigation measuresNumber of exceptions grantedNumber of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool.When you add an exploitation tool to the mix, you move down the spectrum.Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment OptionsDo you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database CoverageScanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning MethodEvaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    IntegrationWhat is the breadth of other security and non-security technologies the tool can integrate with?
    RemediationHow detailed are the recommended remediation actions? The more granular, the better.

    Differentiator

    Description

    PrioritizationDoes the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform SupportWhat is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    PricingAs with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-PremisesEither an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    CloudEither hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    ManagedA third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based ScanningLocally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active ScanningTool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active ScanningScanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive ScanningScanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1Step 4.2Step 4.3Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Proactively Identify and Mitigate Vendor Risk

    • Buy Link or Shortcode: {j2store}227|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT priorities are focused on daily tasks, pushing risk management to secondary importance and diverging from a proactive environment.
    • IT leaders are relying on an increasing number of third-party technology vendors and outsourcing key functions to meet the rapid pace of change within IT.
    • Risk levels can fluctuate over the course of the partnership, requiring manual process checks and/or automated solutions.

    Our Advice

    Critical Insight

    • Every IT vendor carries risks that have business implications. These legal, financial, security, and operational risks could inhibit business continuity and IT can’t wait until an issue arises to act.
    • Making intelligent decisions about risks without knowing what their financial impact will be is difficult. Risk impact must be quantified.
    • You don’t know what you don’t know, and what you don’t know, can hurt you. To find hidden risks, you must use a structured risk identification method.

    Impact and Result

    • A thorough risk assessment in the selection phase is your first line of defense. If you follow the principles of vendor risk management, you can mitigate collateral losses following an adverse event.
    • Make a conscious decision whether to accept the risk based on time, priority, and impact. Spend the required time to correctly identify and enact defined vendor management processes that determine spend categories and appropriately evaluate potential and preferred suppliers. Ensure you accurately assess the partnership potential.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s most significant risks before they happen.

    Proactively Identify and Mitigate Vendor Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to create a vendor risk management program that minimizes your organization’s vulnerability and mitigates adverse scenarios.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review vendor risk fundamentals and establish governance

    Review IT vendor risk fundamentals and establish a risk governance framework.

    • Proactively Identify and Mitigate Vendor Risk – Phase 1: Review Vendor Risk Fundamentals and Establish Governance
    • Vendor Risk Management Maturity Assessment Tool
    • Vendor Risk Management Program Manual
    • Risk Event Action Plan

    2. Assess vendor risk and define your response strategy

    Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.

    • Proactively Identify and Mitigate Vendor Risk – Phase 2: Assess Vendor Risk and Define Your Response Strategy
    • Vendor Classification Model Tool
    • Vendor Risk Profile and Assessment Tool
    • Risk Costing Tool
    • Risk Register Tool

    3. Monitor, communicate, and improve IT vendor risk process

    Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.

    • Proactively Identify and Mitigate Vendor Risk – Phase 3: Monitor, Communicate, and Improve IT Vendor Risk Process
    • Risk Report
    [infographic]

    Workshop: Proactively Identify and Mitigate Vendor Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Workshop

    The Purpose

    To prepare the team for the workshop.

    Key Benefits Achieved

    Avoids delays and interruptions once the workshop is in progress.

    Activities

    1.1 Send workshop agenda to all participants.

    1.2 Prepare list of vendors and review any contracts provided by them.

    1.3 Review current risk management process.

    Outputs

    All necessary participants assembled

    List of vendors and vendor contracts

    Understanding of current risk management process

    2 Review Vendor Risk Fundamentals and Establish Governance

    The Purpose

    Review IT vendor risk fundamentals.

    Assess current maturity and set risk management program goals.

    Engage stakeholders and establish a risk governance framework.

    Key Benefits Achieved

    Understanding of organizational risk culture and the corresponding risk threshold.

    Obstacles to effective IT risk management identified.

    Attainable goals to increase maturity established.

    Understanding of the gap to achieve vendor risk readiness.

    Activities

    2.1 Brainstorm vendor-related risks.

    2.2 Assess current program maturity.

    2.3 Identify obstacles and pain points.

    2.4 Develop risk management goals.

    2.5 Develop key risk indicators (KRIs) and escalation protocols.

    2.6 Gain stakeholders’ perspective.

    Outputs

    Vendor risk management maturity assessment

    Goals for vendor risk management

    Stakeholders’ opinions

    3 Assess Vendor Risk and Define Your Response Strategy

    The Purpose

    Categorize vendors.

    Prioritize assessed risks.

    Key Benefits Achieved

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    3.1 Categorize vendors.

    3.2 Map vendor infrastructure.

    3.3 Prioritize vendors.

    3.4 Identify risk contributing factors.

    3.5 Assess risk exposure.

    3.6 Calculate expected cost.

    3.7 Identify risk events.

    3.8 Input risks into the Risk Register Tool.

    Outputs

    Vendors classified and prioritized

    Vendor risk exposure

    Expected cost calculation

    4 Assess Vendor Risk and Define Your Response Strategy (continued)

    The Purpose

    Determine risk threshold and contract clause relating to risk prevention.

    Identify and assess risk response actions.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.

    Risk response strategies have been identified for all key risks.

    Authoritative risk response recommendations can be made to senior leadership.

    Activities

    4.1 Determine the threshold for (un)acceptable risk.

    4.2 Match elements of the contract to related vendor risks.

    4.3 Identify and assess risk responses.

    Outputs

    Thresholds for (un)acceptable risk

    Risk responses

    5 Monitor, Communicate, and Improve IT Vendor Risk Process

    The Purpose

    Communicate top risks to management.

    Assign accountabilities and responsibilities for risk management process.

    Establish monitoring schedule.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Transparent accountabilities and established ongoing improvement of the vendor risk management program.

    Activities

    5.1 Create a stakeholder map.

    5.2 Complete RACI chart.

    5.3 Establish the reporting schedule.

    5.4 Finalize the vendor risk management program.

    Outputs

    Stakeholder map

    Assigned accountability for risk management

    Established monitoring schedule

    Risk report

    Vendor Risk Management Program Manual

    Configuration management

    • Buy Link or Shortcode: {j2store}4|cart{/j2store}
    • Related Products: {j2store}4|crosssells{/j2store}
    • Up-Sell: {j2store}4|upsells{/j2store}
    • Download01-Title: Harness the power of Configuration Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact (scale of 10): 8.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Configuration management is all about being able to manage your assets within the support processes. That means to record what you need. Not less than that, and not more either.

    Asset Management, Configuration Management, Lifecycle Management

    Lead Staff through Change

    • Buy Link or Shortcode: {j2store}510|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • Sixty to ninety percent of change initiatives fail, costing organizations dollars off the bottom line and lost productivity.
    • Seventy percent of change initiatives fail because of people-related issues, which place a major burden on managers to drive change initiatives successfully.
    • Managers are often too busy focusing on the process elements of change; as a result, they neglect major opportunities to leverage and mitigate staff behaviors that affect the entire team.

    Our Advice

    Critical Insight

    • Change is costly, but failed change is extremely costly. Managing change right the first time is worth the time and effort.
    • Staff pose the biggest opportunity and risk when implementing a change – managers must focus on their teams in order to maintain positive change momentum.
    • Large and small changes require the same change process to be followed but at different scales.
    • The size of a change must be measured according to the level of impact the change will have on staff, not how executives and managers perceive the change.
    • To effectively lead their staff through change, managers must anticipate staff reaction to change, develop a communication plan, introduce the change well, help their staff let go of old behaviors while learning new ones, and motivate their staff to adopt the change.

    Impact and Result

    • Anticipate and respond to staff questions about the change in order to keep messages consistent, organized, and clear.
    • Manage staff based on their specific concerns and change personas to get the best out of your team during the transition through change.
    • Maintain a feedback loop between staff, executives, and other departments in order to maintain the change momentum and reduce angst throughout the process.

    Lead Staff through Change Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn how to manage people throughout the change process

    Set up a successful change adoption.

    • Storyboard: Lead Staff through Change

    2. Learn the intricacies of the change personas

    Correctly identify which persona most closely resembles individual staff members.

    • None

    3. Assess the impact of change on staff

    Ensure enough time and effort is allocated in advance to people change management.

    • Change Impact Assessment Tool

    4. Organize change communications messages for a small change

    Ensure consistency and clarity in change messages to staff.

    • Basic Business Change Communication Worksheet

    5. Organize change communications messages for a large change

    Ensure consistency and clarity in change messages to staff.

    • Advanced Business Change Description Form

    6. Evaluate leadership of the change process with the team

    Improve people change management for future change initiatives.

    • Change Debrief Questionnaire
    [infographic]

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Embed Privacy and Security Culture Within Your Organization

    • Buy Link or Shortcode: {j2store}379|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    Engagement with privacy and security within organizations has not kept pace with the increasing demands from regulations. As a result, organizations often find themselves saying they support privacy and security engagement but struggling to create behavioral changes in their staff.

    However, with new privacy and security requirements proliferating globally, we can’t help but wonder how much longer we can carry on with this approach.

    Our Advice

    Critical Insight

    To truly take hold, privacy and security engagement must be supported by senior leadership, aligned with business objectives, and embedded within each of the organization’s operating groups and teams.

    Impact and Result

    • Develop a defined structure for privacy and security in the context of your organization, your obligations, and your objectives.
    • Align your business goals and strategy with privacy and security to obtain support from your senior leadership team.
    • Identify and implement a set of metrics to monitor the success of each of the six engagement enablers amongst your team.

    Embed Privacy and Security Culture Within Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a culture of privacy and security at your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define privacy and security in the context of the organization

    Use the charter template to document the primary outcomes and objectives for the privacy and security engagement program within the organization and map the organizational structure to each of the respective roles to help develop a culture of privacy and security.

    • Privacy and Security Engagement Charter

    2. Map your privacy and security enablers

    This tool maps business objectives and key strategic goals to privacy and security objectives and attributes identified as a part of the overall engagement program. Leverage the alignment tool to ensure your organizational groups are mapped to their corresponding enablers and supporting metrics.

    • Privacy and Security Business Alignment Tool

    3. Identify and track your engagement indicators

    This document maps out the organization’s continued efforts in ensuring employees are engaged with privacy and security principles, promoting a strong culture of privacy and security. Use the playbook to document and present the organization’s custom plan for privacy and security culture.

    • Privacy and Security Engagement Playbook

    Infographic

    Workshop: Embed Privacy and Security Culture Within Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Drivers and Engagement Objectives

    The Purpose

    Understand the current privacy and security landscape in the organization.

    Key Benefits Achieved

    Targeted set of drivers from both a privacy and security perspective

    Activities

    1.1 Discuss key drivers for a privacy and security engagement program.

    1.2 Identify privacy requirements and objectives.

    1.3 Identify security requirements and objectives.

    1.4 Review the business context.

    Outputs

    Understanding of the role and requirements of privacy and security in the organization

    Privacy drivers and objectives

    Security drivers and objectives

    Privacy and security engagement program objectives

    2 Align Privacy and Security With the Business

    The Purpose

    Ensure that your privacy and security engagement program is positioned to obtain the buy-in it needs through business alignment.

    Key Benefits Achieved

    Direct mappings between a culture of privacy and security and the organization’s strategic and business objectives

    Activities

    2.1 Review the IT/InfoSec strategy with IT and the InfoSec team and map to business objectives.

    2.2 Review the privacy program and privacy strategic direction with the Privacy/Legal/Compliance team and map to business objectives.

    2.3 Define the four organizational groupings and map to the organization’s structure.

    Outputs

    Privacy and security objectives mapped to business strategic goals

    Mapped organizational structure to Info-Tech’s organizational groups

    Framework for privacy and security engagement program

    Initial mapping assessment within Privacy and Security Business Alignment Tool

    3 Map Privacy and Security Enablers to Organizational Groups

    The Purpose

    Make your engagement plan tactical with a set of enablers mapped to each of the organizational groups and privacy and security objectives.

    Key Benefits Achieved

    Measurable indicators through the use of targeted enablers that customize the organization’s approach to privacy and security culture

    Activities

    3.1 Define the privacy enablers.

    3.2 Define the security enablers.

    3.3 Map the privacy and security enablers to organizational structure.

    3.4 Revise and complete Privacy and Security Business Alignment Tool inputs.

    Outputs

    Completed Privacy and Security Engagement Charter.

    Completed Privacy and Security Business Alignment Tool.

    4 Identify and Select KPIs and Metrics

    The Purpose

    Ensure that metrics are established to report on what the business wants to see and what security and privacy teams have planned for.

    Key Benefits Achieved

    End-to-end, comprehensive program that ensures continued employee engagement with privacy and security at all levels of the organization.

    Activities

    4.1 Segment KPIs and metrics based on categories or business, technical, and behavioral.

    4.2 Select KPIs and metrics for tracking privacy and security engagement.

    4.3 Assign ownership over KPI and metric tracking and monitoring.

    4.4 Determine reporting cadence and monitoring.

    Outputs

    KPIs and metrics identified at a business, technical, and behavioral level for employees for continued growth

    Completed Privacy and Security Engagement Playbook

    IT Operations Consulting

    Operations... make sure that the services and products you offer your clients are delivered in the most efficient way possible. IT Operations makes sure that the applications and infrastructure that your delivery depends on is solid.

    Gert Taeymans has over 20 years experience in directing the implementation and management of mission-critical services for businesses in high-volume international markets. Strong track record in risk management, crisis management including disaster recovery, service delivery and change & config management.

    Continue reading

    Build Effective Enterprise Integration on the Back of Business Process

    • Buy Link or Shortcode: {j2store}360|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Organizations undergoing growth, either organically or through M&A, tend to develop integration capabilities in a piecemeal and short-sighted fashion to preserve their view of agility.
    • Integration strategies that are focused solely on technological solutions are likely to complicate rather than simplify, as not enough consideration is given to how other systems and processes will be impacted.

    Our Advice

    Critical Insight

    • Define a path for your EI strategy. Establish the more pressing goal of enterprise integration: improving operational integrity or adding business intelligence/predictive analytics capability.
    • Combine multiple views of integration for a comprehensive EI strategy. Assess business process, applications, and data in tandem to understand where enterprise integration will fit in your organization.
    • Don’t start by boiling the ocean and get bogged down in mapping out the entire organization. For the purposes of the strategy, narrow your focus to a set of related high-value processes to identify ways to improve integration.

    Impact and Result

    • Begin your enterprise strategy formation by identifying if your organization places emphasis on enabling operational excellence or predictive modeling/analytics.
    • Enterprise integration needs to bring together business process, applications, and data, in that order. Kick-start the process of identifying opportunities for improvement by creating business process maps that incorporate how applications and data are coordinated to support business activities.
    • Revisit the corporate drivers after integration mapping activities to identify the primary use cases for improvement.
    • Prepare for the next steps of carrying out the strategy by reviewing a variety of solution options.
    • Develop a compelling business case by consolidating the outputs of your mapping activities, establishing metrics for a specific process (or set of processes), and quantifying the benefits.

    Build Effective Enterprise Integration on the Back of Business Process Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create an enterprise integration strategy; review Info-Tech’s methodology that encompasses business process, applications, and data; and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position enterprise integration within the organization

    Begin strategy development by assigning roles and responsibilities for the team and establishing the initial direction for the strategy.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 1: Position Enterprise Integration Within Your Organization
    • Chief Enterprise Integration Officer
    • Enterprise Integration Strategy Drivers Assessment

    2. Explore the lenses of enterprise integration

    Create business process maps that incorporate how applications and data are coordinated to support business activities.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 2: Explore the Lenses of Enterprise Integration
    • Enterprise Integration Process Mapping Tool

    3. Develop the enterprise integration strategy

    Review your integration map to identify improvement opportunities, explore integration solutions, and consolidate activity outputs into a strategy presentation.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 3: Develop the Enterprise Integration Strategy
    • Enterprise Integration Strategy Presentation Template
    [infographic]

    Workshop: Build Effective Enterprise Integration on the Back of Business Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Enterprise Integration

    The Purpose

    Discuss the general approach for creating a holistic enterprise integration strategy.

    Define the initial direction and drivers.

    Key Benefits Achieved

    Strategy development team with responsibilities identified.

    Clear initial direction for the strategy based on senior stakeholder input.

    Activities

    1.1 Define the driving statements for your EI strategy.

    1.2 Develop a RACI chart.

    1.3 Discuss the current state of enterprise integration.

    1.4 Establish the initial direction of your strategy by surveying senior stakeholders.

    Outputs

    Vision, mission, and values for enterprise integration

    RACI chart for strategy development

    Documentation of past integration projects

    Chief Enterprise Integration Officer job description template

    2 Explore the Lenses of Enterprise Integration

    The Purpose

    Build a comprehensive map of what integration looks like for your target business processes.

    Key Benefits Achieved

    Clear documentation of the integration environment, encompassing process, data, and applications.

    Activities

    2.1 Develop level-0 and level-1 business capability diagrams.

    2.2 Identify the business processes of focus, based on relevance to overall corporate drivers.

    2.3 Complete process flow diagrams.

    2.4 Begin identifying the applications that are involved in each step of your process.

    2.5 Detail the connections/interactions between the applications in your business processes.

    2.6 Draw a current state diagram for application integration.

    2.7 Identify the data elements created, used, and stored throughout the processes, as well as systems of record.

    Outputs

    Business capability maps

    Business process flow diagrams

    Current state integration diagram

    Completed integration map

    3 Develop the Enterprise Integration Strategy

    The Purpose

    Review the outputs of the integration mapping activities.

    Educate strategy team on the potential integration solutions.

    Consolidate the findings of the activities into a compelling strategy presentation.

    Key Benefits Achieved

    Integration improvement opportunities are identified.

    Direction and drivers for enterprise integration are finalized.

    Understanding of the benefits and limitations of some integration solutions.

    Activities

    3.1 Discuss the observations/challenges and opportunities for improvement.

    3.2 Refine the focus of the strategy by conducting a more detailed stakeholder survey.

    3.3 Review the most common integration solutions for process, applications, and data.

    3.4 Create a future state integration architecture diagram.

    3.5 Define the IT and business critical success factors for EI.

    3.6 Articulate the risks with pursuing (and not pursuing) an EI strategy.

    3.7 Quantify the monetary benefits of the EI strategy.

    3.8 Discuss best practices for presenting the strategy and organize the presentation content.

    Outputs

    Critical success factors and risks for enterprise integration

    Monetary benefits of enterprise integration

    Completed enterprise integration strategy presentation

    Diagnose Brand Health to Improve Business Growth

    • Buy Link or Shortcode: {j2store}564|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Low number and quality of leads generated, poor conversion rates, and declining customer retention and loyalty
    • Higher customer acquisition vs. marketing costs
    • Difficulties attracting and keeping talent, partners, and investors
    • Slow or low growth and devaluation of the brand due to low brand equity

    Our Advice

    Critical Insight

    • The Brand: Intangible, yet a company’s most valuable asset.
    • Data-driven decisions for a strong brand.
    • Investing in brand-building efforts means investing in your success.

    Impact and Result

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Diagnose Brand Health to Improve Business Growth Research & Tools

    Diagnose Brand Health to Improve Business Growth Executive Brief – A deck to help diagnose brand health to improve business growth.

    In this executive brief, you will discover the importance of a strong brand on the valuation, growth, and sustainability of your company. You will also learn about SoftwareReviews' approach to assessing current performance and gaining visibility into areas of improvement.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Brand Diagnostic and Analysis Tool Kit

    A comprehensive set of tools to gather and interpret qualitative and quantitative brand performance metrics.

    • Brand Diagnostic Tool - Digital Metrics Analysis Template
    • Brand Diagnostic Tool - Financial Metrics Analysis Template
    • Brand Diagnostic Tool Survey and Interview Questionnaires and Lists Template
    • Survey Emails Best Practices Guidelines
    • Brand Diagnostic Tool - External and Internal Factors Metrics Analysis Template

    2. Brand Diagnostic Executive Presentation

    Fully customizable, pre-built PowerPoint presentation template to communicate the results of the brand performance diagnostic, areas of improvement and trends, as well as your recommendations. It will also allow you to identify and align executive members and key stakeholders on next steps, and set priorities.

    • Brand Diagnostic - Executive Presentation Template

    Infographic

    Further reading

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it.

    EXECUTIVE BRIEF

    SoftwareReviews is a division of Info-Tech Research Group Inc., a world-class IT research and consulting firm established in 1997.
    Backed by two decades of IT research and advisory experience, SoftwareReviews offers the most comprehensive insight into the enterprise software landscape and client-vendor relationships.

    Analyst Perspective

    Brand Diagnostic and Monitoring

    In the ever-changing market landscape in which businesses operate, it is imperative to ensure that the brand stays top of mind and quickly adapts. Having a good understanding of where the brand stands and how it performs has become crucial for any company to stand out from its competitors and succeed in a crowded and very dynamic market.

    Unfortunately, the brand does not always receive the attention and importance it deserves, leaving it vulnerable to becoming outdated and unclear to the target audience and to losing its equity.

    Knowing how the brand is perceived, as opposed to how individuals within an organization perceive it, addressing any brand-related issues in a timely manner, and implementing processes to continuously monitor its performance have become key tactics for any company that wants to thrive in today's highly competitive market.

    Photo of Nathalie Vezina, Marketing Research Director, SoftwareReviews Advisory.

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    Executive Summary

    Your Challenge

    Because it is vulnerable to becoming outdated and unclear to the target audience and to losing its equity, it is essential to ensure that the brand is performing well and to be attentive to these signs of a weakened brand:

    • Low number and quality of leads generated, poor conversion rates, and declining customer retention and loyalty
    • Lack of understanding of the value proposition; lack of interest and interaction with the brand
    • Higher customer acquisition/marketing costs
    • Difficulties attracting and keeping talent, partners, or future investors
    • Low/slow growth; devaluation of the brand due to low brand equity
    Common Obstacles

    Building a strong brand is an everyday challenge, and brand leaders often face what may seem like overwhelming obstacles in achieving their goal. Here are some of the roadblocks they regularly face:

    • Limited visibility on brand perception and overall performance
    • Insufficient supporting information to make clear, undisputable data-driven decisions and convince key stakeholders how to improve brand performance
    • Limited resources (time, budget, headcount, tools) to diagnose, measure, and execute
    • Stakeholders may not be fully aware of the benefits of a strong brand and the impacts that a weak brand can have on the overall performance of the business
    SoftwareReviews’ Approach

    This SoftwareReviews blueprint provides the guidance and tools required to perform a thorough brand diagnostic and enable brand leaders to:

    • Know how the brand performs; pinpoint gaps and areas for improvement
    • Make clear, data-driven recommendations and decisions on how to fix and optimize the brand
    • Communicate, convince key stakeholders, and align on proposed solutions to optimize the brand’s performance
    • Continuously monitor and optimize the brand

    SoftwareReviews Advisory Insight

    The brand is a company’s most valuable asset that should never fall into disrepair. In fact, business leaders should ensure that at least half of their marketing budget is allocated to brand-building efforts.

    What is a brand?

    The brand – both intangible and the most valuable asset for businesses.

    Despite its intangible nature, the brand is at the heart of every business, small and large, around which rotates what drives business success and growth.

    While measuring its real value on the marketplace can be difficult, a brand with high salience will attract and retain customers for as long as it keeps evolving and adapting to its dynamic environment.

    Up to 90% of the total market value of companies is based on intangible assets, such as brand recognition. (Source: Ocean Tomo, 2020)

    Multiple bubbles with the biggest bubble highlighted and labelled 'BRAND'. The other bubbles say 'IDENTITY', 'LOYALTY', 'TRUST', 'STRATEGY', 'GROWTH', 'AWARENESS', and 'VALUE'.

    What makes a brand strong?

    Perception Matters

    The brand reflects the image of a company or a product. The values it conveys and how it’s being perceived have a direct impact on a brand's ability to stand out and grow.

    A brand is strong when it:

    • Projects a positive image
    • Has a clear positioning and value proposition
    • Is authentic and inspiring
    • Conveys values that resonates
    • Is socially engaged
    • Builds awareness
    • Is consistent
    • Delivers on its promise
    • Inspires trust
    “In the past, a brand is what a company told you it was. Today, a brand is what people tell each other it is.” (Source: Mark Schaefer, 2019)

    Investing in building a brand, a top priority for businesses

    Company Valuation

    Branding has become a top priority for companies to increase the value of their business in the marketplace. A good market value is essential to attract and retain investors, obtain future rounds of financing, grow by acquisition, and find buyers.

    The more equity a brand gains, the higher its market value, despite the company’s annual revenue. While annual revenue is factored in the equation, the equity of the brand has a greater impact on the market value. A brand whose market value is lower than its revenue is an important indicator that the brand is weakened and needs to be addressed.

    Revenue and Growth

    Most successful companies are investing heavily in building their brand, and for good reason. A strong brand will deliver the right messaging, and a unique and clear value proposition will resonate with its audience and directly impact customer acquisition costs, outperform competition, enable higher pricing, and increase sales volume and customer lifetime value.

    A strong brand also helps develop partner channels, attract and engage high-value partners, and allow for actionable and incremental KPIs.

    Talent Acquisition and Retention

    Brands with strong values are more attractive to highly skilled talent without having to offer above-market salaries. In addition, when a brand inspires pride and shares common values with employees, it increases their motivation and the company’s retention rate.

    Retaining employees within the company allows for the development of talent and retention of knowledge within the organization, thus contributing to the sustainability of the organization.

    It's no wonder that employer branding has become an essential element of human resources strategies.

    “Sustainable Living Brands are growing 69% faster than the rest of the business and delivering 75% of the company’s growth.” (Source: Unilever, 2019, qtd. in Deloitte, 2021)

    Symptoms of a weakened brand

    Know if your brand is suffering and needs to be fixed.

    Brand leaders experiencing one or more of these brand-related symptoms should consider rebranding or optimizing their brand:
    • Low number and quality of leads generated, poor conversion rates, and declining customer retention and loyalty
    • Higher customer acquisition vs. marketing costs
    • Difficulties attracting and keeping talent, partners, and investors
    • Slow or low growth and devaluation of the brand due to low brand equity

    With visibility into your brand and the supporting data that provides a thorough diagnostic of the brand, combined with ongoing brand performance monitoring, you will have all the information you need to help you drive the brand forward, have a significant impact on business growth, and stand out as a brand leader.

    The largest software companies have an average market cap of 18X their revenue (Source: Companies Market Cap, May 2022)

    Building a strong brand, an everyday challenge

    Brand leaders are often faced with overwhelming obstacles in building a strong brand.

    Limited visibility on brand perception and overall performance Insufficient information to make clear, undisputable data-driven decisions and convince key stakeholders how to improve brand performance Stock image of a person pulling a boulder.
    Misunderstanding of the benefits of a strong brand and negative impacts of a weak brand on business valuation and growth Limited resources (time, budget, headcount, tools) to diagnose, measure, and execute
    Only
    54%
    of businesses have a B2B brand program in place for measuring brand perceptions. (Source: B2B International, 2016) Only
    4%
    of B2B marketing teams measure the impact of their marketing/brand building efforts beyond six months. (Source: LinkedIn’s B2B Institute, 2019) 50%
    of marketing budget is what successful brands spend on average on brand-building efforts. (Source: Les Binet and Peter Field, 2018)
    82% of investors say name recognition is an important factor guiding them in their investment decisions. (Source: Global Banking & Finance Review, 2018) 77% of B2B marketers say branding is crucial for growth. (Source: Circle Research)

    Making brand performance visible

    Implement data-driven strategies and make fact-based decisions to continuously optimize brand performance.

    Diagnose your brand’s health
    Know how your brand is being perceived and have visibility on its performance.
    Cycle titled 'BRAND' with steps 'Diagnose', 'Identify', 'Fix', 'Keep Monitoring' and back to 'Diagnose'. Identify trends and areas of improvement
    Rely on undisputable and reliable data to make clear decisions and educate and communicate with key stakeholders.
    Keep monitoring your brand’s performance
    Stay on top of the game and keep away competitors by continuously monitoring your brand’s health.
    Fix issues with your brand in a timely manner
    Don’t lose the momentum. Achieve better results and have a greater impact on your success and chances to grow.

    Qualitative and quantitative brand performance measures

    Segmented by SoftwareReviews Advisory into three categories for a comprehensive diagnostic.

    Icon of a megaphone. Icon of a head with puzzle pieces. Icon of coins.
    Brand Equity
    • Awareness
    • Perception
    • Positioning
    • Recognition/recall
    • Trust
    Buyer’s Behavior
    • Interaction with the brand
    • Preference
    • Purchase intent
    • Product reviews
    • Social engagement
    • Website traffic
    • Lead generation
    Financial
    • Revenue
    • Profit margin
    • Customer lifetime value (CLV)
    • Customer acquisition cost (CAC)
    • Intangible asset market value (IAMV)

    Benefits of a strong and healthy brand

    A healthy brand is the foundation of your success.

    Ensure a better understanding of the value proposition and positioning Drive more interest, interaction, and traction Increase brand awareness and equity Generate higher number and quality of leads
    Achieve higher and faster conversion rate Build trust and improve customer retention and loyalty Attract and keep talent, partners, and investors Achieve higher and faster growth

    Visual explaining the brand diagnostic methodology: 1. data collection and analysis; and 2. presentation and alignment. Outcomes: gain visibility into the brand's performance, highlight areas for improvement, and make data-driven decisions.

    Who benefits from diagnosing the brand?

    This Research Is Designed for:

    Brand leaders who are looking to:

    • Detect and monitor brand performance, issues, trends, and areas of improvement
    • Optimize and fix their brand
    • Develop strategies, and make recommendations and decisions based on facts
    • Get the support they need from key stakeholders
    This Research Will Help You:
    • Get the visibility you need on your brand’s performance
    • Pinpoint brand issues, trends, and areas of improvement
    • Develop data-driven strategies, and make recommendations and decisions based on facts
    • Communicate with and convince key stakeholders
    • Get the support you need from key stakeholders
    • Put in place new diagnostic and monitoring processes to continually improve your brand
    This Research Will Also Assist:
    • Sales with qualified lead generation and customer retention and loyalty
    • Human Resources in their efforts to attract and retain talent
    • The overall business with growth and increased market value
    This Research Will Help Them:
    • Have a better understanding of the importance of a strong brand on business growth and valuation
    • Align on next steps

    SoftwareReviews’ Brand Diagnostic Methodology

    0. Communication & Alignment 1. Data Collection 2. Data Analysis & Interpretation 3. Report & Presentation
    Phase Steps
    1. Engage and unify the team
    2. Communicate and present
    3. Align on next steps
    1. Identify and document internal and external changes affecting the brand
    2. Conduct internal and external brand perception surveys
    3. Gather customer loyalty feedback
    4. Collect digital performance metrics
    1. Analyze data collected
    2. Identify issues, trends, gaps, and inconsistencies
    3. Compare data with current brand statement
    1. Build report with recommendations
    2. Prioritize brand fixes from high to low positive impact
    3. Build presentation
    Phase Outcomes
    • Importance of the brand is recognized
    • Endorsement and prioritization
    • Support and resources
    • All relevant data/information is collected in one place
    • Visibility on the performance of the brand
    • All the data in hand to support recommendations and make informed decisions
    • Visibility and clear understanding of the brand’s health and how to fix or improve its performance

    Insight summary

    The Brand: Intangible, yet a company’s most valuable asset

    Intangible assets, such as brand recognition, account for almost all of a company’s value.1 Despite its intangible nature, the brand is at the heart of every business and has a direct impact on business growth, profitability, and revenue. While measuring its real value on the marketplace can be difficult, a brand with high traction will attract customers and keep them for as long as it keeps evolving and adapting to its dynamic environment.

    Making brand issues visible

    Having a clear understanding of how the brand performs has become crucial for any company that wants to stand out from its competitors and succeed in a crowded and highly dynamic marketplace.

    Data-driven decisions for a strong brand

    Intuition-based or uninformed decisions are obsolete. Brand leaders must base their decisions on facts to be able to convince key stakeholders.

    Building a strong brand, an everyday challenge

    Brand leaders often face overwhelming obstacles building strong brands. They need guidance and tools to support them to drive the business forward.

    Get team buy-in and alignment

    Brand leaders must ensure that the key stakeholders are aware of the importance of a strong brand to business growth and value increase and that they are aligned and committed to the efforts required to build a successful brand.

    Investing in brand-building efforts means investing in your success

    Successful business leaders allocate at least half of their marketing budget2 to brand-building efforts, enabling them to set themselves apart, significantly increase their market share, grow their business, and thrive in a highly competitive marketplace.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    What does a typical GI on this topic look like?

    Brand Diagnostic

    Data Analysis & Interpretation

    Report & Presentation Building

    Communication & Alignment

    Call #1: Discuss concept and benefits of performing a brand diagnostic. Identify key stakeholders. Anticipate concerns and objections.

    Call #2: Discuss how to use the tool. Identify resources and internal support needed.

    Call #3: Review results. Discuss how to identify brand issues, areas of improvement, and trends based on data collected and to interpret key metrics.

    Call #4 (optional): Continue discussion from call #3.

    Call #5: Discuss recommendations and best practices to fix the issues identified and resources required.

    Call #6: Discuss purpose and how to build the report and presentation, Prioritize the brand fixes from high to low positive impact.

    Call #7 (optional): Follow up with call on report and presentation preparation.

    Call #8: Discuss key points to focus on when presenting to key stakeholders and the desired outcome.

    Call #9: Discuss how to leverage brand diagnostic tools now in place and the benefits of continuously monitoring the brand.

    Call #10: Debrief and determine how we can help with next steps.

    Key deliverable:

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Brand Diagnostic Presentation Template

    Sample of the key deliverable, the Brand Diagnostic Presentation Template.

    Pre-built and fully customizable PowerPoint template to communicate key findings, areas of improvements, and recommendations to key stakeholders, align on next steps, and prioritize.

    Brand Diagnostic Report Dashboard

    Sample of the Brand Diagnostic Report Dashboard deliverable.

    Auto-filling dashboard built into the Brand Diagnostic Tool Kit. Ready to be saved and shared as a PDF.

    Brand Diagnostic Tool Kit

    Sample of the Brand Diagnostic Tool Kit deliverable.

    Comprehensive Excel Workbook to gather and interpret brand performance metrics. Includes survey questionnaires.

    Bibliography

    “71% of Consumers More Likely to Buy a Product or Service From a Name They Recognise.” Global Banking & Finance Review, 5 December 2018. Web.

    B2B Marketing Leaders Report. Circle Research, n.d. Web.

    Binet, Les, and Peter Field. Effectiveness In Context: A manual for Brand Building. Institute of Practitioners in Advertising, 12 October 2018. Ebook.

    “Current Trends in the World of B2B Marketing, 2016 Survey.” B2B International, 2016. Web.

    Intangible Asset Market Value Study. Ocean Tomo, July 2020. Web.

    Largest Software Companies By Market Cap. Companies Market Cap, May 2022. Web.

    “Unilever, purpose-led brands outperform.” Unilever, 6 October 2019. Web. qtd. in Kounkel, Suzanne, Amy Silverstein, and Kathleen Peeters. “2021 Global Marketing Trends.” Deloitte Insights, 2020. Web.

    Schaefer, Mark. “The Future Of Branding Is Human Impressions.” Mark Schaefer Blog, 3 June 2019. Web.

    The 5 Principles Of Growth In B2B Marketing - Empirical Observations on B2B Effectiveness. LinkedIn B2B Institute, 2019. Web.

    Visual explaining the brand diagnostic methodology: 1. data collection and analysis; and 2. presentation and alignment. Outcomes: gain visibility into the brand's performance, highlight areas for improvement, and make data-driven decisions.

    Who benefits from diagnosing the brand?

    This Research Is Designed for:

    Brand leaders who are looking to:

    • Detect and monitor brand performance, issues, trends, and areas of improvement
    • Optimize and fix their brand
    • Develop strategies, and make recommendations and decisions based on facts
    • Get the support they need from key stakeholders
    This Research Will Help You:
    • Get the visibility you need on your brand’s performance
    • Pinpoint brand issues, trends, and areas of improvement
    • Develop data-driven strategies, and make recommendations and decisions based on facts
    • Communicate with and convince key stakeholders
    • Get the support you need from key stakeholders
    • Put in place new diagnostic and monitoring processes to continually improve your brand
    This Research Will Also Assist:
    • Sales with qualified lead generation and customer retention and loyalty
    • Human Resources in their efforts to attract and retain talent
    • The overall business with growth and increased market value
    This Research Will Help Them:
    • Have a better understanding of the importance of a strong brand on business growth and valuation
    • Align on next steps

    SoftwareReviews’ Brand Diagnostic Methodology

    0. Communication & Alignment 1. Data Collection 2. Data Analysis & Interpretation 3. Report & Presentation
    Phase Steps
    1. Engage and unify the team
    2. Communicate and present
    3. Align on next steps
    1. Identify and document internal and external changes affecting the brand
    2. Conduct internal and external brand perception surveys
    3. Gather customer loyalty feedback
    4. Collect digital performance metrics
    1. Analyze data collected
    2. Identify issues, trends, gaps, and inconsistencies
    3. Compare data with current brand statement
    1. Build report with recommendations
    2. Prioritize brand fixes from high to low positive impact
    3. Build presentation
    Phase Outcomes
    • Importance of the brand is recognized
    • Endorsement and prioritization
    • Support and resources
    • All relevant data/information is collected in one place
    • Visibility on the performance of the brand
    • All the data in hand to support recommendations and make informed decisions
    • Visibility and clear understanding of the brand’s health and how to fix or improve its performance

    Insight summary

    The Brand: Intangible, yet a company’s most valuable asset

    Intangible assets, such as brand recognition, account for almost all of a company’s value.1 Despite its intangible nature, the brand is at the heart of every business and has a direct impact on business growth, profitability, and revenue. While measuring its real value on the marketplace can be difficult, a brand with high traction will attract customers and keep them for as long as it keeps evolving and adapting to its dynamic environment.

    Making brand issues visible

    Having a clear understanding of how the brand performs has become crucial for any company that wants to stand out from its competitors and succeed in a crowded and highly dynamic marketplace.

    Data-driven decisions for a strong brand

    Intuition-based or uninformed decisions are obsolete. Brand leaders must base their decisions on facts to be able to convince key stakeholders.

    Building a strong brand, an everyday challenge

    Brand leaders often face overwhelming obstacles building strong brands. They need guidance and tools to support them to drive the business forward.

    Get team buy-in and alignment

    Brand leaders must ensure that the key stakeholders are aware of the importance of a strong brand to business growth and value increase and that they are aligned and committed to the efforts required to build a successful brand.

    Investing in brand-building efforts means investing in your success

    Successful business leaders allocate at least half of their marketing budget2 to brand-building efforts, enabling them to set themselves apart, significantly increase their market share, grow their business, and thrive in a highly competitive marketplace.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    What does a typical GI on this topic look like?

    Brand Diagnostic

    Data Analysis & Interpretation

    Report & Presentation Building

    Communication & Alignment

    Call #1: Discuss concept and benefits of performing a brand diagnostic. Identify key stakeholders. Anticipate concerns and objections.

    Call #2: Discuss how to use the tool. Identify resources and internal support needed.

    Call #3: Review results. Discuss how to identify brand issues, areas of improvement, and trends based on data collected and to interpret key metrics.

    Call #4 (optional): Continue discussion from call #3.

    Call #5: Discuss recommendations and best practices to fix the issues identified and resources required.

    Call #6: Discuss purpose and how to build the report and presentation, Prioritize the brand fixes from high to low positive impact.

    Call #7 (optional): Follow up with call on report and presentation preparation.

    Call #8: Discuss key points to focus on when presenting to key stakeholders and the desired outcome.

    Call #9: Discuss how to leverage brand diagnostic tools now in place and the benefits of continuously monitoring the brand.

    Call #10: Debrief and determine how we can help with next steps.

    Key deliverable:

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Brand Diagnostic Presentation Template

    Sample of the key deliverable, the Brand Diagnostic Presentation Template.

    Pre-built and fully customizable PowerPoint template to communicate key findings, areas of improvements, and recommendations to key stakeholders, align on next steps, and prioritize.

    Brand Diagnostic Report Dashboard

    Sample of the Brand Diagnostic Report Dashboard deliverable.

    Auto-filling dashboard built into the Brand Diagnostic Tool Kit. Ready to be saved and shared as a PDF.

    Brand Diagnostic Tool Kit

    Sample of the Brand Diagnostic Tool Kit deliverable.

    Comprehensive Excel Workbook to gather and interpret brand performance metrics. Includes survey questionnaires.

    Bibliography

    “71% of Consumers More Likely to Buy a Product or Service From a Name They Recognise.” Global Banking & Finance Review, 5 December 2018. Web.

    B2B Marketing Leaders Report. Circle Research, n.d. Web.

    Binet, Les, and Peter Field. Effectiveness In Context: A manual for Brand Building. Institute of Practitioners in Advertising, 12 October 2018. Ebook.

    “Current Trends in the World of B2B Marketing, 2016 Survey.” B2B International, 2016. Web.

    Intangible Asset Market Value Study. Ocean Tomo, July 2020. Web.

    Largest Software Companies By Market Cap. Companies Market Cap, May 2022. Web.

    “Unilever, purpose-led brands outperform.” Unilever, 6 October 2019. Web. qtd. in Kounkel, Suzanne, Amy Silverstein, and Kathleen Peeters. “2021 Global Marketing Trends.” Deloitte Insights, 2020. Web.

    Schaefer, Mark. “The Future Of Branding Is Human Impressions.” Mark Schaefer Blog, 3 June 2019. Web.

    The 5 Principles Of Growth In B2B Marketing - Empirical Observations on B2B Effectiveness. LinkedIn B2B Institute, 2019. Web.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    • Buy Link or Shortcode: {j2store}416|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $38,999 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Our Advice

    Critical Insight

    • Create visual documents, not dense SOP manuals.
    • Start with high-impact SOPs, and identify the most critical undocumented SOPs and address them first.
    • Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Impact and Result

    • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
    • Use simple but effective document management practices.
    • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Make SOPs work for you with visual documents that are easier to create and more effective for process management and optimization.

    Learn best practices for creating, maintaining, publishing, and managing effective SOP documentation.

    • Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind – Phases 1-3

    2. Standard Operating Procedures Workbook and Document Management Checklist – Prioritize, optimize, and document critical SOPs.

    Identify required documentation and prioritize them according to urgency and impact.

    • Standard Operating Procedures Workbook
    • Document Management Checklist

    3. Process Templates and Examples – Review and assess templates to find samples that are fit for purpose.

    Review the wide variety of samples to see what works best for your needs.

    • Standard Operating Procedures Project Roadmap Tool
    • System Recovery Procedures Template
    • Application Development Process – AppDev Example (Visio)
    • Application Development Process – AppDev Example (PDF)
    • Network Backup for Atlanta Data Center – Backups Example
    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)
    • Employee Termination Process Checklist – IT Security Example
    • Sales Process for New Clients – Sales Example (Visio)
    • Sales Process for New Clients – Sales Example (PDF)
    • Incident and Service Management Procedures – Service Desk Example (Visio)
    • Incident and Service Management Procedures – Service Desk Example (PDF)
    [infographic]

    Further reading

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Change your focus from satisfying auditors to driving process optimization, consistent IT operations, and effective knowledge transfer.

    Project Outline

    Two flowcharts are depicted. The first is labelled 'Executive Brief' and the second is labelled 'Tools and Templates Roadmap'. Both outline the following project.

    ANALYST PERSPECTIVE

    Do your SOPs drive process optimization?

    "Most organizations struggle to document and maintain SOPs as required, leading to process inconsistencies and inefficiencies. These breakdowns directly impact the performance of IT operations. Effective SOPs streamline training and knowledge transfer, improve transparency and compliance, enable automation, and ultimately decrease costs as processes improve and expensive breakdowns are avoided. Documenting SOPs is not just good practice; it directly impacts IT efficiency and your bottom line."

    Frank Trovato, Senior Manager, Infrastructure Research Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Process Owners
    • IT Infrastructure Managers
    • IT Service Managers
    • System Administrators
    • And more…

    This Research Will Help You:

    • Identify, prioritize, and document SOPs for critical business processes.
    • Discover opportunities for overall process optimization by documenting SOPs.
    • Develop documentation best practices that support ongoing maintenance and review.

    This Research Will Also Assist:

    • CTOs
    • Business unit leaders

    This Research Will Help Them:

    • Understand the need for and value of documenting SOPs in a usable format.
    • Help set expectations around documentation best practices.
    • Extend IT best practices to other parts of the business.

    Executive summary

    Situation

    • Most organizations know it is good practice to have SOPs as it improves consistency, facilitates process improvement, and contributes to efficient operations.
    • Though the benefits are understood, many organizations don't have SOPs and those that do don't maintain them.

    Complication

    • Writing SOPs is the last thing most people want to do, so the work gets pushed down the priority list and the documents become dated.
    • Promoting the use of SOPs can also face staff resistance as the documentation is seen as time consuming to develop and maintain, too convoluted to be useful, and generally out of date.

    Resolution

    • Overcome staff resistance while implementing a sustainable SOP documentation approach by doing the following:
      • Create visual documents that can be scanned. Flowcharts, checklists, and diagrams are quicker to create, take less time to update, and are ultimately more usable than a dense manual.
      • Use simple, but effective document management practices.
      • Make SOPs part of your project deliverables rather than an afterthought. That includes checking documentation status as part of your change management process.
    • Extend these principles to other areas of IT and business processes. The survey data and examples in this report include application development and business processes as well as IT operations.

    Info-Tech Insight

    1. Create visual documents, not dense SOP manuals.
    2. Start with high-impact SOPs. Identify the most critical undocumented SOPs and document them first.
    3. Integrate SOP creation into project requirements and create SOP approval steps to ensure documentation is reviewed and completed in a timely fashion.

    Most organizations struggle to create and maintain SOP documents, especially in North America, despite the benefits

    North American companies are traditionally more technology focused than process focused, and that is reflected in the approach to documenting SOPs.

    • An ad hoc approach to SOPs almost certainly means documents will be out of date and ineffective. The same is also true when updating SOPs as part of periodic concerted efforts to prepare for an audit, annual review, or certification process, and this makes the task more imposing.
    • Incorporating SOP updates as part of regular change management processes ensures documents are up to date and usable. This can also make reviews and audits much more manageable.

    'It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained.'

    – Gary Patterson, Consultant, Quorum Resources

    Organizations are most likely to update documents on an ad hoc basis or via periodic formal reviews. Less than 25% keep SOPs updated as needed.

    Graph depicting North America versus Asia and Europe practices of document updates

    Source: Info-Tech Research Group; N=104

    Document SOPs to improve knowledge transfer, optimize processes, and ultimately save money

    Benefits of documented SOPs Impact of undocumented/undefined SOPs
    Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks). Without documented SOPs: Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff.
    IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved. Without documented SOPs: IT automation built on poorly defined, unoptimized processes leads to inconsistent results.
    Compliance: Compliance audits are more manageable because the documentation is already in place. Without documented SOPs: Documenting SOPs to prepare for an audit becomes a major time-intensive project.
    Transparency: Visually documented processes answer the common business question of “why does that take so long?” Without documented SOPs: Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.
    Cost savings: Work can be assigned to the lowest level of support cost, IT operations achieve greater efficiency, and expensive breakdowns are avoided. Without documented SOPs: Work may be distributed uneconomically, money may be wasted through inefficient processes, and the organization is vulnerable to costly disruptions.

    COBIT, ISO, and ITIL aren’t a complete solution

    "Being ITIL and ISO compliant hasn’t solved our documentation problem. We’re still struggling."

    – Vendor Relationship Manager, Financial Services Industry

    • Adopting a framework such as ITIL, COBIT, or ISO doesn’t always mean that SOP documents are accurate, effective, or up to date.
    • Although these frameworks emphasize the importance of documenting processes, they tend to focus more on process development and requirements than on actual documentation. In other words, they deal more with what needs to be done than with how to do it.
    • This research will focus more on the documentation process itself – so how to go about creating, updating, optimizing, managing, and distributing SOP documents.

    Inadequate SOPs lead to major data loss and over $99,000 in recovery costs

    CASE STUDY 1

    Company A mid-sized US organization with over 1,000 employees

    Source Info-Tech Interview

    Situation

    • IT supports storage nodes replicated across two data centers. SOPs for backup procedures did not include an escalation procedure for failed backups or a step to communicate successful backups. Management was not aware of the issue and therefore could not address it before a failure occurred.

    Incident

    • Primary storage had a catastrophic failure, and that put pressure on the secondary storage, which then also failed. All active storage failed and the data corrupted. Daily backups were failing due to lack of disk space on the backup device. The organization had to resort to monthly tape backups.

    Impact

    • Lost 1 month of data (had to go back to the last tape backup).
    • Recovery also took much longer because recovery procedures were also not documented.
    • Key steps such as notifying impacted customers were overlooked. Customers were left unhappy not only with the outage and data loss but also the lack of communication.
    Hard dollar recovery costs
    Backup specialist (vendor) to assist with restoring data from tape $12,000
    Temps to re-enter 1 month of data $5,000
    Weekend OT for 4 people (approximately 24 hours per person) $5,538
    Productivity cost for affected employees for 1 day of downtime $76,923
    Total $99,462

    Intangible costs

    High “goodwill” impact for internal staff and customers.

    "The data loss pointed out a glaring hole in our processes – the lack of an escalation procedure. If I knew backups weren’t being completed, I would have done something about that immediately."

    – Senior Division Manager, Information Technology Division

    IT services company optimizes its SOPs using “Lean” approach

    CASE STUDY 2

    Company Atrion

    SourceInfo-Tech Interview

    Lean and SOPs

    • Standardized work is important to Lean’s philosophy of continuous improvement. SOPs allow for replication of the current best practices and become the baseline standard for member collaboration toward further improvements.
    • For more on Lean’s approach to SOPs, see “Lean Six Sigma Quality Transformation Toolkit (LSSQTT) Tool #17.”

    Atrion’s approach

    • Atrion is focused on documenting high-level processes that improve the client and employee experience or which can be used for training.
    • Cross-functional teams collaborate to document a process and find ways to optimize that SOP.
    • Atrion leverages visual documentation as much as possible: flowcharts, illustrations, video screen captures, etc.

    Outcomes

    • Large increase in usable, up-to-date documentation.
    • Process and efficiency improvements realized and made repeatable.
    • Success has been so significant that Atrion is planning to offer SOP optimization training and support as a service for its clients in the future.

    Atrion

    • Atrion provides IT services, solutions, and leadership to clients in the 250+ user range.
    • After adopting the Lean framework for its organization, it has deliberately focussed on optimizing its documentation.

    When we initiated a formal process efficiency program a little over a year ago and began striving towards a culture of continuous improvement, documenting our SOPs became key. We capture how we do things today and how to make that process more efficient. We call it current state and future state mapping of any process.

    – Michelle Pope, COO, Atrion Networking Corp.

    Strategies to overcome common documentation challenges

    Use Info-Tech’s methodology to streamline the SOP documentation process.

    Common documentation challenges Info-Tech’s methodology
    Where to start. For organizations with very few (if any) documented SOPs, the challenge is where to start. Apply a client focus to prioritize SOPs. Start with mission-critical operations, service management, and disaster recovery.
    Lack of time. Writing SOPs is viewed as an onerous task, and IT staff typically do not like to write documentation or lack the time. Use flowcharts, checklists, and diagrams over traditional dense manuals. Flowcharts, checklists, and diagrams take less time to create and maintain, and the output is far more usable than traditional manuals.
    Inconsistent document management. Documents are unorganized, e.g. hard to find documents, or you don’t know if you have the correct, latest version. Keep it simple. You don’t need a full-time SOP librarian if you stick to a simple, but consistent approach to documentation management. Simple is easier to follow (therefore, be consistent).
    Documentation is not maintained. More urgent tasks displace documentation efforts. There is little real motivation for staff to keep documents current. Ensure accountability at the individual and project level. Incorporate documentation requirements into performance evaluations, project planning, and change control procedures.

    Use this blueprint as a building block to complete these other Info-Tech projects

    Improve IT-Business Alignment Through an Internal SLA

    Understand business requirements, clarify capabilities, and close gaps.

    Standardize the Service Desk – Module 2 & 3

    Improve reporting and management of incidents and build service request workflows.

    Create a Right-Sized Disaster Recovery Plan

    Define appropriate objectives for DR, build a roadmap to close gaps, and document your incident response plan.

    Extend the Service Desk to the Enterprise

    Position IT as an innovator.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Create Visual SOP Documents – project overview

    1. Prioritize, optimize, and document critical SOPs 2. Establish a sustainable documentation process 3. Identify a content management solution
    Best-Practice Toolkit

    1.1 Identify and prioritize undocumented/outdated critical processes

    1.2 Reduce effort and improve usability with visual documentation

    1.3 Optimize and document critical processes

    2.1 Establish guidelines for identifying and organizing SOPs

    2.2 Write an SOP for creating and maintaining SOPs

    2.3 Plan SOP working sessions to put a dent into your documentation backlog

    3.1 Understand the options when it comes to content management solutions

    3.2 Use Info-Tech’s evaluation tool to determine the right approach for you

    Guided Implementations
    • Identify undocumented critical SOPs.
    • Understand the benefits of a visual approach.
    • Work through a tabletop exercise to document two visual SOP documents.
    • Establish documentation information guidelines.
    • Identify opportunities to create a culture that fosters SOP creation.
    • Address outstanding undocumented SOPs by working through process issues together.
    • Review your current approach to content management and discuss possible alternatives.
    • Evaluate options for a content management strategy, in the context of your own environment.
    Onsite Workshop Module 1:

    Identify undocumented critical processes and review the SOP mapping process.

    Module 2:

    Review and improve your documentation process and address your documentation backlog.

    Module 3:

    Evaluate strategies for publishing and managing SOP documentation.

    Phase 1 Outcome:
      Review and implement the process for creating usable SOPs.
    Phase 2 Outcome:
      Optimize your SOP maintenance processes.
    Phase 3 Outcome:
      Choose a content management solution that meets your needs.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Prep Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities Scope the SOP pilot and secure resources
    • Identify the scope of the pilot project.
    • Develop a list of processes to document.
    • Ensure required resources are available.
    Prioritize SOPs and review methodology

    1.1 Prioritize undocumented SOPs.

    1.2 Review the visual approach to SOP planning.

    1.3 Conduct a tabletop planning exercise.

    Review SOPs and identify process gaps

    2.1 Continue the tabletop planning exercise with other critical processes.

    2.2 Conduct a gap analysis to identify solutions to issues discovered during SOP mapping.

    Identify projects to meet process gaps

    3.1 Develop a prioritized project roadmap to address gaps.

    3.2 Define a process for documenting and maintaining SOPs.

    3.3 Identify and assign actions to improve SOP management and maintenance.

    Set next steps and put a dent in your backlog

    4.1 Run an SOP working session with experts and process owners to put a dent in the documentation backlog.

    4.2 Identify an appropriate content management solution.

    Deliverables
    1. Defined scope for the workshop.
    2. A longlist of key processes.
    1. Undocumented SOPs prioritized according to business criticality and current state.
    2. One or more documented SOPs.
    1. One or more documented SOPs.
    2. Gap analysis.
    1. SOP Project Roadmap.
    2. Publishing and Document Management Solution Evaluation Tool.
    1. Multiple documented SOPs.
    2. Action steps to improve SOP management and maintenance.

    Measured value for Guided Implementations (GIs)

    Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

    GI Measured Value
    Phase 1: Prioritize, optimize, and document critical SOPs
    • Time, value, and resources saved using Info-Tech’s methodology to prioritize and document SOPs in the ideal visual format.
    • For example, 4 FTEs*4 days*$80,000/year = $5,120
    Phase 2: Establish a sustainable documentation process
    • Time, value, and resources saved using our tools and methodology to implement a process to ensure SOPs are maintained, accessible, and up to date.
    • For example: 4 FTEs*5 days*$80,000/year = $6,400
    Phase 3: Identify a content management solution
    • Time, value, and resources saved using our best-practice guidance and tools to select an approach and solution to manage your organization’s SOPs.
    • For example: 2 FTEs*5 days*$80,000/year = $3,200
    Total Savings $14,720

    Note: Documenting SOPs provides additional benefits that are more difficult to quantify: reducing the time spent by staff to find or execute processes, improving transparency and accountability, presenting opportunities for automation, etc.

    Phase 1

    Prioritize, Optimize, and Document Critical SOPs

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize, optimize, and document critical SOPs

    Proposed Time to Completion (in weeks): 2 weeks

    Step 1.1: Prioritize SOPs

    Start with an analyst kick off call:

    • Apply a client focus to critical IT services.
    • Identify undocumented, critical SOPs.

    Then complete these activities…

    • Rank and prioritize your SOP documentation needs.

    With this template:

    Standard Operating Procedures Workbook

    Step 1.2: Develop visual documentation

    Review findings with analyst:

    • Understand the benefits of a visual approach.
    • Review possibilities for visual documentation.

    Then complete these activities…

    • Identify formats that can improve your SOP documentation.

    With these templates:

    • Example DRP Process Flows
    • Example App Dev Process And more…

    Step 1.3: Optimize and document critical processes

    Finalize phase deliverable:

    • Two visual SOP documents, mapped using a tabletop exercise.

    Then complete these activities…

    • Create the visual SOP.
    • Review and optimize the process.

    With this tool:

    SOP Project Roadmap Tool

    Phase 1 Results & Insights:

    Identify opportunities to deploy visual documentation, and follow Info-Tech’s process to capture steps, gaps, and opportunities to improve IT processes.

    Focus first on client-facing and high-impact SOPs

    IT’s number one obligation to internal and external customers is to keep critical services running – that points to mission-critical operations, service management, and disaster recovery.

    Topic Description
    Mission-critical operations
    • Maintenance processes for mission-critical systems (e.g. upgrade procedures, batch processing, etc.).
    • Client-facing services with either formal or informal SLAs.
    • Change management – especially for mission-critical systems, change management is more about minimizing risk of downtime than expediting change.
    Service management
    • Service desk procedures (e.g. ticket assignment and issue response).
    • Escalation procedures for critical outages.
    • System monitoring.
    Disaster recovery procedures
    • Management-level incident response plans, notification procedures, and high-level failover procedures (e.g. which systems must come up first, second, third).
    • Recovery or failover procedures for individual systems.
    • Backup and restore procedures – to ensure backups are available if needed.

    Understand what makes an application or service mission critical

    When email or a shared drive goes down, it may impact productivity, but may not be a significant impact to the business. Ask these questions when assessing whether an application or service is mission critical.

    Criteria Description
    Is there a hard-dollar impact from downtime?
    • For example, when an online catalog system goes down, it impacts sales and therefore revenue. Without determining the actual financial impact, you can make an immediate assessment that this is a Gold system.
    • By contrast, loss of email may impact productivity but may not affect revenue streams, depending on your business. A classification of Silver is most likely appropriate.
    Impact on goodwill/customer trust?
    • If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems Gold status.
    Is regulatory compliance a factor?
    • If a system requires redundancy and/or high availability due to legal or regulatory compliance requirements, it may need to be classified as a Gold system.
    Is there a health or safety risk?
    • For example, police and medical organizations have systems that are mission critical due to their impact on health and safety rather than revenue or cost, and therefore are classified as Gold systems. Are there similar considerations in your organization?

    "Email and other Windows-based applications are important for our day-to-day operations, but they aren’t critical. We can still manufacture and ship clothing without them. However, our manufacturing systems, those are absolutely critical"

    – Bob James, Technical Architect, Carhartt, Inc.

    Create a high-level risk and benefit scale

    1.1a

    15 minutes

    Define criteria for high, medium, and low risks and benefits, as shown in the example below. These criteria will be used in the upcoming exercises to rank SOPs.

    Note: The goal in this section is to provide high-level indicators of which SOPs should be documented first, so a high-level set of criteria is used. To conduct a detailed business impact analysis, see Info-Tech’s Create a Right-Sized Disaster Recovery Plan.

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Risk to the business Score
    Low: Affects ad hoc activities or non-critical data. 1
    Moderate: Impacts productivity and internal goodwill. 2
    High: Impacts revenue, safety, and external goodwill. 3
    Benefit (e.g. productivity improvement) Score
    Low: Minimal impact. 1
    Moderate: Items with short-term or occasional applicability, so limited benefit. 2
    High: Save time for common or ongoing processes, and extensive improvement to training/knowledge transfer. 3

    Identify and prioritize undocumented mission-critical operations

    1.1b

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. List your top three–five mission critical applications or services.
    3. Identify relevant SOPs that support those applications or services.
    4. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    5. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting mission-critical operations

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Application SOPs Status Risk Benefit
    Enterprise Resource Planning (ERP)
    • System administration (user administration, adding projects, etc.).
    Red 1 2
    • System upgrades (including OS upgrades and patches).
    Red 2 2
    • Report generation.
    Green n/a n/a
    Network services
    • Network monitoring (including fault detection).
    Yellow 3 2
    • Network upgrades.
    Red 2 1
    • Backup procedures.
    Yellow 3 1

    Identify and prioritize undocumented service management procedures

    1.1c

    15 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify service management SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting service management

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Service Type SOPs Status Risk Benefit
    Service Request
    • Software install
    Red 3 1
    • Software update
    Yellow 3 1
    • New hardware
    Green n/a n/a
    Incident Management
    • Ticket entry and triage
    Yellow 3 2
    • Ticket escalation
    Red 2 1
    • Notification for critical issues
    Yellow 3 1

    Identify and prioritize undocumented DR procedures

    1.1d

    20 minutes

    1. To navigate to this exercise, open Info-Tech’s Standard Operating Procedures Workbook.
    2. Identify DR SOPs.
    3. Indicate SOP status: Green = up to date and complete, Yellow = out-of-date or incomplete, Red = undocumented.
    4. Assign risk and benefit scores (3=high, 1=low) to Yellow and Red SOPs based on potential impact if those processes failed (risk) and opportunity for process improvement (benefit).

    OUTPUT

    • Analysis of SOPs supporting DR

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    DR Phase SOPs Status Risk Benefit
    Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to Emergency Response Team (ERT)
    Yellow 3 1
    • Notification procedures to staff
    Green n/a n/a
    Recover Gold Systems
    • ERP recovery procedures
    Red 2 2
    • Corporate website recovery procedures
    Yellow 3 2
    Recover Silver Systems
    • MS Exchange recovery procedures
    Red 2 1

    Select the SOPs to focus on for the first round of documentation

    1.1e

    20 minutes

    1. Identify two significantly different priority 1 SOPs to document during this workshop. It’s important to get a sense of how the Info-Tech templates and methodology can be applied to different types of SOPs.
    2. Rank the remaining SOPs that you still need to address post-workshop by priority level within each topic area.

    INPUT

    • SOP analysis from activities 1.1 and 1.2

    OUTPUT

    • A shortlist of critical, undocumented SOPs to review later in this phase

    Materials

    • Whiteboard

    Participants

    • Process Owners
    • SMEs
    Category Area SOPs Status Risk Benefit
    Disaster Recovery Procedures Discovery and Declaration
    • Initial detection and escalation
    Red 3 1
    • Notification procedures to ERT
    Yellow 3 1
    Mission-Critical Operations Network Services
    • Network monitoring (including fault detection)
    Yellow 3 2
    Service Management Procedures Incident Management
    • Ticket entry and triage
    Yellow 3 2

    Change the format of your documentation

    Which document is more effective? Which is more likely to be used?

    "The end result for most SOPs is a 100-page document that makes anyone but the author want to stab themselves rather than read it. Even worse is when you finally decide to waste an hour of your life reading it only to be told afterwards that it might not be quite right because Bob or Stan needed to make some changes last year but never got around to it."

    – Peter Church, Solutions Architect

    Create visual-based documentation to improve usability and effectiveness

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    SOPs, including those that support your disaster recovery plan (DRP), are often created to meet certification requirements. However, this often leads to lengthy overly detailed documentation that is geared to auditors and business leaders, not IT staff trying to execute a procedure in a high-pressure, time-sensitive scenario.

    Staff don’t have time to flip through a 300-page manual, let alone read lengthy instructions, so organizations are transforming monster manuals into shorter, visual-based documentation. Benefits include:

    • Quicker to create than lengthy manuals.
    • Easier to be absorb, so they are more usable.
    • More likely to stay up to date because they are easier to maintain.

    Example: DRPs that include visual SOPs are easier to use — that leads to shorter recovery times and fewer mistakes.

    Chart is depicted showing the success rates of traditional manuals versus visual documentation.

    Use flowcharts for process flows or a high-level view of more detailed procedures

    • Flowcharts depict who does what and when; they provide an at-a-glance view that is easy to follow and makes task ownership clear.
    • Use swim lanes, as in this example, to indicate process stages and task ownership.
    • For experienced staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.).

    See Info-Tech’s Incident and Service Management Procedures – Service Desk Example.

    "Flowcharts are more effective when you have to explain status and next steps to upper management."

    – Assistant Director-IT Operations, Healthcare Industry

    Example: SOP in flowchart format

    A flowchart is depicted as an example flowchart. This one is an SOP flowchart labelled 'Triage Process - Incidents'

    Review your options for diagramming software

    Many organizations look for an option that easily integrates with the MS Office suite. The default option is often Microsoft Visio.

    Pros:

    • Easy to learn and use.
    • Has a wide range of features and capabilities.
    • Comes equipped with a large collection of stencils and templates.
    • Offers the convenience of fluid integration with the MS Office Suite.

    Cons:

    • Isn’t included in any version of the MS Office Suite and can be quite expensive to license.
    • Not available for Mac or Linux environments.

    Consider the options below if you’re looking for an alternative to Microsoft Visio:

    Desktop Solutions

    • Dia Diagram Editor
    • Diagram Designer
    • LibreOffice Draw
    • Pencil Project
    • yEd Graph Editor

    • Draw.io
    • Creately
    • Gliffy
    • LucidChart

    Note: No preference or recommendation is implied from the ordering of the options above.

    This list is not intended to be comprehensive.

    Evaluate different solutions to identify one that works for you

    Use the criteria below to identify a flowchart software that fits your needs.

    Criteria Description
    Platform What platform(s) can run the software?
    Description What use cases are identified by the vendor – and do these cover your needs for documenting your SOPs? Is the software open source?
    Features What are the noteworthy features and characteristics?
    Usability How easy is the program to use? What’s the learning curve like? How intuitive is the design?
    Templates and Stencils Availability of templates and stencils.
    Portability Can the solution integrate with other pieces of software? Consider whether other tools can view, open, and/or edit documents; what file formats can be published, etc.
    Cost Cost of the software to purchase or license.

    Use checklists to streamline step-by-step procedures

    • Checklists are ideal when staff just need a reminder of what to do, not how to do it.
    • Remember your audience. You aren’t pulling in a novice to run a complex procedure, so all you really need here are a series of reminders.
    • Where more detail is required, include links to supporting documentation.
    • Note that a flowchart can often be used instead of a checklist, depending on preference.

    For two different examples of a checklist template, see:

    Image depicting an example checklist. This checklist depicts an employee termination checklist

    Use topology diagrams to capture network layout, integrations, and system information

    • Organizations commonly have network topology diagrams for reference purposes, so this is just a re-use of existing resources.
    • Physically label real world equipment to correspond to topology diagrams. While these labels will be redundant for most IT employees, they help give clarity and confidence when changes are being made.
    • If your topology diagrams are housed in a tool such as a systems management product, then export the diagrams so they can be included in your SOP documentation suite.

    "Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them."

    The image shows a topology organization diagram as an example network layout

    Use screen captures and tutorials to facilitate training for applications and SOPs

    • Screen capture tutorials or videos are effective for training staff on applications. For example, create a screen capture tutorial to train staff on the use of a help desk application and your company’s specific process for using that tool.
    • Similarly, create tutorials to train end users on straightforward “technical” tasks (e.g. setting up their VPN connection) to reduce the demand on IT staff.
    • Tutorials can be created quickly and easily with affordable software such as Snag-It, ScreenHunter Pro, HyperSnap, PicPick, FastStone, Ashampoo Snap 6, and many others.

    "When contractors come onboard, they usually don't have a lot of time to learn about the organization, and we have a lot of unique requirements. Creating SOP documents with screenshots has made the process quicker and more accurate."

    – Susan Bellamore, Business Analyst, Public Guardian and Trustee of British Columbia

    The image is an example of a screen caption tutorial, depicting desktop icons and a password login

    Example: Disaster recovery notification and declaration procedure

    1. Swim lanes indicate task ownership and process stages.
    2. Links to supporting documentation (which could include checklists, vendor documentation, other flowcharts, etc.) are included where necessary.
    3. Additional DR SOPs are captured within the same spreadsheet for convenient, centralized access.

    Review Info-Tech’s Incident Response and Recovery Process Flows – DRP Example.

    Example: DRP flowchart with links to supporting documents

    The image is an example of an DRP flowchart labelled 'Initial Discovery/Notification and Declaration Procedures'

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Start, End, and Connector. Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.

    Start, End. Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.

    Process Step. Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the sub-process symbol and flowchart the sub-process separately.

    Sub-Process. A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a sub-process, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).

    Decision. Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).

    Document/Report Output. For example, the output from a backup process might include an error log.

    Conduct a tabletop planning exercise to build an SOP

    1.3a

    20 minutes

    Tabletop planning is a paper-based exercise where your team walks through a particular process and maps out what happens at each stage.

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process using cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    OUTPUT

    • Steps in the current process for one SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    The image depicts three cue cards labelled steps 3 to 5. The cue cards are examples of the tabletop planning exercise.

    Collaborate to optimize the SOP

    1.3b

    20 minutes

    Review the tabletop exercise. What gaps exist in current processes?

    How can the process be made better? What are the outputs and checkpoints?

    The image depicts five cue cards, two of which are examples on how to improve the process. This is an example of the tabletop exercise.

    OUTPUT

    • Identify steps to optimize the SOP

    Materials

    • Tabletop, pen, and cue cards

    Participants

    • Process Owners
    • SMEs

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, also use green cards for decision diamonds, purple for document/report outputs, and blue for sub-processes.

    Capture opportunities to improve processes in the Standard Operating Procedures Project Roadmap Tool

    1.3

    Rank and track projects to close gaps you discover in your processes.

    1. As a group, identify potential solutions to close the gaps in your processes that you’ve uncovered through the tabletop mapping exercise.
    2. Add these project names to the Standard Operating Procedures Project Roadmap Tool on the “Project Scoring” tab.
    3. Review and adjust the criteria for evaluating the benefits and costs of different projects on the “Scoring Criteria” tab.
    4. Return to the “Project Scoring” tab, and assign weights at the top of each scoring column. Use the drop-down menus to adjust the scores for each project category. The tool will automatically rank the projects based on your input, but you can adjust the ranks as needed.
    5. Assign dates and descriptions to the projects on the “Implementation Schedule” tab, below.
    The image depicts a graph showing an example of ranked and tracked projects.

    Identify gaps to improve process performance and make SOP documentation a priority

    CASE STUDY

    Industry Government (700+ FTEs)
    Source Info-Tech Workshop

    Challenge

    • Tabletop planning revealed a 77-hour gap between current and desired RTO for critical systems.
    • Similarly, the current achievable RPO gap was up to one week, but the desired RPO was one hour.
    • A DR site was available but not yet set up with the necessary equipment.
    • Lack of documented standard operating procedures (SOPs) was identified as a risk since that increased the dependence on two or three key SMEs.

    Solution

    • Potential projects to close RTO/RPO gaps were identified, including:
      • Deploy servers that were decommissioned (as a result of a server refresh) to the DR site as warm standby servers.
      • Implement site-to-site data replication.
      • Document SOPs to enable tasks to be delegated and minimize resourcing risks.

    Results

    • A DR project implementation schedule was defined.
    • Many of the projects required no further investment, but rather deployment of existing equipment that could function as standby equipment at the DR site.
    • The DR risk from a lack of SOPs enabled SOPs to be made a priority. An expected side benefit is the ability to review and optimize processes and improve consistency in IT operations.

    Document the SOPs from the tabletop exercise

    1.3c

    20 minutes

    Document the results from the tabletop exercise in the appropriate format.

    1. Identify an appropriate visual format for the high-level SOP as well as for any sub-processes or supporting documentation.
    2. Break into groups of two or three.
    3. Each group will be responsible for creating part of the SOP. Include both the high-level SOP itself and any supporting documentation such as checklists, sign-off forms, sub-processes, etc.
    4. Once your document is complete, exchange it with that of another group. Review each other’s documents to check for clarity and completeness.

    OUTPUT

    • Output from activities 1.4 and 1.5

    Materials

    • Flowcharting software, laptops

    Participants

    • Process Owners
    • SMEs

    This image has four cue cards, and an arrow pointing to a flowchart, depicting the transfer of the information on the cue cards into a flowchart software

    Repeat the tabletop exercise for the second process

    Come back together as a large group. Choose a process that is significantly different from the one you’ve just documented, and repeat the tabletop exercise.

    As a reminder, the steps are:

    1. Use the tabletop exercise to map out a current SOP.
    2. Collaborate to optimize the SOP.
    3. Decide on appropriate formats for the SOP and its supporting documents.
    4. Divide into small groups to create the SOP and its supporting documents.
    5. Repeat the steps above as needed for your initial review of critical processes.

    Info-Tech Insight

    If you plan to document more than two or three SOPs at once, consider making it an SOP “party” to add momentum and levity to an otherwise dry process. Review section 2.3 to find out how.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1a-e

    Get started by prioritizing SOPs

    Ensure the SOP project remains business focused, and kick off the project by analyzing critical business services. Identify key IT services that support the relevant business services. Conduct a benefit/risk analysis to prioritize which SOPs should become the focus of the workshop.

    1.3a-c

    Document the SOPs from the tabletop exercise

    Leverage a tabletop planning exercise to walk the team through the SOP. During the exercise, focus on identifying timelines, current gaps, and potential risks. Document the steps via que cards first and transpose the hard copies to an electronic version.

    Phase 2

    Establish a Sustainable Documentation Process

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Establish a sustainable SOP documentation process

    Proposed Time to Completion (in weeks): 4 weeks

    Step 2.1: Establish guidelines for identifying and organizing SOPs

    Start with an analyst call:

    • Establish documentation information guidelines.
    • Review version control best practices.

    Then complete these activities…

    • Implement best practices to identify and organize your SOPs.

    With these tools & templates:

    • SOP Workbook

    Step 2.2: Define a process to document and maintain SOPs

    Review findings with analyst:

    • Identify opportunities to create a culture that fosters SOP creation.

    Then complete these activities…

    • Create a plan to address SOP documentation gaps.

    With these tools & templates:

    • Document Management Checklist

    Step 2.3: Plan time with experts to put a dent in your documentation backlog

    Finalize phase deliverable:

    • Address outstanding undocumented SOPs by working through process issues together.

    Then complete these activities…

    • Organize and run a working session to document and optimize processes.

    With these tools & templates:

    • SOP Workbook
    • SOP Project Roadmap Tool

    Phase 2 Results & Insights:

    Improve the process for documenting and maintaining your SOPs, while putting a dent in your documentation backlog and gaining buy-in with staff.

    Identify current content management practices and opportunities for improvement

    DISCUSS

    What is the current state of your content management practices?

    Are you using a content management system? If not, where are documents kept?

    Are your organizational or departmental SOPs easy to find?

    Is version control a problem? What about file naming standards?

    Get everyone on the same page on the current state of your SOP document management system, using the questions above as the starting point.

    Keep document management simple for better adoption and consistency

    If there is too much complexity and staff can’t easily find what they need, you won’t get buy-in and you won’t get consistency.

    Whether you store SOPs in a sophisticated content management system (CMS) or on a shared network drive, keep it simple and focus on these primary goals:

    • Enable staff to find the right document.
    • Know if a document is the latest, approved version.
    • Minimize document management effort to encourage buy-in and consistency.

    If users can’t easily find what they need, it leads to bad practices. For example:

    • Users maintain their own local copies of commonly used documents to avoid searching for them. The risk is that local copies will not be automatically updated when the SOP changes.
    • Separate teams will implement their own document management system and repository. Now you have duplication of effort and company resources, multiple copies of documents (where each group needs their own version), and no centralized control over potentially sensitive documents.
    • Users will ignore documented SOPs or ask a colleague who might also be following the above bad practices.

    Insert a document information block on the first page of every document to identify key attributes

    Include a document information block on the first page of every document to identify key attributes. This strategy is as much about minimizing resistance as it is ensuring key attributes are captured.

    • A consistent document information block saves time (e.g. vs. customized approaches per document). If some fields don’t apply, enter “n/a.”
    • It provides key information about the document without having to check soft copy metadata, especially if you work with hard copies.
    • It’s a built-in reminder of what to capture and easier than updating document properties or header/footer information or entering metadata into a CMS.

    Note: The Info-Tech templates in this blueprint include a copy of the document information block shown in this example. Add more fields if necessary for your organization’s needs.

    For an example of a completed document information block, see Network Backup for Atlanta Data Center – Backups Example

    Info-Tech Insight

    For organizations with more advanced document management requirements, consider more sophisticated strategies (e.g. using metadata) as described in Info-Tech’s Use SharePoint for Enterprise Content Management and Reintroduce the Information Lifecycle to the Content Management Strategy. However, the basic concepts above still apply: establish standard attributes you need to capture and do so in a consistent manner.

    Modify the Info-Tech document information block to meet your requirements

    2.1a

    15 minutes

    1. Review “Guidelines and Template for the Document Information Block” in the Standard Operating Procedures Workbook. Determine if any changes are required, such as additional fields.
    2. Identify which fields you want to standardize and then establish standard terms. Balance the needs for simplicity and consistency – don’t force consistency where it isn’t a good fit.
    3. Pre-fill the document information block with standard terms and examples and add it to an SOP template that’s stored in your content management system.

    Educate staff by pre-filling the document

    • Providing examples built into the templates provides in-context, just-in-time training which is far more effective and easier than formal education efforts.
    • Focus your training on communicating when the template or standard terms change so that staff know to obtain the new version. Otherwise, the tendency for many staff will be to use one of their existing documents as their template.

    OUTPUT

    • Completed document information block

    Materials

    • Laptop
    • Projector

    Participants

    • Process Owners
    • SMEs

    Leverage the document information block to create consistent filenames that facilitate searching

    Use the following filename format to create consistent, searchable, and descriptive filenames:

    Topic – Document Title – Document Type – Version Date

    Filename Component Purpose
    Topic
    • Functions as a filename prefix to group related documents but is also a probable search term. For project work, use a project name/number.
    Document Title
    • The title should be fairly descriptive of the content (if it isn’t, it’s not a good title) so it will help make the file easily identifiable and will include more probable search terms.
    Document Type Further distinguishes similar files (e.g. Maintenance SOP vs. a Maintenance Checklist).
    Version Date (for local files or if not using a CMS)
    • If it’s necessary to work on a file locally, include the version date at the end of the filename. The date is a more recognizable indicator of whether it’s the latest version or an old copy.
    • Establish a standard date format. Although MM-DD-YY is common in the US, the format YYYY-MM-DD reduces confusion between the month and day.

    For example:

    • ERP – System Administration Monthly Maintenance Tasks – Checklist – 2016-01-15.docx
    • ERP – System Administration Monthly Maintenance Tasks – SOP – 2017-01-10.docx
    • Backups – Network Backup Procedure for Atlanta Data Center – SOP – 2017-03-06.docx
    • PROJ437 – CRM Business Requirements – BRD – 2017-02-01.xlsx
    • DRP – Notification Procedures – SOP – 2016-09-14.docx
    • DRP – Emergency Response Team Roles and Responsibilities – Reference – 2018-03-10.xlsx

    Apply filename and document information block guidelines to existing SOPs

    2.1b

    15 minutes

    1. Review the SOPs created during the earlier exercises.
    2. Update the filenames and document information block based on guidelines in this section.
    3. Apply these guidelines to other select existing SOPs to see if additional modifications are required (e.g. additional standard terms).

    INPUT

    • Document Information Block

    OUTPUT

    • Updated filenames and document information blocks

    Materials

    • Laptop and projector

    Participants

    • Process Owners
    • SMEs

    Implement version control policies for local files as well as those in your content management system (CMS)

    1. Version Control in Your CMS

    2. Always keep one master version of a document:

    • When uploading a new copy of an existing SOP (or any other document), ensure the filenames are identical so that you are just adding a new version rather than a separate new file.
    • Do not include version information in the filename (which would create a new separate file in your CMS). Allow your CMS to handle version numbering.
  • Version Control for Local Files

  • Ideally, staff would never keep local copies of files. However, there are times when it is practical or preferable to work from a local copy: for example, when creating or updating an SOP, or when working remotely if the CMS is not easily accessible.

    Implement the following policies to govern these circumstances:

    • Add the version date to the end of the filename while the document is local, as shown in the slide on filenames.
    • Remove the date when uploading it to a CMS that tracks date and version. If you leave the date in the filename, you will end up with multiple copies in your CMS.
    • When distributing copies for review, upload a copy to the CMS and send the link. Do not attach a physical file.
  • Minimize the Need for Version Updates

  • Reduce the need for version updates by isolating volatile information in a separate, linked document. For example:

    • Use Policy documents to establish high-level expectations and goals, and use SOPs to capture workflow, but put volatile details in a separate reference document. For example, for Backup procedures, put offsite storage vendor details such as contact information, pick up times, and approved couriers in a separate document.
    • Similarly, for DRP Notification procedures, reference a separate contacts list.

    Modify the Info-Tech Document Management Checklist to meet your requirements

    2.1c

    15 minutes

    1. Review the Info-Tech Document Management Checklist.
    2. Add or remove checklist items.
    3. Update the document information block.

    OUTPUT

    • Completed document management checklist

    Materials

    • Laptop, projector

    Participants

    • Process Owners
    • SMEs

    See Info-Tech’s Document Management Checklist.

    If you aren’t going to keep your SOPs current, then you’re potentially doing more harm than good

    An outdated SOP can be just as dangerous as having no SOP at all. When a process is documented, it’s trusted to be accurate.

    • Disaster recovery depends as much on supporting SOPs – such as backup and restore procedures – as it does on a master incident response plan.
    • For disaster scenarios, the ability to meet recovery point objectives (i.e. minimize data loss) and recovery time objectives (i.e. minimize downtime) depends on smoothly executed recovery procedures and on having well-defined and up-to-date DR documentation and supporting SOPs. For example:
      • Recovery point (data loss) objectives are directly impacted by your backup procedures.
      • Recovery time is minimized by a well-defined restore procedure that reduces the risk of human error during recovery which could lead to data loss or a delay in the recovery.
      • Similarly, a clearly documented configuration procedure will reduce the time to bring a standby system online.
    A graph depicting the much faster recovery time of up-to-date SOPs versus out-of-date SOPs.

    Follow Info-Tech best practices to keep SOPs current and drive consistent, efficient IT operations

    The following best practices were measured in this chart, and will be discussed further in this section:

    1. Identify documentation requirements as part of project planning.
    2. Require a manager or supervisor to review and approve SOPs.
    3. Check documentation status as part of change management.
    4. Hold staff accountable.
    Higher adoption of Info-Tech best practices leads to more effective SOPs and greater benefits in areas such as training and process improvement.

    Graph depicting the efficiency of adopting Info-Tech practices regarding SOPs. Four categories of 'Training', 'process improvement', 'IT automation', and 'consistent IT operations' are shown increasing in efficiency with a high adoption of Info-Tech strategies.

    Info-Tech Insight

    Audits for compliance requirements have little impact on getting SOPs done in a timely manner or the actual usefulness of those SOPs, because the focus is on passing the audit instead of creating SOPs that improve operations. The frantic annual push to complete SOPs in time for an audit is also typically a much greater effort than maintaining documents as part of ongoing change management.

    Identify documentation requirements as part of project planning

    DISCUSS

    When are documentation requirements captured, including required changes to SOPs?

    Make documentation requirements a clearly defined deliverable. As with any other task, this should include:

    • Owner: The person ultimately responsible for the documentation.
    • Assigned resource: The person who will actually put pen to paper. This could be the same person as the owner, or the owner could be a reviewer.
    • Deadlines: Include documentation deliverables in project milestones.
    • Verification process: Validate completion and accuracy. This could be a peer review or management review.
    Example: Implement a new service desk application.
    • Service desk SOP documentation requirements: SOP for monitoring and managing tickets will require changes to leverage new automation features.
    • Owner: Service Desk Lead.
    • Assigned resource: John Smith (service desk technician).
    • Deadline: Align with “ready for QA testing.”
    • Verification process: Service Desk Lead document review and signoff.

    Info-Tech Insight

    Realistically, documentation will typically be a far less urgent task than the actual application or system changes. However, if you want the necessary documentation to be ultimately completed, even if it’s done after more urgent tasks, it must be tracked.

    Implement document approval steps at the individual and project level

    DISCUSS

    How do you currently review and validate SOP documents?

    Require a manager or supervisor to review and approve SOPs.

    • Avoid a bureaucratic review process involving multiple parties. The goal is to ensure accuracy and not just provide administrative protection.
    • A review by the immediate supervisor or manager is often sufficient. Their feedback and the implied accountability improve the quality and usefulness of the SOPs.

    Check documentation status as part of change management.

    • Including a documentation status check holds the project leaders and management accountable.
    • If SOPs are not critical to the project deliverable, then realistically the deliverable is not held back. However, keep the project open until relevant documents are updated so those tasks can’t be swept under the rug until the next audit.

    SOP reviews, change management, and identifying requirements led to benefits such as training and process improvement.

    A chart depicting the impact and benefits of SOP reviews, change management and identifying requirements. The chart is accompanied by a key for the grey to blue colours depicted

    "Our directors and our CIO have tied SOP work to performance evaluations and SOP status is reviewed during management meetings. People have now found time to get this work done."

    – Assistant Director-IT Operations, Healthcare Industry

    Review SOPs regularly and assign a process owner to avoid reinforcing silos

    CASE STUDY

    Industry

    Public service organization

    Source

    Info-Tech client engagement

    Situation

    • The organization’s IT department consists of five heavily siloed units.
    • Without communication or workflow accountability across units, each had developed incompatible workflows, making estimates of “time to resolution” for service requests difficult.
    • The IT service manager purchases a new service desk tool, attempting to standardize requests across IT to improve efficiency, accountability, and transparency.

    Complication

    • The IT service manager implements the tool and creates standardized workflows without consulting stakeholders in the different service units.
    • The separate units immediately rebel against the service manager and try to undermine the implementation of the new tool.

    Results

    • Info-Tech analysts helped to facilitate a solution between experts in the different units.
    • In order to develop a common workflow and ticket categorization scheme, Info-Tech recommended that each service process should have a single approver.

    The bottom line: ensure that there’s one approver per process to drive process efficiency and accountability and avoid problems down the road.

    Hold staff accountable to encourage SOP work to be completed in a timely manner

    DISCUSS

    Are SOP updates treated as optional or “when I have time” work?

    Hold staff directly accountable for SOP work.

    Holding staff accountable is really about emphasizing the importance of ensuring SOPs stay current. If management doesn’t treat SOPs as a priority, then neither will your staff. Strategies include:

    • Include SOP work in performance appraisals.
    • Keep relevant tickets open until documentation is completed.
    • Ensure documents are reviewed, as discussed earlier.
    • Identify and assign documentation tasks as part of project planning efforts, as discussed earlier.

    Holding staff accountable minimizes procrastination and therefore maintenance effort.

    Chart depicting the impact on reducing SOP maintenance effort followed by a key defining the colours on the chart

    Info-Tech Insight

    Holding staff accountable does not by itself make a significant impact on SOP quality (and therefore the typical benefits of SOPs), but it minimizes procrastination, so the work is ultimately done in a more timely manner. This ensures SOPs are current and usable, so they can drive benefits such as consistent operations, improved training, and so on.

    Assign action items to address SOP documentation process challenges

    2.2

    1. Discuss the challenges mentioned at the start of this section, and other challenges highlighted by the strategies discussed in this section. For example:
    • Are documentation requirements included in project planning?
    • Are SOPs and other documentation deliverables reviewed?
    • Are staff held accountable for documentation?
  • Document the challenges in your copy of the Standard Operating Procedures Workbook and assign action items to address those challenges.
  • Challenge Action Items Action Item Owner
    Documentation requirements are identified at the end of a project.
    • Modify project planning templates and checklists to include “identify documentation requirements.”
    Bob Ryan
    SOPs are not reviewed.
    • When assigning documentation tasks, also assign an owner who will be responsible for reviewing and approving the deliverable.
    • Create a mechanism for officially signing off on the document (e.g. email approval or create a signoff form).
    Susan Jones

    An “SOP party” fosters a collaborative approach and can add some levity to an otherwise dry exercise

    What is an SOP party?

    • An SOP party is a working session, bringing together process owners and key staff to define current SOPs and collaborate to identify optimization opportunities.
    • The party aspect is really just about how you market the event. Order in food or build in a cooking contest (e.g. a chilli cook-off or dessert bake-off) to add some fun to what can be a dry activity.

    Why does this work?

    • Process owners become so familiar with their tasks that many of the steps essentially live in their heads. Questions from colleagues draw out those unwritten steps and get them down on paper so another sufficiently qualified employee could carry out the same steps.
    • Once the processes are defined (e.g. via a tabletop exercise), input from colleagues can help identify risks and optimization opportunities, and process questions can be quickly answered because the key people are all present.
    • The group approach also promotes consistency and enables you to set expectations (e.g. visual-based approach, standards, level of detail, etc.).

    When is collaboration necessary (e.g. via tabletop planning)?

    • Tabletop planning is ideal for complex processes as well as processes that span multiple tasks, people, and/or systems.
    • For processes with a narrow focus (e.g. recovery steps for a specific server), assign these to the SME to document. Then ensure the SOP is reviewed to draw out the unwritten steps as described above.
    • For example, if you use tabletop planning to document a high-level DR plan, sub-processes might include recovery procedures for individual systems; those SOPs can then be assigned to individual SMEs.

    Schedule SOP working sessions until critical processes are documented

    Ultimately, it’s more efficient to create and update SOPs as needed but dedicated working sessions will help address immediate critical needs.

    Organize the working session:
    1. Book a full-day meeting in an out of the way meeting room, invite key staff (system and process owners who ultimately need to be SOP owners), and order in lunch so no one has to leave.
    2. Prioritize SOPs (see Phase 1) and set goals (e.g. complete the top 6 SOPs during this session).
    3. Alternate between collaborative efforts and documenting the SOPs. For example:
      1. Tabletop or flowchart the current SOP. Take a picture of the current state for reference purposes.
      2. Look for process improvements. If you have the authority in the room to enable process changes, then modify the tabletop/flowchart accordingly and capture this desired future state (e.g. take a picture). Otherwise, identify action items to follow up on proposed changes.
      3. Identify all related documentation deliverables (e.g. sub-processes, checklists, approval forms, etc.).
      4. Create the identified documentation deliverables (divide the work among the team). Then repeat the above.
    4. Repeat these working sessions on a monthly or quarterly basis, depending on your requirements, until critical SOPs are completed.
    5. When the SOP backlog is cleared, conduct quarterly or semi-annual refreshers for ongoing review and optimization of key processes.

    Assign action items to capture next steps after SOP working sessions

    2.3

    1. Review the SOPs documented during this workshop. Identify action items to complete and validate those SOPs and related documents. For example, do the SOPs require further approval or testing?
    2. Similarly, review the document management checklist and identify action items to complete, expand, and/or validate proposed standards.
    3. For SOP working sessions, decide on a date, time, and who should be there based on the guidelines in this section. If the SOP party approach does not meet your requirements, then at the very least assign owners for the identified critical SOPs and set deadlines for completing those SOPs. Document these extra action items in your copy of the Standard Operating Procedures Workbook.
    SOP or Task Action Items Action Item Owner
    Ticket escalation SOP
    • Debrief the rest of the Service Desk team on the new process.
    • Modify the SOP further based on feedback, if warranted.
    • Implement the new SOP. This includes communicating visible changes to business users and other IT staff.
    Jeff Sutter
    SOP party
    • Contact prospective attendees to communicate the purpose of the SOP party.
    • Schedule the SOP party.
    Bob Smith

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with out Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Identify current content management practices

    As a group, identify current pain points and opportunities for improvement in your current content management practices.

    2.2

    Assign action items to address documentation process challenges

    Develop a list of action items to address gaps in the SOP documentation and maintenance process.

    Phase 3

    Identify a Content Management Solution

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Decide on a content management solution for your SOPs

    Proposed Time to Completion (in weeks): 1 week

    Step 3.1: Understand the options for CM solutions

    Start with an analyst kick off call:

    • Review your current approach to content management and discuss possible alternatives.

    Then complete these activities…

    • Evaluate the pros and cons of different approaches to content management.
    • Discuss approaches for fit with your team.

    Step 3.2: Identify the right solution for you

    Review findings with analyst:

    • Identify 2–3 possible options for a content management strategy.

    Then complete these activities…

    • Identify the best solution based on portability, maintainability, cost, and implementation effort.

    With these tools & templates:

    • Publishing and Document Management Solution Evaluation Tool
    • SOP Project Roadmap
    • SOP Workbook

    Phase 3 Results & Insights:

    Choose an approach to content management that will best support your organization’s SOP documentation and maintenance process.

    Decide on an appropriate publishing and document management strategy for your organization

    Publishing and document management considerations:

    • Portability/External Access: At the best of times, portability is nice because it enables flexibility, but at the worst of times (such as in a disaster recovery situation) it is absolutely essential. If your primary site is down, can you still access your documentation? As shown in this chart, traditional storage strategies still dominate DRP documentation, but these aren’t necessarily the best options.
    • Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents? Is there version control? The easier the system is to use, the easier it is to get employees to use it.
    • Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution like SharePoint or a Content Management System. For smaller organizations, the cost of these tools might be harder to justify.

    Consider these approaches:

    This section reviews the following approaches, their pros and cons, and how they meet publishing and document management requirements:

    • SOP tools.
    • Cloud-based content management software.
    • In-house solutions combining SharePoint and MS Office (or equivalent).
    • Wiki site.
    • “Manual” approaches such as storing documents on a USB drive.
    Chart depicting the portable strategy popularity, followed by a key defining the colours on the graph

    Source: Info-Tech Research Group; N=118

    Note: Percentages total more than 100% due to respondents using more than one portability strategy.

    Develop a content management strategy and process to reduce organizational risk

    CASE STUDY

    Segment

    Mid-market company

    Source

    Info-Tech Interview

    Situation

    • A mid-sized company hired a technical consultancy to manage its network.
    • As part of this move, the company’s network administrator was fired.
    • Over time, this administrator had become a “go-to” person for several other IT functions.

    Complication

    • The consulting team realizes that the network administrator kept critical documentation on his local hard drive.
    • This includes configs, IP addresses, passwords, logins to vendor accounts, and more.
    • It becomes clear the administrator was able to delete some of this information before leaving, which the consultants are required to retrieve and re-document.

    Result

    • Failing to implement effective SOPs for document management and terminating key IT staff exposed the organization to unnecessary risk and additional costs.
    • Allowing a local content management system to develop created a serious security risk.
    • The bottom line: create a secure, centralized, and backed-up location and establish SOPs around using it to help keep the company’s data safe.

    Info-Tech offers a web-based policy management solution with process management capabilities

    Role How myPolicies helps you
    Policy Sponsors
    • CEO
    • Board of Directors

    Reduced Corporate Risk

    Avoid being issued a regulatory fine or sanction that could jeopardize operations or hurt brand image.

    Policy Reviewers
    • Internal Audit
    • Compliance
    • Risk
    • Legal

    A Culture of Compliance

    Adherence with regulatory requirements as well as documented audit trail of all critical policy activities.

    Policy Owners
    • HR
    • IT
    • Finance
    • Operations

    Less Administrative Burden

    Automation and simplification of policy creation, distribution, and tracking.

    Policy Users
    • Employees
    • Vendors
    • Contractors

    Policy Clarity

    Well-written policies are stored in one reliable, easy to navigate location.

    About this Approach:

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms, built around best practices identified by our research.

    Contact your Account Manager today to find out if myPolicies is right for you.

    SOP software and DR planning tools can help, but they aren’t a silver bullet

    Portability/External Access:
    • Pros: Typically have a SaaS option, providing built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Dependent on the vendor to ensure external access, but this is typically not an issue.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency as well as guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support, etc.), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    • Cons: Often modules of larger software suites. If you use the entire suite, it may make sense to use the SOP tool, but otherwise probably not.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: SOP tools can be costly. Expect to pay at least $3,000-7,000 for software licensing, plus additional per user and hosting fees.
    About this Approach:

    SOP tools such as Princeton Center’s SOP ExpressTM and SOP Tracks or MasterControl’s SOP Management and eSOP allow organizations to create, manage, and access SOPs. These programs typically offer a range of SOP templates and formats, electronic signatures, version control, and review options and training features such as quizzes and monitoring.

    Similarly, DR planning solutions (e.g. eBRP, Recovery Planner, LDRPS, etc.) provide templates, tools, and document management to create DR documentation including SOPs.

    Consider leveraging SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in the event of a worst-case scenario disaster recovery situation in which the primary data center is down.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automated updates (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    For more information on SharePoint as a content management solution, see Info-Tech’s Use SharePoint for Enterprise Content Management.

    About this Approach:

    Most SOP documents start as MS Office documents, even if there is an SOP tool available (some SOP tools actually run within MS Office on the desktop). For organizations that decide to bypass a formal SOP tool, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for SOP documentation.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instance at multiple in-house locations or using a cloud-based SharePoint solution.

    As an alternative to SharePoint, SaaS tools such as Power DMS, NetDocuments, Xythos on Demand, Knowledge Tree, Spring CM, and Zoho Docs offer cloud-based document management, authoring, and distribution services that can work well for SOPs. Some of these, such as Power DMS and Spring CM, are geared specifically toward workflows.

    A wiki may be all you need

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: May lack more sophisticated content management features.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support, etc.) as well as centralized access to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.
    About this Approach:

    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    An approach that I’ve seen work well is to consult the wiki for any task, activity, job, etc. Is it documented? If not, then document it there and then. Sure, this led to 6-8 weeks of huge effort, but the documentation grew in terms of volume and quality at an alarming but pleasantly surprising rate. Providing an environment to create the documentation is important and a wiki is ideal. Fast, lightweight, in-browser editing leads to little resistance in creating documents.

    - Lee Blackwell, Global IT Operation Services Manager, Avid Technology

    Managing SOPs on a shared network drive involves major challenges and limitations

    Portability/External Access:
    • Cons: Must be hosted at redundant sites in order to be effective in a worst-case scenario that takes down your data center.
    Maintainability/Usability:
    • Pros: Easy to implement and no learning curve.
    • Pros: Access can be easily managed.
    • Cons: Version control, standardization, and document management can be significant challenges.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: Managing documents on a shared network drive requires strict attention to process for version control, updates, approvals, and distribution.
    About this Approach:

    With this strategy, SOP documents are stored and managed locally on a shared network drive. Only process owners and administrators have read-write permissions on documents on the shared drive.

    The administrator grants access and manages security permissions.

    Info-Tech Insight

    For small organizations, the shared network drive approach can work, but this is ultimately a short-term solution. Move to an online library by creating a wiki site. Start slow by beginning with a particular department or project, then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to the Info-Tech collaboration strategy research cited on the previous slide for additional guidance.

    Avoid extensive use of paper copies of SOP documentation

    SOP documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Not adequate for disaster recovery situations; would require all staff to have a copy and to have it with them at all times.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest most accurate documentation.
    • Cons: Navigation to other information is manual – flipping through pages etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations and this adds to it.
    • Cons: Labor-intensive due to need to print and physically distribute documentation updates.
    About this Approach

    Traditionally, SOPs were printed and kept somewhere in a large binder (or several large binders). This isn’t adequate to the needs of most organizations and typically results in documents that aren’t up to date or effective.

    Use Info-Tech’s solution evaluation tool to decide on a publishing and document management strategy

    All organizations have existing document management methodologies, even if it’s simply storing documents on a network drive.

    Use Info-Tech’s solution evaluation tool to decide whether your existing solution meets the portability/external access, maintainability/usability, and cost/effort criteria, or whether you need to explore a different option.

    Note: This tool was originally built to evaluate DRP publishing options, so the tool name and terminology refers to DR. However, the same tool can be used to evaluate general SOP publishing and document management solutions.

    The image is a screenshot of Info-Tech's evaluation tool
    Consider using Info-Tech’s DRP Publishing and Document Management Solution Evaluation Tool.

    Info-Tech Insight

    There is no absolute ranking for possible solutions. The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on. For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to ensure consistent application of corporate guidelines.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Decide on a publishing and document management strategy

    Review the pros and cons of different strategies for publishing and document management. Identify needs, priorities, and limitations of your environment. Create a shortlist of options that can meet your organization’s needs and priorities.

    3.2

    Complete the solution evaluation tool

    Evaluate solutions on the shortlist to identify the strongest option for your organization, based on the criteria of maintainability, affordability, effort to implement, and accessibility/portability.

    Insight breakdown

    Create visual documents, not dense SOP manuals.

    • Visual documents that can be scanned are more usable and easier to update.
    • Flowcharts, checklists, and diagrams all have their place in visual documentation.

    Start with high-impact SOPs.

    • It can be difficult to decide where to start when faced with a major documentation backlog.
    • Focus first on client facing and high-impact SOPs, i.e. mission-critical operations, service management, and disaster recovery procedures.

    Integrate SOP creation into project requirements and hold staff accountable.

    • Holding staff accountable does not provide all the benefits of a well documented and maintained SOP, but it minimizes procrastination, so the work is ultimately done in a more timely manner.

    Summary of accomplishment

    Knowledge Gained

    SOPs may not be exciting, but they’re very important to organizational consistency, efficiency, and improvement.

    This blueprint outlined how to:

    • Prioritize and execute SOP documentation work.
    • Establish a sustainable process for creating and maintaining SOP documentation.
    • Choose a content management solution for best fit.

    Processes Optimized

    • Multiple processes supporting mission-critical operations, service management, and disaster recovery were documented. Gaps in those processes were uncovered and addressed.
    • In addition, your process for maintaining process documents was improved, including adding documentation requirements and steps requiring documentation approval.

    Deliverables Completed

    As part of completing this project, the following deliverables were completed:

    • Standard Operating Procedures Workbook
    • Standard Operating Procedures Project Roadmap Tool
    • Document Management Checklist
    • Publishing and Document Management Solution Evaluation Tool

    Project step summary

    Client Project: Create and maintain visual SOP documentation.

    1. Prioritize undocumented SOPs.
    2. Develop visual SOP documentation.
    3. Optimize and document critical processes.
    4. Establish guidelines for identifying and organizing SOPs.
    5. Define a process for documenting and maintaining SOPs.
    6. Plan time with experts to put a dent in your documentation backlog.
    7. Understand the options for content management solutions.
    8. Identify the right content management solution for your organization.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Bibliography

    Anderson, Chris. “What is a Standard Operating Procedure (SOP)?” Bizmanualz, Inc. No date. Web. 25 Jan. 2016. https://www.bizmanualz.com/save-time-writing-procedures/what-are-policies-and-procedures-sop.html

    Grusenmeyer, David. “Developing Effective Standard Operating Procedures.” Dairy Business Management. 1 Feb. 2003. Web. 25 Jan. 2016. https://ecommons.cornell.edu/handle/1813/36910

    Mosaic. “The Value of Standard Operating Procedures.” 22 Oct. 2012. Web. 25 Jan. 2016. ttp://www.mosaicprojects.com.au/WhitePapers/WP1086_Standard_Operating_Procedures.pdf

    Sinn, John W. “Lean, Six Sigma, Quality Transformation Toolkit (LSSQTT) Tool #17 Courseware Content – Standard Operating Procedures (SOP) For Lean and Six Sigma: Infrastructure for Understanding Process.” Summer 2006. Web. 25 Jan. 2016. https://www.bgsu.edu/content/dam/BGSU/college-of-technology/documents/LSSQTT/LSSQTT%20Toolkit/toolkit3/LSSQTT-Tool-17.pdf

    United States Environmental Protection Agency. “Guidance for Preparing Standard Operating Procedures (SOPs).” April 2007. Web. 25 Jan. 2016. http://www.epa.gov/sites/production/files/2015-06/documents/g6-final.pdf

    Identify and Manage Financial Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}218|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.
    • It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Impact and Result

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Financial Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Financial Risk Impact on Your Organization Deck – Use the research to better understand the negative financial impacts of vendor actions.

    Use this research to identify and quantify the potential financial impacts of vendors’ poor performance. Use Info-Tech’s approach to look at the financial impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Financial Risk Impacts on Your Organization Storyboard

    2. “What If” Financial Risk Impact Tool – Use this tool to help identify and quantify the financial impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Financial Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Financial Risk Impacts on Your Organization

    Good vendor management practices help organizations understand the costs of negative vendor actions.

    Analyst Perspective

    Vendor actions can have significant financial consequences for your organization.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Vendors are becoming more influential and essential to the operation of organizations. Often the sole risk consideration of a business is whether the vendor meets a security standard, but vendors can negatively impact organizations’ budgets in various ways. Fortunately, though inherent risk is always present, organizations can offset the financial impacts of high-risk vendors by employing due diligence in their vendor management practices to help manage the overall risks.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.

    It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.

    Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Info-Tech Insight

    Companies without good vendor management risk initiatives will take on more risk than they should. Solid vendor management practices are imperative –organizations must evolve to ensure that vendors deliver services according to performance objectives and that risks are managed accordingly.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Financial risk impact

    Potential losses to the organization due to financial risks

    In this blueprint, we’ll explore financial risks and their impacts.

    Identifying negative actions is paramount to assessing the overall financial impact on your organization, starting in the due diligence phase of the vendor assessment and continuing throughout the vendor lifecycle.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Financial' highlighted.

    Unbudgeted financial risk impact

    The costs of adverse vendor actions, such as a breach or an outage, are increasing. By knowing these potential costs, leaders can calculate how to avoid them throughout the lifecycle of the relationship.

    Loss of business represents the largest share of the breach

    38%

    Avg. $1.59M
    Global average cost of a vendor breach

    $4.2M

    Percentage of breaches in 2020 caused by business associates

    40.2%

    23.2% YoY
    (year over year)
    (Source: “Cost of a Data Breach Report 2021,” IBM, 2021) (Source: “Vendor Risk Management – A Growing Concern,” Stern Security, 2021)

    Example: Hospital IT System Outage

    Hospitals often rely on vendors to manage their data center environments but rarely understand the downstream financial impacts if that vendor fails to perform.

    For example, a vendor implements a patch out of cycle with no notice to the IT group. Suddenly all IT systems are down. It takes 12 hours for the IT teams to return systems to normal. The downstream impacts are substantial.

    • There is no revenue capture during outage (patient registration, payments).
      • The financial loss is significant, impacting cash on hand and jeopardizing future projects.
    • Clinicians cannot access the electronic health record (EHR) system and shift to downtime paper processes.
      • This can cause potential risks to patient health, such as unknown drug interactions.
      • This could also incur lawsuits, fines, and penalties.
    • Staff must manually add the paper records into the EHR after the incident is corrected.
      • Staff time is lost on creating paper records and overtime is required to reintroduce those records into EMR.
    • Staff time and overtime pay on troubleshooting and solving issues take away from normal operations and could cause delays, having downstream effects on the timing of other projects.

    Insight Summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Insight 1 Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Insight 2 Financial impacts from other risk types deserve just as much focus as security alone, if not more.

    Examples include penalties and fines, loss of revenue due to operational impacts, vendor replacement costs, hidden costs in poorly understood contracts, and lack of contractual protections.

    Insight 3 There is always an inherent risk in working with a vendor, but organizations should financially quantify how much each risk may impact their budget.

    A significant concern for organizations is quantifying different types of risks. When a risk occurs, the financial losses are often poorly understood, with unbudgeted financial impacts.

    Three stages of vendor financial risk assessment

    Assess risk throughout the complete vendor lifecycle

    1. Pre-Relationship Due Diligence: The initial pre-relationship due diligence stage is a crucial point to establish risk management practices. Vendor management practices ensure that a potential vendor’s risk is categorized correctly by facilitating the process of risk assessment.
    2. Monitor & Manage: Once the relationship is in place, organizations should enact ongoing management efforts to ensure they are both getting their value from the vendor and appropriately addressing any newly identified risks.
    3. Termination: When the termination of the relationship arrives, the organization should validate that adequate protections that were established while forming a contract in the pre-relationship stage remain in place.

    Inherent risks from negative actions are pervasive throughout the entire vendor lifecycle. Collaboratively understanding those risks and working together to put proper management in place enables organizations to get the most value out of the relationship with the least amount of risk.

    Flowchart for 'Assessing Financial Risk Impacts', beginning with 'New Vendor' to 'Sourcing' to the six components of 'Vendor Management'. After a gamut of assessments such as ''What If' Game' one can either 'Accept' to move on to 'Pre-Relationship', 'Monitor & Manage', and eventually to 'Termination', or not accept and circle back to 'Sourcing'.

    Stage 1: Pre-relationship assessment

    Do these as part of your due diligence

    • Review and negotiate contract terms and conditions.
      • Ensure that you have the protections to make you whole in the event of an incident, in the event that another entity purchases the vendor, and throughout the entire lifecycle of your relationship with the vendor.
      • Make sure to negotiate your post-termination protections in the initial agreement.
    • Perform a due-diligence financial assessment.
      • Make sure the vendor is positioned in the market to be able to service your organization.
    • Perform an initial risk assessment.
      • Identify and understand all potential factors that may cause financial impacts to your organization.
      • Include total cost of ownership (TCO) and return of investment (ROI) as potential impact offsets.
    • Review case studies – talk to other customers.
      • Research who else has worked with the vendor to get “the good, the bad, and the ugly” stories to form a clear picture of a potential relationship with the vendor.
    • Use proofs of concept.
      • It is essential to know how the vendor and their solutions will work in the environment before committing resources and to incorporate them into organizational strategic plans.
    • Limit vendors’ ability to increase costs over the years. It is not uncommon for a long-term relationship to become more expensive than a new one over time when the increases are unmanaged.
    • Vendor audits can be costly and a significant distraction to your staff. Make sure to contractually limit them.
    • Many vendors enjoy significant revenue from unclear deliverables and vague expectations that lead to change requests at unknown rates – clarifying expectations and deliverables and demanding negotiated rate sheets before engagement will save budget and strengthen the relationship.

    Visit Info-Tech’s VMO ROI Calculator and Tracker

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive financial risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Financial Risk Impact Tool to help drive discussion

    Participants: Vendor Management – Coordinator, IT Operations, Legal/Compliance/Risk Manager, Finance/Procurement

    Vendor management professionals are in an excellent position to collaboratively pull together resources across the organization to determine potential risks. By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Financial Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risks but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Financial Risk Impact Tool

    Stage 2.1: Monitor the financial risk

    Ongoing monitoring activities

    Never underestimate the value of keeping the relationship moving forward.

    Examples of items and activities to monitor include;

    Stock photo of a worker being trained on a computer.
    • Fines
    • Data leaks
    • Performance
    • Credit monitoring
    • Viability/solvency
    • Resource capacity
    • Operational impacts
    • Regulatory penalties
    • Increases in premiums
    • Security breaches (infrastructure)

    Info-Tech Insight

    Many organizations do not have the resources to dedicate to annual risk assessments of all vendors.

    Consider timing ongoing risk assessments to align with contract renewal, when you have the most leverage with the vendor.

    Visit Info-Tech’s Risk Register Tool

    Stage 2.2: Manage the financial risk

    During the lifecycle of the vendor relationship

    • Renew risk assessments annually.
    • Focus your efforts on highly ranked risks.
    • Is there a new opportunity to negotiate?
    • Identify and classify individual vendor risk.
    • Are there better existing contracts in place?
    • Review financial health checks at the same time.
    • Monitor and schedule contract renewals and new service/module negotiations.
    • Perform business alignment meetings to reassess the relationship.
    • Ongoing operational meetings should be supplemental, dealing with day-to-day issues.
    • Develop performance metrics and hold vendors accountable to established service levels.
    Stock image of a professional walking an uneven line over the words 'Risk Management'.

    Stage 3: Termination

    An essential and often overlooked part of the vendor lifecycle is the relationship after termination

    • The risk of a vendor keeping your data for “as long as they want” is high.
      • Data retention becomes a “forever risk” in today’s world of cyber issues if you do not appropriately plan.
    • Ensure that you always know where data resides and where people are allowed to access that data.
      • If there is a regulatory need to house data only in specific locations, ensure that it is explicit in agreements.
    • Protect your data through language in initial agreements that covers what needs to happen when the relationship with the vendor terminates.
      • Typically, all the data that the vendor has retained is returned and/or destroyed at your sole discretion.
    Stock image of a sign reading 'Closure'.

    Related Info-Tech Research

    Stock photo of two co-workers laughing. Design and Build an Effective Contract Lifecycle Management Process
    • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings
    • Understand how to identify and mitigate risk to save the organization time and money.
    Stock image of reports and file folders. Identify and Reduce Agile Contract Risk
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Focus on the correct contract clauses to manage Agile risk.
    Stock photo of three co-workers gathered around a computer screen. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Gain visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Develop a Business Continuity Plan

    • Buy Link or Shortcode: {j2store}411|cart{/j2store}
    • member rating overall impact (scale of 10): 9.1/10 Overall Impact
    • member rating average dollars saved: $37,093 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Recent crises have increased executive awareness and internal pressure to create a business continuity plan (BCP).
    • Industry and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.
    • IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Our Advice

    Critical Insight

    • BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
    • As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

    Impact and Result

    • Implement a structured and repeatable process that you apply to one business unit at a time to keep BCP planning efforts manageable.
    • Use the results of the pilot to identify gaps in your recovery plans and reduce overall continuity risk while continuing to assess specific risks as you repeat the process with additional business units.
    • Enable business leaders to own the BCP going forward. Develop a template that the rest of the organization can use.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Develop a Business Continuity Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify BCP maturity and document process dependencies

    Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

    • BCP Maturity Scorecard
    • BCP Pilot Project Charter Template
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    2. Conduct a BIA to determine acceptable RTOs and RPOs

    Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

    • BCP Business Impact Analysis Tool

    3. Document the recovery workflow and projects to close gaps

    Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    4. Extend the results of the pilot BCP and implement governance

    Present pilot project results and next steps. Create BCMS teams. Update and maintain BCMS documentation.

    • BCP Pilot Results Presentation
    • BCP Summary
    • Business Continuity Teams and Roles Tool

    5. Appendix: Additional BCP tools and templates

    Use these tools and templates to assist in the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan
    • BCP Business Process Workarounds and Recovery Checklists
    • Business Continuity Management Policy
    • Business Unit BCP Prioritization Tool
    • Industry-Specific BIA Guidelines
    • BCP-DRP Maintenance Checklist
    • Develop a COVID-19 Pandemic Response Plan Storyboard
    [infographic]

    Workshop: Develop a Business Continuity Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define BCP Scope, Objectives, and Stakeholders

    The Purpose

    Define BCP scope, objectives, and stakeholders.

    Key Benefits Achieved

    Prioritize BCP efforts and level-set scope with key stakeholders.

    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Flowchart key business processes to identify business processes, dependencies, and alternatives.

    Outputs

    BCP Maturity Scorecard: measure progress and identify gaps.

    Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.

    Identify workarounds for common disruptions to day-to-day continuity.

    2 Define RTOs and RPOs Based on Your BIA

    The Purpose

    Define RTOs and RPOs based on your BIA.

    Key Benefits Achieved

    Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine acceptable RTO/RPO targets for business processes based on business impact.

    Outputs

    BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.

    Apply the scoring scale to estimate the impact of downtime on business processes.

    Acceptable RTOs/RPOs to dictate recovery strategy.

    3 Create a Recovery Workflow

    The Purpose

    Create a recovery workflow.

    Key Benefits Achieved

    Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify and prioritize projects to close gaps and mitigate recovery risks.

    3.3 Evaluate options for command centers and alternate business locations (i.e. BC site).

    Outputs

    Recovery flow diagram – current and future state

    Identify gaps and recovery risks.

    Create a project roadmap to close gaps.

    Evaluate requirements for alternate business sites.

    4 Extend the Results of the Pilot BCP and Implement Governance

    The Purpose

    Extend the results of the pilot BCP and implement governance.

    Key Benefits Achieved

    Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

    Activities

    4.1 Summarize the accomplishments and required next steps to create an overall BCP.

    4.2 Identify required BCM roles.

    4.3 Create a plan to update and maintain your overall BCP.

    Outputs

    Pilot BCP Executive Presentation

    Business Continuity Team Roles & Responsibilities

    3. Maintenance plan and BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

    Further reading

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Analyst Perspective

    A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. Streamline this effort or you won’t get far.

    None of us needs to look very far to find a reason to have an effective business continuity plan.

    From pandemics to natural disasters to supply chain disruptions to IT outages, there’s no shortage of events that can disrupt your complex and interconnected business processes. How in the world can anyone build a plan to address all these threats?

    Don’t try to boil the ocean. Use these tactics to streamline your BCP project and stay on track:

    • Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
    • Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
    • Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.

    No one can predict every possible disruption, but by following the guidance in this blueprint, you can build a flexible continuity plan that allows you to withstand the threats your organization may face.

    Frank Trovato

    Research Director,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Andrew Sharp

    Senior Research Analyst,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Recent crises have increased executive awareness and internal pressure to create a BCP.
    • Industry- and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.

    IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Common Obstacles

    • IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
    • BCP requires input from multiple departments with different and sometimes conflicting objectives.
    • Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.

    Info-Tech’s Approach

    • Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
    • Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Info-Tech Insight

    As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but you must enable business leaders to own their department’s BCP practices and outputs. They know their processes and, therefore, their requirements to resume business operations better than anyone else.

    Use this research to create business unit BCPs and structure your overall BCP

    A business continuity plan (BCP) consists of separate but related sub-plans, as illustrated below. This blueprint enables you to:

    • Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
    • Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
    • Implement ongoing business continuity management to govern BCP, DRP, and crisis management.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s disaster recovery planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. This includes:

    • Identifying business processes and dependencies.
    • Defining an acceptable recovery timeline based on a business impact analysis.
    • Creating a step-by-step recovery workflow.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    IT leaders asked to develop a BCP should start with an IT Disaster Recovery Plan

    It’s a business continuity plan. Why should you start continuity planning with IT?

    1. IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers.
    2. A BCP requires workarounds for IT failures. But it’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss. Your DRP will answer those questions, and without a DRP, BCP discussions can get bogged down in IT discussions. Think of payroll as an example: if downtime might be 24 hours, the business might simply wait for recovery; if downtime might be a week, waiting it out is not an option.
    3. As an IT manager, you can develop an IT DRP primarily with resources within your control. That makes it an easier starting point and puts IT in a better position to shift responsibility for BCP to business leaders (where it should reside) since essentially the IT portion is done.

    Create a Right-Sized Disaster Recovery Plan today.

    Modernize the BCP

    If your BCP relies heavily on paper-based processes as workarounds, it’s time to update your plan.

    Back when transactions were recorded on paper and then keyed into the mainframe system later, it was easier to revert to deskside processes. There is very little in the way of paper-based processes anymore, and as a result, it is increasingly difficult to resume business processes without IT.

    Think about your own organization. What IT system(s) are absolutely critical to business operations? While you might be able to continue doing business without IT, this requires regular preparation and training. It’s likely a completely offline process and won’t be a viable workaround for long even if staff know how to do the work. If your data center and core systems are down, technology-enabled workarounds (such as collaboration via mobile technologies or cloud-based solutions) could help you weather the outage, and may be more flexible and adaptable for day-to-day work.

    The bottom line:

    Technology is a critical dependency for business processes. Consider the role IT systems play as process dependencies and as workarounds as part of continuity planning.

    Info-Tech’s approach

    The traditional approach to BCP takes too long and produces a plan that is difficult to use and maintain.

    The Problem: You need to create a BCP, but don’t know where to start.

    • BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
    • IT leaders are often asked to lead BCP.

    The Complication: A traditional BCP process takes longer to show value.

    • Traditional consultants don’t usually have an incentive to accelerate the process.
    • At the same time, self-directed projects with no defined process go months without producing useful deliverables.
    • The result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.

    A pie chart is separated into three segments, Internal Mandates 43%, Customer Demands 23%, and Regulatory Requirements 34%. The bottom of the image reads Source: Info-Tech Research Group.

    The Info-Tech difference:

    Use Info-Tech’s methodology to right-size and streamline the process.

    • Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
    • Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
    • Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).

    Expedite BCP development

    Info-Tech’s Approach to BCP:

    • Start with one critical business unit to manage scope, establish a repeatable process, and generate deliverables that become a template for remaining business units.
    • Resolve critical gaps as you identify them, generating early value and risk mitigation.
    • Create concise, practical documentation to support recovery.

    Embed training and awareness throughout the planning process.

    BCP for Business Unit A:

    Scope → Pilot BIA → Response Plan → Gap Analysis

    → Lessons Learned:

    • Leverage early results to establish a BCM framework.
    • Take action to resolve critical gaps as they are identified.
    • BCP for Business Units B through N.
    • Scope→BIA→Response Plan→Gap Analysis

    = Ongoing governance, testing, maintenance, improvement, awareness, and training.

    By comparison, a traditional BCP approach takes much longer to mitigate risk:

    • An extensive, upfront commitment of time and resources before defining incident response plans and mitigating risk.
    • A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

    Organizational Risk Assessment and Business Impact Analysis → Solution Design to Achieve Recovery Objectives → Create and Validate Response Plans

    Case Study

    Continuity Planning Supports COVID-19 Response

    Industry: Non-Profit
    Source: Info-Tech Advisory Services

    A charitable foundation for a major state university engaged Info-Tech to support the creation of their business continuity plan.

    With support from Info-Tech analysts and the tools in this blueprint, they worked with their business unit stakeholders to identify recovery objectives, confirm recovery capabilities and business process workarounds, and address gaps in their continuity plans.

    Results

    The outcome wasn’t a pandemic plan – it was a continuity plan that was applicable to pandemics. And it worked. Business processes were prioritized, gaps in work-from-home and business process workarounds had been identified and addressed, business leaders owned their plan and understood their role in it, and IT had clear requirements that they were able and ready to support.

    “The work you did here with us was beyond valuable! I wish I could actually explain how ready we really were for this…while not necessarily for a pandemic, we were ready to spring into action, set things up, the priorities were established, and most importantly some of the changes we’ve made over the past few years helped beyond words! The fact that the groups had talked about this previously almost made what we had to do easy.“ -- VP IT Infrastructure

    Download the BCP Case Study

    Project Overview: BCP

    Phases Phase 1: Identify BCP Maturity and Document Process Dependencies Phase 2: Conduct a BIA to Determine Acceptable RTOs and RPOs Phase 3: Document the Recovery Workflow and Projects to Close Gaps Phase 4: Extend the Results of the Pilot BCP and Implement Governance
    Steps 1.1 Assess current BCP maturity 2.1 Define an objective impact scoring scale 3.1 Determine current recovery procedures 4.1 Consolidate BCP pilot insights to support an overall BCP project plan
    1.2 Establish the pilot BCP team 2.2 Estimate the impact of downtime 3.2 Identify and prioritize projects to close gaps 4.2 Outline a business continuity management (BCM) program
    1.3 Identify business processes, dependencies, and alternatives 2.3 Determine acceptable RTO/RPO targets 3.3 Evaluate BC site and command center options 4.3 Test and maintain your BCP
    Tools and Templates

    BCP Business Impact Analysis Tool

    Results Presentation

    BCP Maturity Scorecard

    Tabletop Planning Template

    BCP Summary

    Pilot Project Charter

    Recovery Workflow Examples

    Business Continuity Teams and Roles

    Business Process Workflows Examples

    BCP Project Roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    BCP Business Impact Analysis Tool: Conduct and document a business impact analysis using this document.

    BCP Recovery Workflows Example: Model your own recovery workflows on this example.

    BCP Project Roadmap: Use this tool to prioritize projects that can improve BCP capabilities and mitigate gaps and risks.

    BCP Relocation Checklists: Plan for and manage a site relocation – whether to an alternate site or work from home.

    Key deliverable:

    BCP Summary Document

    Summarize your organization's continuity capabilities and objectives in a 15-page, easy-to-consume template.

    This document consolidates data from the supporting documentation and tools to the right.

    Download Info-Tech’s BCP Summary Document

    Insight summary

    Focus less on risk, and more on recovery

    Avoid focusing on risk and probability analysis to drive your continuity strategy. You never know what might disrupt your business, so develop a flexible plan to enable business resumption regardless of the event.

    Small teams = good pilots

    Choose a small team for your BCP pilot. Small teams are better at trialing new techniques and finding new ways to think about problems.

    Calculate downtime impact

    Develop and apply a scoring scale to develop a more-objective assessment of downtime impact for the organization. This will help you prioritize recovery.

    It’s not no, but rather not now…

    You can’t address all the organization’s continuity challenges at once. Prioritize high value, low effort initiatives and create a long-term roadmap for the rest.

    Show Value Now

    Get to value quickly. Start with one business unit with continuity challenges, and a small, focused project team who can rapidly learn the methodology, identify continuity gaps, and define solutions that can also be leveraged by other departments right away.

    Lightweight Testing Exercises

    Outline recovery capabilities using lightweight, low risk tabletop planning exercises. Our research shows tabletop exercises increase confidence in recovery capabilities almost as much as live exercises, which carry much higher costs and risks.

    Blueprint benefits

    Demonstrate compliance with demands from regulators and customers

    • Develop a plan that satisfies auditors, customers, and insurance providers who demand proof of a continuity plan.
    • Demonstrate commitment to resilience by identifying gaps in current capabilities and projects to overcome those gaps.
    • Empower business users to develop their plans and perform regular maintenance to ensure plans don’t go stale.
    • Establish a culture of business readiness and resilience.

    Leverage your BCP to drive value (Business Benefits)

    • Enable flexible, mobile, and adaptable business operations that can overcome disruptions large and small. This includes making it easier to work remotely in response to pandemics or facility disruptions.
    • Clarify the risk of the status quo to business leaders so they can make informed decisions on where to invest in business continuity.
    • Demonstrate to customers your ability to overcome disruptions and continue to deliver your services.

    Info-Tech Advisory Services lead to Measurable Value

    Info-Tech members told us they save an average of $44,522 and 23 days by working with an Info-Tech analyst on BCP (source: client response data from Info-Tech's Measured Value Survey).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structure the project and stay on track.
    3. Review project deliverables and ensure the process is applied properly.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    Your Trusted Advisor is a call away.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Scoping

    Call 1: Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

    Business Processes and Dependencies

    Calls 2 - 4: Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

    Conduct a BIA

    Calls 5 – 7: Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

    Recovery Workflow

    Calls 8 – 9: Create a recovery workflow based on tabletop planning.

    Documentation & BCP Framework

    Call 10: Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com | 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Identify BCP Maturity, Key Processes, and Dependencies Conduct a BIA to Determine Acceptable RTOs and RPOs Document the Current Recovery Workflow and Projects to Close Gaps Identify Remaining BCP Documentation and Next Steps Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Create a flowchart for key business processes to identify business processes, dependencies, and alternatives.

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of a business disruption on cost, goodwill, compliance, and health & safety.

    2.3 Determine acceptable RTOs/RPOs for selected business processes based on business impact.

    3.1 Review tabletop planning – what is it, how is it done?

    3.2 Walk through a business disruption scenario to determine your current recovery timeline, RTO/RPO gaps, and risks to your ability to resume business operations.

    3.3 Identify and prioritize projects to close RTO/RPO gaps and mitigate recovery risks.

    4.1 Assign business continuity management (BCM) roles to govern BCP development and maintenance, as well as roles required to execute recovery.

    4.2 Identify remaining documentation required for the pilot business unit and how to leverage the results to repeat the methodology for remaining business units.

    4.3 Workshop review and wrap-up.

    5.1 Finalize deliverables for the workshop.

    5.2 Set up review time for workshop outputs and to discuss next steps.

    Deliverables
    1. Baseline BCP maturity status
    2. Business process flowcharts
    3. Business process dependencies and alternatives recorded in the BIA tool
    1. Potential impact of a business disruption quantified for selected business processes.
    2. Business processes criticality and recovery priority defined
    3. Acceptable RTOs/RPOs defined based on business impact
    1. Current-state recovery workflow and timeline.
    2. RTO/RPO gaps identified.
    3. BCP project roadmap to close gaps
    1. BCM roles and responsibilities defined
    2. Workshop results deck; use this to communicate pilot results and next steps
    1. Finalized deliverables

    Phase 1

    Identify BCP Maturity and Document Process Dependencies

    Phase 1

    1.1 Assess Current BCP Maturity

    1.2 Establish the pilot BCP team

    1.3 Identify business processes, dependencies, and alternatives

    Insights & Outcomes

    Define the scope for the BCP project: assess the current state of the plan, create a pilot project team and pilot project charter, and map the business processes that will be the focus of the pilot.

    Participants

    • BCP Coordinator
    • BCP Executive Sponsor
    • Pilot Business Unit Manager & Process SMEs

    Step 1.1

    Assess current BCP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s BCP Maturity Scorecard

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    You'll use the following tools & templates:

    Outcomes & Insights

    Establish current BCP maturity using Info-Tech’s ISO 22301-aligned BCP Maturity Scorecard.

    Evaluate the current state of your continuity plan

    Use Info-Tech’s Maturity Scorecard to structure and accelerate a BCP maturity assessment.

    Conduct a maturity assessment to:

    • Create a baseline metric so you can measure progress over time. This metric can also drive buy-in from senior management to invest time and effort into your BCP.
    • Understand the scope of work to create a complete business continuity plan.
    • Measure your progress and remaining gaps by updating your assessment once you’ve completed the activities in this blueprint.

    This blueprint primarily addresses the first four sections in the scorecard, which align with the creation of the core components of your business continuity plan.

    Info-Tech’s BCP Maturity Scorecard

    Info-Tech’s maturity scorecard is aligned with ISO 22301, the international standard that describes the key elements of a functioning business continuity management system or program – the overarching set of documents, practices, and controls that support the ongoing creation and maintenance of your BCP. A fully functional BCMS goes beyond business continuity planning to include crisis management, BCP testing, and documentation management.

    Audit tools tend to treat every bullet point in ISO 22301 as a separate requirement – which means there’s almost 400 lines to assess. Info-Tech’s BCP Maturity Scorecard has synthesized key requirements, minimizing repetition to create a high-level self-assessment aligned with the standard.

    A high score is a good indicator of likely success with an audit.

    Download Info-Tech's BCP Maturity Scorecard

    Tool: BCP Maturity Scorecard

    Assess your organization’s BCP capabilities.

    Use Info-Tech’s BCP Maturity Scorecard to:

    • Assess the overall completeness of your existing BCP.
    • Track and demonstrate progress towards completion as you work through successive planning iterations with additional business units.
    1. Download a copy of the BCP Maturity Scorecard. On tab 1, indicate the percent completeness for each item using a 0-10 scale (0 = 0% complete, 10 = 100% complete).
    2. If you anticipate improvements in a certain area, make note of it in the “Comments” column.
    3. Review a visual representation of your overall scores on tab 2.

    Download Info-Tech's BCP Maturity Scorecard

    "The fact that this aligns with ISO is huge." - Dr. Bernard Jones MBCI, CBCP

    Step 1.2

    Establish the pilot BCP team

    This step will walk you through the following activities:

    • Assign accountability, responsibility, and roles.
    • Develop a project charter.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Assign roles and responsibilities for the BCP pilot project. Set milestones and timelines for the pilot.

    Take a pilot approach for BCP

    Limit the scope of an initial BCP project to get to value faster.

    Pilot Project Goals

    • Establish a repeatable methodology that fits your organization and will accelerate BCP development, with tangible deliverables that provide a template for the rest of the business.
    • Identify high-priority business continuity gaps for the pilot business unit, many of which will also apply to the overall organization.
    • Identify initiatives to start addressing gaps now.
    • Enable business users to learn the BCP methodology and toolset so they can own and maintain their business unit BCPs.

    Accomplishments expected:

    • Define key business processes and process dependencies, and alternatives if dependencies are not available.
    • Classify key business processes by criticality for one business unit, using an objective impact scoring scale.
    • Set recovery objectives for these key processes.
    • Document workarounds and recovery plans.
    • Identify gaps in recovery plans and list action items to mitigate risks.
    • Develop a project plan to structure a larger continuity project.

    What not to expect from a pilot project:

    • A complete organizational BCP (the pilot is a strong starting point).
    • Implemented solutions to all BCP gaps (proposed solutions will need to be evaluated first).

    Structure IT’s role in continuity planning

    Clearly define IT’s role in the pilot BCP project to deliver a successful result that enables business units to own BCP in the future.

    Though IT is a critical dependency for most processes, IT shouldn’t own the business continuity plan. IT should be an internal BCP process consultant, and each business unit must own their plan.

    IT should be an internal BCP consultant.

    • IT departments interact with all business units, which gives IT leaders at least a high-level understanding of business operations across the organization.
    • IT leaders typically also have at least some knowledge of disaster recovery, which provides a foundation for tackling BCP.
    • By contrast, business leaders often have little or no experience with disaster recovery, and don’t have the same level of experience as IT when it comes to working with other business units.

    Why shouldn’t IT own the plan?

    • Business unit managers have the authority to direct resources in their department to participate in the BCP process.
    • Business users are the experts in their processes, and are in the best position to identify dependencies, downtime impacts, recovery objectives, and viable solutions (e.g., acceptable alternate sites or process workarounds).
    • Ultimately, business unit managers and executives must decide whether to mitigate, accept, or transfer risks.

    Info-Tech Insight

    A goal of the pilot is to seed success for further planning exercises. This is as much about demonstrating the value of continuity planning to the business unit, and enabling them to own it, as it is about implementing the methodology successfully.

    Create a RACI matrix for the pilot

    Assemble a small, focused team for the pilot project empowered to discover, report, and present possible solutions to continuity planning challenges in your organization.

    Outline roles and responsibilities on the pilot team using a “RACI” exercise. Remember, only one party can be ultimately accountable for the work being completed.

    Example Pilot BCP Project RACI

    Board Executive Team BCP Executive Sponsor BCP Team Leader BCP Coordinator Pilot Bus. Unit Manager Expert Bus. Unit Staff IT Manager
    Communicate BCP project status I I I A R C C I
    Assign resources to pilot BCP project A R C R C R
    Conduct continuity planning activities I A/R R R R R
    Create pilot BCP deliverables I A R R C C C
    Manage BCP documentation I A C R I C C
    Integrate results into BCMS I I A R R I C C
    Create overall BCP project plan I I A R C C

    R: Responsible for doing the work.

    A: Accountable to ensure the activity/work happens.

    C: Consulted prior to decision or action.

    I: Informed of the decision/action once it’s made.

    "Large teams excel at solving problems, but it is small teams that are more likely to come up with new problems for their more sizable counterparts to solve." – Wang & Evans, 2019

    Info-Tech Insight

    Small teams tend to be better at trialing new techniques and finding new ways to think about problems, both of which are needed for a BCP pilot project.

    Choose one business unit for the pilot

    Many organizations begin their BCP project with a target business unit in mind. It’s still worth establishing whether this business unit meets the criteria below.

    Good candidates for a pilot project:

    • Business processes are standardized and documented.
    • Management and staff are motivated to improve business continuity.
    • The business unit is sufficiently well resourced to spare time (e.g. a few hours a week) to dedicate to the BCP process.
    • If the business unit doesn’t meet these criteria, consider addressing shortfalls before the pilot (e.g. via stakeholder management or business process analysis) or selecting another unit.
    • Many of the decisions will ultimately require input and support from the business unit’s manager(s). It is critical that they are bought into and engaged with the project.
    • The leader of the first business unit will be a champion for BCP within the executive team.
    • Sometimes, there’s no clear place to start. If this is the case for you, consider using Info-Tech’s Business Unit BCP Prioritization Tool to determine the order in which business units should undergo BCP development.

    Create role descriptions for the pilot project

    Use these role descriptions and your RACI chart to define roles for the pilot.

    These short descriptions establish the functions, expectations, and responsibilities of each role at a more granular level.

    The Board and executives have an outsized influence on the speed at which the project can be completed. Ensure that communication with these stakeholders is clear and concise. Avoid involving them directly in activities and deliverable creation, unless it’s required by their role (e.g. as a business unit manager).

    Project Role Description
    Board & Executive Team
    • Will receive project status updates but are not directly involved in deliverable creation.
    Executive Sponsor
    • Liaison with the executive team.
    • Accountable to ensure the pilot BCP is completed.
    • Set project goals and approve resource allocation and funding.
    Pilot Business Unit Manager
    • Drive the project and assign required resources.
    • Delegate day-to-day project management tasks to the BCP Coordinator.
    BCP Coordinator
    • Function as the project manager. This includes scheduling activities, coordinating resources, reporting progress, and managing deliverables.
    • Learn and apply the BCP methodology to achieve project goals.
    Expert Business Unit Staff
    • Pilot business unit process experts to assist with BCP development for that business unit.
    IT Manager
    • Provide guidance on IT capabilities and recovery options.
    Other Business Unit Managers
    • Consulted to validate or provide input to the business impact analysis and RTOs/RPOs.

    Identify a suitable BCP Coordinator

    A skilled and committed coordinator is critical to building an effective and durable BCP.

    • Coordinating the BC planning effort requires a perspective that’s informed by IT, but goes beyond IT.
    • For example, many IT professionals only see business processes where they intersect with IT. The BCP Coordinator needs to be able to ask the right questions to help the business units think through dependencies for critical processes.
    • Business analysts can thrive in this role, which requires someone effective at dissecting business processes, working with business users, identifying requirements, and managing large projects.

    Structure the role of the BCP Coordinator

    The BCP Coordinator works with the pilot business unit as well as remaining business units to provide continuity and resolve discrepancies as they come up between business units.

    Specifically, this role includes:

    • Project management tasks (e.g. scheduling, assigning tasks, coordinating resources, and reporting progress).
    • Learning the BCP methodology (through the pilot) so that this person can lead remaining business units through their BCP process. This enables the IT leader who had been assigned to guide BCP development to step back into a more appropriate consulting role.
    • Managing the BCP workflow.

    "We found it necessary to have the same person work with each business unit to pass along lessons learned and resolve contingency planning conflicts for common dependencies." – Michelle Swessel, PM and IT Bus. Analyst, Wisconsin Compensation Rating Bureau (WCRB)

    Template: Pilot Project Charter

    Formalize participants, roles, milestones, risks for the pilot project.

    Your charter should:

    1. Define project parameters, including drivers, objectives, deliverables, and scope.
    2. Identify the pilot business unit.
    3. Assign a BCP pilot team, including a BCP Coordinator, to execute the methodology.
    4. Define before-and-after metrics to enable the team to measure pilot success.
    5. Set achievable, realistic target dates for specific project milestones.
    6. Document risks, assumptions, and constraints.

    Download Info-Tech’s BCP Pilot Project Charter Template

    Step 1.3

    Identify business processes, dependencies, and alternatives

    This step will walk you through the following activities:

    • Identify key business processes.
    • Document the process workflow.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    You'll use the following tools & templates:

    Outcomes & Insights

    Documented workflows, process dependencies, and workarounds when dependencies are unavailable.

    Flowchart business processes

    Workflows help you visually identify process dependencies and optimization opportunities.

    • Business continuity planning is business process focused. You need to document business processes, dependencies, and downtime workarounds.
    • Process documentation is a basic BCP audit requirement, but it will also:
      • Keep discussions about business processes well-scoped and focused – by documenting the process, you also clarify for everyone what you’re actually talking about.
      • Remind participants of process dependencies and workarounds.
      • Make it easier to spot possible process breakdowns or improvements.
      • Capture your work, which can be used to create or update SOP documentation.
    • Use flowcharts to capture process workflows. Flowcharts are often quicker to create, take less time to update, and are ultimately more usable than a dense manual.

    Info-Tech Insight

    Process review often results in discovering informal processes, previously unknown workarounds or breakdowns, shadow IT, or process improvement opportunities.

    1.3.1 Prioritize pilot business unit processes

    Input

    • List of key business unit processes.

    Output

    • List of key business unit processes, now prioritized (at a high-level)

    Materials

    • Whiteboard/flip charts
    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (leads the discussion)
    • Pilot Business Unit Manager

    30 minutes

    1. Create a list of all formal and informal business processes executed by the pilot business unit.
    2. Discuss the impact of process downtime, and do a quick assessment whether impact of downtime for each process would be high, medium, or low across each of these criteria:
      • Revenue or costs (e.g. supports sales, billing, or productivity)
      • Goodwill (e.g. affects internal or external reputation)
      • Compliance (e.g. affects legal or industry requirements)
      • Health or safety (e.g. affects employee/public health & safety)

    Note: A more in-depth analysis will be conducted later to refine priorities. The goal here is a high-level order of priority for the next steps in the planning methodology (identify business processes and dependencies).

    1. In the BCP Business Impact Analysis Tool, Processes and Dependencies tab, record the following:
      • The business processes in rough order of criticality.
      • For each process, provide a brief description that focuses on purpose and impact.
      • For each process, name a process owner (i.e. accountable for process completion – could be a manager or senior staff, not necessarily those executing the process).

    1.3.2 Review process flows & identify dependencies

    Input

    • List of key business unit processes (prioritized at a high level in Activity 1.3.1).
    • Business process flowcharts.

    Output

    • Business process flowcharts

    Materials

    • Whiteboard/flip charts
    • Microsoft Visio, or other flowcharting software
    • BCP Business Impact Analysis Tool

    Download Info-Tech’s Business Process Workflows Example

    1.5 hours

    1. Use a whiteboard to flowchart process steps. Collaborate to clarify process steps and dependencies. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and process optimization, as described in the Info-Tech blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.
    2. Record the dependencies in tab 1 of the BCP Business Impact Analysis Tool in the appropriate columns:
      • People – Anyone involved in the process, from providing guidance to executing the steps.
      • IT Applications – Core IT services (e.g. ERP, CRM) required for this process.
      • End-user devices & equipment – End-user devices, locally-installed apps, IoT, etc.
      • Facility – Any special requirements beyond general office space.
      • Suppliers & Service Providers – Third-parties who support this process.

    Info-Tech Insight

    Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there. Identify the go-to staff members who are well versed in how a process works.

    1.3.3 Document workarounds

    Input

    • Business process flowcharts.
    • List of process dependencies.

    Output

    • Workarounds and alternatives in the event dependencies aren’t available.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the activity)
    • Pilot Business Unit Manager
    • Business Process Subject Matter Experts (SMEs)

    1.5 hours

    Identify alternatives to critical dependencies to help you create contingency plans.

    1. For each business process, identify known alternatives for each primary dependency. Ignore for the moment how long the workaround or alternate would be feasible.
    2. Record alternatives in the Business Continuity Business Impact Analysis Tool, Processes and Dependencies tab, Alternatives columns (a separate column for each category of dependency):
      • People – Can other staff execute the process steps? (Example: managers can step in if needed.)
      • IT Applications – Is there a manual workaround or other alternative while enterprise technology services are unavailable? (Example: database is down, but data is stored on physical forms.)
      • End-User Devices and Equipment – What alternatives exist to the usual end-user technologies, such as workstations and desk phones? (Example: some staff have cell phones.)
      • Facility Location and Requirements – Is there an alternate location where this work can be conducted? (Example: work from home, or from another building on the campus.)
      • Suppliers and External Services – Is there an alternative source for key suppliers or other external inputs? (Example: find alternate suppliers for key inputs.)
      • Additional Inputs or Requirements – What workarounds exist for additional artifacts that enable process steps (e.g. physical inventory records, control lists)? (Example: if hourly pay information is missing, run the same payroll as the previous run and reconcile once that information is available.)

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Phase 2

    2.1 Define an objective impact scoring scale

    2.2 Estimate the impact of downtime

    2.3 Determine acceptable RTO/RPO targets

    Insights & Outcomes

    Assess the impact of business process downtime using objective, customized impact scoring scales. Sort business processes by criticality and by assigning criticality tiers, recovery time, and recovery point objectives.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 2.1

    Define an objective scoring scale

    This step will walk you through the following activities:

    • Identify impact criteria that are relevant to your business.
    • Create a scale that defines a range of impact for relevant criteria.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Define an impact scoring scale relevant to your business, which allows you to more-objectively assess the impact of business process downtime.

    Set appropriate recovery objectives

    Recovery time and recovery point objectives should align with business impact.

    The activities in Phase 2 will help you set appropriate, acceptable recovery objectives based on the business impact of process downtime.

    • The recovery time objective (RTO) and recovery point objective (RPO) are the recovery goals set for individual processes and dependencies to ensure your business unit meets its overall acceptable recovery timeline.

    For example:

    • An RTO of four hours means staff and other required resources must be available to support the business processes within four hours of an incident (e.g. relocate to an alternate worksite if necessary, access needed equipment, log-in to needed systems, get support for completing the process from alternate staff, etc.)
    • An RPO of four hours for a customer database means the most recent secondary copy of the data must never be more than four hours old – e.g. running a backup every four hours or less.

    Conduct a Business Impact Analysis (BIA)

    Create Impact Scoring Scales→Assess the impact of process downtime→Review overall impact of process downtime→Set Criticality Tiers→Set Recovery Time and Recovery Point Objectives

    Create financial impact scales

    Identify maximum cost and revenue impacts to build financial impact scales to measure the financial impact of process downtime.

    Work with the Business Unit Manager and Executive Sponsor to identify the maximum impact in each category to the entire business. Use a worst-case scenario to estimate the maximum for each scale. In the future, you can use this scoring scale to estimate the impact of downtime for other business units.

    • Loss of Revenue: Estimate the upper bound for this figure from the previous year, and divide that by the number of business days in the year. Note: Some organizations may choose to exclude revenue as a category where it won’t be lost (e.g. public-sector organizations).
    • Loss of Productivity: Proxy for lost workforce productivity using payroll numbers. Use the fully loaded payroll for the company, divided by the number of working days in the year as the maximum.
    • Increased Operating Costs: Isolate this to known additional costs resulting from a disruption. Does the interruption itself increase operating costs (e.g. if using timesheets for hourly/contract employees and that information is lost or unavailable, do you assume a full work week)?
    • Financial Penalties: If there are known financial penalties (e.g. due to failure to meet SLAs or other contractual obligations), include those values in your cost estimates.

    Info-Tech Insight

    Cost estimates are like hand grenades and horseshoes: you don’t need to be exact. It’s much easier to get input and validation from other stakeholders when you have estimates. Even weak estimates are far better than a blank sheet.

    Create goodwill, compliance, and safety impact scales

    Create a quantitative, more-objective scoring scale for goodwill, compliance and safety by following the guidance below.

    • Impact on Customers: By default, the customer impact scale is based on the percent of your total customer base impacted. You can also modify this scale to include severity of impact or alter it to identify the maximum number of customers that would be impacted.
    • Impact on Staff: Consider staff that are directly employed by the organization or its subsidiaries.
    • Impact on Business Partners: Which business partners would be affected by a business disruption?
    • Impact on Health & Safety: Consider the extent to which process downtime could increase the risk of the health & safety of staff, customers, and the general public. In addition, degradation of health & safety services should be noted.
    • Impact on Compliance: Set up the scale so that you can capture the impact of any critical regulatory requirements that might not be met if a particular process was down for 24 hours. Consider whether you expect to receive leeway or a grace period from the governance body that requires evidence of compliance.

    Info-Tech Best Practice

    Use just the impact scales that are relevant to your organization.

    Tool: Impact Scoring Scales

    • Define 4-point scoring scales in the BCP business impact analysis tool for a more objective assessment than gut-feel rankings.
    • You don’t need to include every category, if they aren’t relevant to your organization.
    • Refine the scoring scale as needed through the pilot project.
    • Use the same scoring scale for impact analyses with additional business units in the future.

    An image depicting the Business Impact Analysis Tool. A note pointing to the Level of Impact and Direct Cost Impact Scales columns states: Add the maximum cost impacts across each of the four impact scales to the tool. The rest of the scale will auto-populate based on the criteria outlined in the “Level of Impact” column. A note pointing to the column headers states: Change the names of the column headers in this tab. The changes to column headers will populate across the rest of the tool. Indicate exclusions from the scale here. A note pointing to the Goodwill Impact Scales columns reads: Update the Goodwill impact scales. For example, perhaps a critical impact on customers could be defined as “a significant impact on all customers using the organization’s services in a 24-hour period.” A note pointing to the Compliance, Heath and Safety Impact Scales columns reads: Review the compliance and safety impact scales, and update as required.

    Step 2.2

    Estimate the impact of downtime

    This step will walk you through the following activities:

    • Apply the scoring scale developed in step 2.1 to assess the impact of downtime for specific business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Develop an objective view of the impact of downtime for key business processes.

    2.2.1 Estimate the impact of downtime

    1.5 hours

    Input

    • List of business processes, dependencies, and workarounds, all documented in the BIA tool.

    Output

    • Impact of downtime scores for key business unit processes.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Print a copy of the Scoring Criteria tab to use as a reference, or have it open on another screen. In tab 3 of the BCP Business Impact Analysis Tool use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the Scoring Criteria tab.
    2. Work horizontally across all categories for a single process. This will set a benchmark, familiarize you with the scoring system, and allow you to modify any scoring scales if needed. In general, begin with the process that you know to be most critical.
      • For example, if call center sales operations are down:
        • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 2 or 3 depending on the proportion of sales generated through the call center.
        • The Impact on Customers might be a 1 or 2 depending on the extent that existing customers might be using the call center to purchase new products or services.
        • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0.
    3. Next, work vertically across all processes within a single category. This will allow you to compare scores within the category as you create them.

    Tool: Impact Analysis

    • The goal of the exercise is to arrive at a defensible ranking of process criticality, based on the impact of downtime.
    • Make sure participants can see the scores you’re assigning during the exercise (e.g. by writing out the scores on a whiteboard, or displaying the tool on a projector or screen) and can reference the scoring scales tab to understand what the scores mean.
    • Take notes to record the rationale behind the impact scores. Consider assigning note-taking duties to one of the participants.

    An image of the Impact Analysis Tool. A note pointing to the column headings states: Any customized column headings from tab 2, Scoring Criteria are automatically ported to this tab. A note pointing to the Impact on Goodwill columns reads: Score each application across each scoring scale from 0 to 4. Be sure to refer back to the scoring scale defined in tab 2. Have the scoring scale printed out, written on a whiteboard, or displayed on a separate screen. A note pointing to the tool's dropdown boxes states: Score categories using the drop-down boxes. A note pointing to the centre columns reads: Ignore scoring for categories you choose to exclude. You can hide these columns to clean up the tool if needed.

    2.2.2 Sort processes into Criticality Tiers

    30 minutes

    Input

    • Processes, with assigned impact scores (financial impact, goodwill impact, compliance and safety impact).

    Output

    • Business processes sorted into criticality tiers, based on the impact of downtime.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. In general, consider the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic to start the process is to assign a tier 1 rating to all processes with a Goodwill, Compliance, and Safety score that’s 50% or more of the highest total score, tier 2 where scores are between 25% and 50%, and tier 3 where scores are below 25% (see table below for an example).
      • In step 2.3, you’ll align recovery time objectives with the criticality tiers. So, Tier 1 processes will target recovery before Tier 2 processes, and Tier 2 processes will target recovery before Tier 3 processes.
    2. Next, consider the Total Cost of Downtime.
    • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the estimates in the BIA.
    • Consider whether the total cost impact justifies changing the criticality rating. “Smoke test” categorization with participants. Are there any surprises (processes more or less critical than expected)?
  • If the categorization doesn’t seem right, check that the scoring scale was applied consistently.
  • Example: Highest total Goodwill, Compliance, and Safety impact score is 18.

    Tier Score Range % of high score
    Tier 1 - Gold 9-18 50-100%
    Tier 2 - Silver 5 to 9 25-50%
    Tier 3 - Bronze 0 to 5 0-25%

    Step 2.3

    Determine acceptable RTO and RPO targets

    This step will walk you through the following activities:

    • Identify acceptable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes and Insights

    Right-size recovery objectives based on business impact.

    Right-size recovery objectives

    Acceptable RTOs and RPOs must be right-sized to the impact of downtime.

    Rapid recovery typically requires more investment.

    The impact of downtime for most business processes tends to look something like the increasing impact curve in the image to the right.

    In the moments after a disruption, impact tends to be minimal. Imagine, for example, that your organization was suddenly unable to pay its suppliers (don’t worry about the reason for the disruption, for the moment). Chances are, this disruption wouldn’t affect many payees if it lasted just a few minutes, or even a few hours. But if the disruption were to continue for days, or weeks, the impact of downtime would start to spiral out of control.

    In general, we want to target recovery somewhere between the point where impact begins, and the point where impact is intolerable. We want to balance the impact of downtime with the investment required to make processes more resilient.

    Info-Tech Insight

    Account for hard copy files as well as electronic data. If that information is lost, is there a backup? BCP can be the driver to remove the last resistance to paperless processes, allowing IT to apply appropriate data protection.

    Set recovery time objectives and recovery point objectives in the “Debate Space”

    A graph with the X axis labelled as: Increasing downtime/data loss and the Y-axis labelled Increasing Impact. The graph shows a line rising as impact and downtime/data loss increase, with the lowest end of the line (on the left) labelled as minimal impact, and the highest point of the line (on the right) labelled maximum tolerance. The middle section of the line is labelled as the Debate Space, and a note reads: Acceptable RTO/RPO must be between Low Impact and Maximum Tolerance

    2.3.1 Define process-level recovery objectives

    1 hour

    Input

    • Processes, ranked by criticality.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review the “Debate Space” diagram (shown in previous section) with all participants.
    2. Ask business participants for each process: how much downtime is tolerable, acceptable, or appropriate? How much data loss is tolerable?
      • If participants aren’t yet comfortable setting recovery objectives, identify the point at which downtime and data loss first becomes noticeable and the point at which downtime and data loss becomes intolerable.
      • Choose an RTO and RPO for each process that falls within the range set by these two extremes.

    RTOs and RPOs are business-defined, impact-aligned objectives that you may not be able to achieve today. It may require significant investments of time and capital to enable the organization to meet RTO and RPO.

    2.3.2 Align RTOs within and across criticality tiers

    1 hour

    Input

    • Results from pilot BCP impact analysis.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool
    • Whiteboard/ flipchart

    Participants

    • BCP Coordinator
    • BCP Project Sponsor
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager (optional)

    Set a range for RTO for each Tier.

    1. Start with your least critical/Tier 3 processes. Use the filter in the “Criticality Rating” column in the Impact Analysis tab of the BIA tool to show only Tier 3 processes.
      • What range of RTOs did the group assign for processes in this Tier? Does the group agree that these targets are appropriate for these processes?
      • Record the range of RTOs on the whiteboard or flipchart.
    2. Next, look at Tier 2 processes. Use the same filter to show just Tier 2 processes.
      • Record the range of RTOs, confirm the range with the group, and ensure there’s no overlap with the Tier 3 range.
      • If the RTOs in one Tier overlap with RTOs in another, you’ll need to adjust RTOs or move processes between Tiers (if the impact analysis justifies it).
    Tier RTO
    Tier 1 4 hrs- 24 hrs
    Tier 2 24 hrs - 72 hrs
    Tier 3 72 hrs - 120 hrs

    Phase 3

    Document the Recovery Workflow and Projects to Close Gaps

    3.1 Determine current recovery procedures

    3.2 Identify and prioritize projects to close gaps

    3.3 Evaluate business continuity site and command center options

    Insights & Outcomes

    Outline business recovery processes. Highlight gaps and risks that could hinder business recovery. Brainstorm ideas to address gaps and risks. Review alternate site and business relocation options.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 3.1

    Determine current recovery procedures

    This step will walk you through the following activities:

    • Create a step-by-step, high-level recovery workflow.
    • Highlight gaps and risks in the recovery workflow.
    • Test the workflow against multiple scenarios.

    This step involves the following participants:

    • BCP Coordinator
    • Crisis Management Team
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Establish steps required for business recovery and current recovery timelines.

    Identify risks & gaps that could delay or obstruct an effective recovery.

    Conduct a tabletop planning exercise to draft business recovery plans

    Tabletop exercises are the most effective way to test and increase business confidence in business recovery capabilities.

    Why is tabletop planning so effective?

    • It enables you play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It provides a thorough test of your recovery workflow since the exercise is, essentially, paper-based.
    • After you have a BCP in place, this exercise can continue to be a valuable testing exercise for BCP to capture changes in your recovery process.

    A graph titled: Tabletop planning had the greatest impact on respondent confidence in meeting recovery objectives. The graph shows that the relative importance of Tabletop Planning is 57%, compared to 33% for Unit Testing, 3% for Simulation Testing, 6% for Parallel Testing, and 2% for Full-Scale Testing. The source for the graph is Info-Tech Research Group.

    Step 2 - 2 hours
    Establish command center.

    Step 2: Risks

    • Command center is just 15 miles away from primary site.

    Step 2: Gaps

    • Confirm what’s required to set up the command center.
    • Who has access to the EOC?
    • Does the center have sufficient bandwidth, workstations, phones, telephone lines?

    3.1.1 Choose a scenario for your first tabletop exercise

    30 minutes

    Input

    • List of past incidents.
    • Risks to business continuity that are of high concern.

    Output

    • Scenario for the tabletop exercise.

    Materials

    • N/A

    Participant

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot business unit manager

    At the business unit level, the goal is to define a plan to resume business processes after an incident.

    A good scenario is one that helps the group focus on the goal of tabletop planning – to discuss and document the steps required to recover business processes. We suggest choosing a scenario for your first exercise that:

    • Disrupts many process dependencies (i.e. facilities, staff, IT services, suppliers).
    • Does not result in major property damage, harm, or loss of life. Business resumption is the focus of this exercise, not emergency response.
    • Has happened in the past, or is of concern to the business.

    An example: a gas leak at company HQ that requires the area to be cordoned off and power to be shut down. The business must resume processes from another location without access to materials, equipment, or IT services at the primary location.

    A plan that satisfies the gas leak scenario should meet the needs of other scenarios that affect your normal workspace. Then use BCP testing to validate that the plan meets a wider range of incidents.

    3.1.2 Define the BCP activation process

    1 hour

    Input

    • Any existing crisis management, incident response or emergency response plans.
    • BC Scenario.

    Output

    • High level incident notification, assessment, and declaration workflow.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator
    • Crisis Management Team (if one exists)
    • Business Process SMEs
    • Pilot Business Unit Manager

    Answer the questions below to structure your notification, assessment, and BCP activation procedures.

    Notification

    How will you be notified of a disaster event? How will this be escalated to leadership? How will the team responsible for making decisions coordinate (if they can’t meet on-site)? What emergency response plans are in place to protect health and safety? What additional steps are involved if there’s a risk to health and safety?

    Assessment

    Who’s in charge of the initial assessment? Who may need to be involved in the assessment? Who will coordinate if multiple teams are required to investigate and assess the situation? Who needs to review the results of the assessment, and how will the results of the assessment be communicated (e.g. phone bridge, written memo)? What happens if your primary mode of communication is unavailable (e.g. phone service is down)?

    Declaration

    Who is responsible today for declaring a disaster and activating business continuity plans? What are the organization’s criteria for activating continuity plans, and how will BCP activation be communicated? Establish a crisis management team to guide the organization through a wide range of crises by Implementing Crisis Management Best Practices.

    3.1.3 Document the business recovery workflow

    1 hour

    Input

    • Pilot BIA.
    • Any existing crisis management, incident response, or emergency response plans.
    • BC Scenario

    Output

    • Outline of your BCP declaration and business recovery plan.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Do the following:

    1. Create separate flows for facility, IT, and staff disruptions. Include additional workflows as needed.
      • We suggest you outline the recovery process at least to the point where business processes are restored to a minimum viable functional level.
    2. On white cue cards:
      1. Record the step.
      2. Indicate the task owner.
      3. Estimate how long the step will take.
    3. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    4. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Info-Tech Best Practice

    Tabletop planning is most effective when you keep it simple.

    • Be focused; stay on task and on time.
    • Revisit each step and record risks and mitigation strategies.
    • Discuss each step from start to finish.
    • Revise the plan with key task owners.
    • Don’t get weighed down by tools.
    • Simple tools, like cue cards or whiteboards, can be very effective.

    Tool: BCP Recovery Workflow

    Document the steps you identified in the tabletop to create your draft recovery workflow.

    Why use a flowchart?

    • Flowcharts provide an at-a-glance view, are ideal for crisis scenarios where pressure is high and effective, and where timely communication is necessary.
    • For experienced managers and staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation/contracts, other flowcharts, etc.)

    Create one recovery workflow for all scenarios.

    Traditional planning calls for separate plans for different “what-if” scenarios. This is challenging not just because it’s a lot more documentation – and maintenance – but because it’s impossible to predict every possible incident. Use the template, aligned to recovery of process dependencies, to create one recovery workflow for each business unit that can be used in and tested against different scenarios.

    Download Info-Tech’s BCP Recovery Workflow Example

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director-IT Operations, Healthcare Industry

    "Very few business interruptions are actually major disasters. It’s usually a power outage or hardware failure, so I ensure my plans address ‘minor’ incidents as well as major disasters."- BCP Consultant

    3.1.4 Document achievable recovery metrics (RTA/RPA)

    30 minutes

    Input

    • Pilot BCP BIA.
    • Draft recovery workflow.

    Output

    • RTA and RPA for each business process.

    Materials

    • Pilot BCP BIA.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Add the following data to your copy of the BCP Business Impact Analysis Tool.

    1. Estimate the recovery time achievable (RTA) for each process based on the required time for the process to be restored to a minimum acceptable functional level. Review your recovery workflow to identify this timeline. For example, if the full process from notification, assessment, and declaration to recovery and relocation would take a full day, set the RTA to 24 hours.
    2. Estimate the recovery point achievable (RPA) for each process based on the maximum amount of data that could be lost. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and the achievable RPO is 24 hours. Note: Enter a value of 9999 to indicate that data is unrecoverable.

    Info-Tech Insight

    Operating at a minimum acceptable functional level may not be feasible for more than a few days or weeks. Develop plans for immediate continuity first, then develop further plans for long-term continuity processes as required. Recognize that for longer term outages, you will evolve your plans in the crisis to meet the needs of the situation.

    3.1.5 Test the workflow of other scenarios

    1 hour

    Input

    • Draft recovery workflow.

    Output

    • Updated draft recovery workflow.

    Materials

    • Draft recovery workflow.
    • Projector or screen.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Work from and update the soft copy of your recovery workflow.

    1. Would any steps change if the scenario changes? If yes, capture the different flow with a decision diamond. See the example Recovery Workflow for a workflow that uses decision diamonds. Identify any new gaps or risks you encounter with red and yellow cards.
    2. Make sure the decision diamonds are as generalized as possible. For example, instead of creating a separate response plan for each scenario that would require you to relocate from your existing building, create one response plan for relocation and one response plan for remaining in place.
    3. See the next section for some examples of different types of scenarios that you may include in your recovery workflow.

    Info-Tech Insight

    Remember that health and safety risks must be dealt with first in a crisis. The business unit recovery workflow will focus on restoring business operations after employees are no longer at risk (e.g. the risk has been resolved or employees have been safely relocated). See Implement Crisis Management Best Practices for ideas on how to respond to and assess a wide range of crises.

    Not all scenarios will have full continuity plans

    Risk management is a business decision. Business continuity planning can help decision makers understand and decide on whether to accept or mitigate high impact, low probability risks.

    For some organizations, it’s not practical or possible to invest in the redundancy that would be necessary to recover in a timely manner from certain major events.

    Leverage existing risk management practices to identify key high impact events that could present major business continuity challenges that could cause catastrophic disruptions to facility, IT, staffing, suppliers, or equipment. If you don’t have a risk register, review the scenarios on the next slide and brainstorm risks with the working group.

    Work through tabletop planning to identify how you might work through an event like this, at a high level. In step 3.2, you can estimate the effort, cost, and benefit for different ideas that can help mitigate the damage to the business to help decision makers choose between investment in mitigation or accepting the risk.

    Document any scenarios that you identify as outside the scope of your continuity plans in the “Scope” section of your BCP Summary document.

    For example:

    A single location manufacturing company is creating a BCP.

    The factory is large and contains expensive equipment; it’s not possible to build a second factory for redundancy. If the factory is destroyed, operations can’t be resumed until the factory is rebuilt. In this case, the BCP outlines how to conduct an orderly business shutdown while the factory is rebuilt.

    Contingency planning to resume factory operations after less destructive events, as well as a BCP for corporate services, is still practical and necessary.

    Considerations for other BCP scenarios

    Scenario Type Considerations
    Local hazard (gas leak, chemical leak, criminal incident, etc.)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually. “Work from home” won’t be a long-term solution.
    • An alternate site is required for service continuity. Can be within normal commuting distance.
    Equipment/building damage (fire, roof collapse, etc.)
    • Equipment will need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity. Can be nearby.
    Regional natural disasters
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site is required for service continuity.
    Supplier failure (IT provider outage, disaster at supplier, etc.)
    • Service-level agreements are important to establish recovery timelines. Review contracts and master services agreements.
    Staff (lottery win, work stoppage, pandemic/quarantine)
    • Staff are suddenly unavailable. Expect that no warm handoff to alternates is possible and that time to ramp up on the process is accounted for.
    • In a pandemic scenario, work from home, remote toolsets, and digital/contactless workflows become critical.

    Step 3.2

    Identify and prioritize projects to close gaps

    This step will walk you through the following activities:

    • Brainstorm solutions to identified gaps and risks.
    • Prioritize projects and action items to close gaps and risks.
    • Assess the impact of proposed projects on the recovery workflow.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify and prioritize projects and action items that can improve business continuity capabilities.

    3.2.1 Brainstorm solutions to address risks and gaps

    1 hour

    Input

    • Draft recovery workflow.
    • Known continuity risks and gaps.

    Output

    • Ideas for action items and projects to improve business continuity.

    Materials

    • Flipchart

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip chart paper. The solutions can range from quick-wins and action items to major capital investments. The following slides can help you seed ideas to support brainstorming and idea generation.

    Info-Tech Best Practice

    Try to avoid debates about feasibility at this point. The goal is to get ideas on the board.

    When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution – other ideas can expand on it and improve it.

    Step 4: No formal process to declare a disaster and invoke business continuity.

    Step 7: Alternate site could be affected by the same regional event as the main office.

    Step 12: Need to confirm supplier service-level agreements (SLAs).

    1. Continue to create BCP documentation.
    2. Identify a third location for regional disasters.
    3. Contact suppliers to confirm SLAs and validate alignment with RTOs/RPOs.
    4. Add BCP requirements collection to service procurement process?

    Discuss your remote work capabilities

    With COVID-19, most organizations have experience with mass work-from-home.

    Review the following case studies. Do they reflect your experience during the COVID-19 pandemic?

    Unacceptable risk

    • A small insurance company provided laptops to staff so they could work remotely.
    • Complication: Cheque and print stock is a dependency and no plan was made to store check stock offsite in a secure fashion.

    Key dependencies missing

    • A local government provided laptops to key staff so they could work remotely.
    • Complication: The organization didn’t currently own enough Citrix licenses for every user to be online concurrently.

    Unable to serve customers

    • The attestation and land services department of a local government agency provided staff with remote access to key apps.
    • Complication: Their most critical business processes were designed to be in-person – they had no plan to execute these processes from home.

    Consider where your own work-from-home plans fell short.

    • Were your collaboration and communication solutions too difficult for users to use effectively?
    • Did legacy infrastructure affect performance or limit capabilities? Were security concerns appropriately addressed?
    • What challenges did IT face supporting business users on break-fix and new requests?
    • Were there logistical needs (shipping/receiving, etc.) that weren’t met?
    • Develop an updated plan to support work-from-home using Info-Tech’s BCP Relocation Checklists and Home Office Survey template, and integrate these into your overall BCP documentation. Stakeholders can easily appreciate the value of this plan since it’s relevant to recent experience.

    Identify opportunities to improve continuity plans

    What gaps in your continuity response could be addressed with better planning?

    People

    • Alternates are not identified
    • Roles in a disaster are not formalized
    • No internal/external crisis comm. strategy

    Site & Facilities

    • No alternate place of business or command center identified
    • No formal planning or exercises to test alternate site viability

    • Identify a viable secondary site and/or work-from-home plan, and develop a schedule for testing activities. Review in Step 3.3 of the Develop a Business Continuity Plan blueprint.

    External Services & Suppliers

    • Contingency plans for a disruption not planned or formalized
    • No formal review of service-level agreements (SLAs)

    • Contact key suppliers and vendors to establish SLAs, and ensure they meet requirements.
    • Review supplier continuity plans.

    Technology & Physical Assets

    • No secondary site or redundancy for critical IT systems
    • No documented end-to-end IT DR plan

    Tool: BCP Project Roadmap

    Prioritize and visualize BCP projects to present options to decision makers.

    Not all BCP projects can be tackled at once. Enable decision makers to defer, rather than outright reject, projects that aren’t feasible at this time.

    1. Configure the tool in Tab 1. Setup. Adjust criteria and definitions for criteria. Note that shaded columns are required for reporting purposes and can’t be modified.
    2. Add projects and action items in Tab 2. Data Entry. Fields highlighted in red are all required for the dashboard to populate. All other fields are optional but will provide opportunities to track more detailed data on project ideas.
    3. To generate the dashboard in Tab 3. Roadmap, open the Data ribbon and under Queries and Connections click Refresh All. You can now use the slicers on the right of the sheet.

    Download Info-Tech’s BCP Project Roadmap Tool

    Demonstrate BCP project impacts

    Illustrate the benefits of proposed projects.

    1. Review your recovery workflow.
    2. Make updates to a second copy of the high-level outline to illustrate how the business response to a disaster scenario will change once proposed projects are complete.
    • Remove steps that have been made unnecessary.
    • Remove any risks or gaps that have been mitigated or addressed.
    • Verify that proposed projects close gaps between acceptable and achievable recovery capabilities in the BIA tool.
  • The visual impact of a shorter, less-risky recovery workflow can help communicate the benefits of proposed projects to decision makers.
  • Step 3.3

    Evaluate business continuity site and command center options

    This step will walk you through the following activities:

    • Take a deep dive on the requirements for working from an alternate location.
    • Assess different options for an alternate location.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify requirements for an alternate business site.

    Tool: Relocation Checklists

    An alternate site could be another company building, a dedicated emergency operations center, or work-from-home. Use this tool to guide and prepare for any relocation exercise.

    • Coordinate your response with the pre-populated checklists in Tabs 1 & 2, identify who’s responsible for items on the checklists, and update your recovery workflows to reflect new steps. When reviewing the checklist, consider what can be done to prepare ahead of a crisis.
      • For example, you may wish to create crisis communication templates to streamline crisis communications during a disaster.
    • Calculate the effort required to provision equipment for relocated users in Tabs 3 & 4.
    • Evaluate your options for alternate sites with the requirements matrix in Tab 5. Use your evaluation to identify how the organization could address shortcomings of viable options either ahead of time or at the time of an incident.

    Download Info-Tech’s BCP Relocation Checklists

    Create a checklist of requirements for an alternate site

    Leverage the roll-up view, in tab 3, of dependencies required to create a list of requirements for an alternate site in tab 4.

    1. The table on Tab 5 of the relocation checklists is pre-populated with some common requirements. Modify or replace requirements to suit your needs for an alternate business/office site. Be sure to consider distance, transportation, needed services, accessibility, IT infrastructure, security, and seating capacity at a minimum.
    2. Don’t assume. Verify. Confirm anything that requires permissions from the site owner. What network providers have a presence in the building? Can you access the site 24/7 and conduct training exercises? What facilities and services are available? Are you guaranteed the space if needed?

    "There are horror stories about organizations that assumed things about their alternate site that they later found out they weren’t true in practice." – Dr. Bernard Jones, MBCI CBCP

    Info-Tech Insight

    If you choose a shared location as a BCP site, a regional disaster may put you in competition with other tenants for space.

    Identify a command center

    For command center and alternate worksite selection, remember that most incidents are local and short term. Identify an onsite and an offsite command center.

    1. For events where the building is not compromised, identify an onsite location, ideally with remote conferencing capabilities and planning and collaboration tools (projectors, whiteboards, flipcharts). The onsite location can also be used for BCM and crisis management meetings. Remember, most business continuity events are not regional or massively destructive.
    2. For the offsite command center, select a location that is sufficiently far away from your normal business location to maintain separation from local incidents while minimizing commute time. However, consider a geographically distant option (e.g. more than 50 miles away) identified for those scenarios where it is a regional disaster, or plan to leverage online tools to create a virtual command center (see the Insight box below).
    3. The first members of the Emergency Response Team to be notified of the incident will determine which location to use or whether a third alternative is required.

    Info-Tech Insight

    For many organizations, a dedicated command center (TVs on the wall, maps and charts in filing cabinets) isn’t necessary. A conference bridge and collaboration tools allowing everyone to work remotely can be an acceptable offsite command center as long as digital options can meet your command center requirements.

    Create a plan for a return to normal

    Operating in continuity mode for an extended period of time tends to result in higher costs and reduced business capabilities. It’s important to restore normal operations as soon as possible.

    Advance planning can minimize risks and delays in returning to normal operations.

    Leverage the methodology and tools in this blueprint to define your return to normal (repatriation) procedures:

    1. Repeat the tabletop planning exercise to determine the repatriation steps and potential gaps. How will you return to the primary site from your alternate site? Does data need to be re-entered into core systems if IT services are down? Do you need to transfer job duties back to primary staff?
    2. What needs to be done to address the gaps in the return to normal workflow? Are there projects or action items that could make return to normal easier?

    For more on supporting a business move back to the office from the IT perspective, see Responsibly Resume IT Operations in the Office

    Potential business impacts of ongoing operations at a failover site

    • The cost of leasing alternate business worksites.
    • Inability to deliver on strategic initiatives while in emergency/interim operations mode, resulting in lost business opportunities.
    • A growing backlog of work that falls outside of emergency operations mode.
    • Travel and accommodation costs if the alternate site is geographically remote.
    • Additional vendor licensing and contract costs.

    Phase 4

    Extend the Results of the Pilot BCP and Implement Governance

    Phase 4

    4.1 Consolidate BCP pilot insights to support an overall BCP project plan

    4.2 Outline a business continuity management (BCM) program

    4.3 Test and maintain your BCP

    Insights & Outcomes

    Summarize and consolidate your initial insights and documentation. Create a project plan for overall BCP. Identify teams, responsibilities, and accountabilities, and assign documentation ownership. Integrate BCP findings in DR and crisis management practices. Set guidelines for testing, plan maintenance, training, and awareness.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    Step 4.1

    Consolidate BCP pilot insights to support an overall BCP project plan

    This step will walk you through the following activities:

    • Summarize and consolidate outputs and key insights from the BCP pilot.
    • Identify outputs from the pilot that can be re-used for the overall BCP.
    • Create a project charter for an overall BCP.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Present results from the pilot BCP, and outline how you’ll use the pilot process with other business units to create an overall continuity program.

    Structure the overall BCP program.

    Template: BCP Pilot Results Presentation

    Highlight key findings from the BCP pilot to make the case for next steps.

    • Highlight critical gaps or risks identified, any potential process improvements, and progress made toward improving overall BCP maturity through the pilot project. Summarize the benefits of the pilot project for an executive audience.
    • Review process recovery objectives (RTO/RPO). Provide an overview of recovery capabilities (RTA/RPA). Highlight any significant gaps between objectives and capabilities.
    • Propose next steps, including an overall BCP project and program, and projects and action items to remediate gaps and risks.
    • Develop a project plan to estimate resource requirements for an overall BCP project prior to delivering this presentation. Quantifying required time and resources is a key outcome as it enables the remaining business units to properly scope and resource their BCP development activities and can help managers overcome the fear of the unknown.

    Download Info-Tech’s BCP Pilot Results Presentation

    Tool: BCP Summary

    Sum up information from completed BCP documents to create a high-level BCP overview for auditors and executives.

    The BCP Summary document is the capstone to business unit continuity planning exercises. It consolidates your findings in a short overview of your business continuity requirements, capabilities, and maintenance procedures.

    Info-Tech recommends embedding hyperlinks within the Summary to the rest of your BCP documentation to allow the reader to drill down further as needed. Leverage the following documents:

    • Business Impact Analysis
    • BCP Recovery Workflows
    • Business Process Workflows
    • BCP Project Roadmap
    • BCP Relocation Checklists
    • Business Continuity Policy

    Download Info-Tech’s BCP Summary Document

    Reuse templates for additional exercises

    The same methodology described in this blueprint can be repeated for each business unit. Also, many of the artifacts from the BCP pilot can be reused or built upon to give the remaining business units a head start. For example:

    • BCP Pilot Project Charter Template. Make a copy to use as a base for the next business unit’s BCP project charter, and update the stakeholders/roles and milestone dates. The rest of the content can remain the same in most cases.
    • BCP Reference Workbook. This tool contains information common to all business units and can be updated as needed.
    • BCP Business Impact Analysis Tool. You may need to start a separate copy for each business unit to allow enough space to capture all business processes. However, use the same scoring scale to drive consistent assessments. In addition, the scoring completed by the pilot business unit provides an example and benchmark for assessing other business processes.
    • BCP Recovery Workflow. The notification, assessment, and declaration steps can be standardized so remaining business units can focus primarily on recovery after a disaster is declared. Similarly, many of the steps related to alternate sites and IT workarounds will also apply to other business units.
    • BCP Project Roadmap Tool. Many of the projects identified by the pilot business unit will also apply to other business units – update the list as needed.
    • The Business Unit BCP Prioritization Tool, BCP Executive Presentation, and Business Continuity Policy Template do not need to be updated for each business unit.

    Info-Tech Best Practice

    You may need to create some artifacts that are site specific. For example, relocation plans or emergency plans may not be reusable from one site to another. Use your judgement to reuse as much of the templates as you can – similar templates simplify audit, oversight, and plan management.

    Create an Overall BCP Project Charter

    Modify the pilot project charter to encompass the larger BCP project.

    Adjust the pilot charter to answer the following questions:

    • How much time and effort should the rest of the project take, based on findings from the pilot? When do you expect to meet certain milestones? What outputs and outcomes are expected?
    • In what order should additional business units complete their BCP? Who needs to be involved?
    • What projects to address continuity gaps were identified during the pilot? What investments will likely be required?
    • What additional documentation is required? This section and the appendix include templates to document your BCM Policy, Teams & Contacts, your notification procedures, and more.
    • How does this integrate with the other areas of business resilience and continuity (IT disaster recovery planning and crisis management planning)?
    • What additional activities, such as testing, are required?

    Prioritize business units for further BCP activities.

    As with the pilot, choose a business unit, or business units, where BCP will have the greatest impact and where further BCP activities will have the greatest likelihood of success. Prioritize business units that are critical to many areas of the business to get key results sooner.

    Work with one business unit at a time if:

    • Required resources from the business unit are available to focus on BCP full-time over a short period (one to two weeks).
    • More hands-on guidance (less delegation) is needed.
    • The business unit is large or has complex processes.

    Work with several business units at the same time if:

    • Required resources are only available sporadically over a longer period of time.
    • Less guidance (more delegation) is possible.
    • All business units are small and have well-documented processes.

    Download Info-Tech’s Business Unit BCP Prioritization Tool

    Step 4.2

    Outline a Business Continuity Management (BCM) Program

    This step will walk you through the following activities:

    • Identify teams and roles for BCP and business continuity management.
    • Identify individuals to fill key roles.

    This step involves the following participants:

    • BCP Coordinator
    • Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Document BCP teams, roles, and responsibilities.

    Document contact information, alternates, and succession rules.

    Outline a Business Continuity Management Program

    A BCM program, also known as a BCM system, helps structure business continuity activities and practices to deliver long-term benefits to your business.

    A BCM program should:

    • Establish who is responsible and accountable for BCP practices, activities, and documentation, and set documentation management practices.
    • Define a process to improve plans. Review and update continuity requirements, suggest enhancements to recovery capabilities, and measure progress and improvements to the plan over time.
    • Coordinate disaster recovery, business continuity, and crisis management planning outputs and practices.
    • Communicate the value of the continuity program to the organization.

    Develop a Business Continuity Management Program

    Phase 4 of this blueprint will focus on the following elements of a business continuity management program:

    • BCM Roles, Responsibilities, and Accountabilities
    • BCM Document Management Practices
    • Integrate BC, IT DR, Crisis Management, and Emergency Management
    • Business Continuity Plan maintenance and testing
    • Training and awareness

    Schedule a call with an Info-Tech Analyst for help building out these core elements, and for advice on developing the rest of your BCM program.

    Create BCM teams

    Include a mix of strong leaders and strong planners on your BC management teams.

    BC management teams (including the secondary teams such as the emergency response team) have two primary roles:

    1. Preparation, Planning, and Governance: Conduct and consolidate business impact analyses. Review, and support the development of recovery workflows, including emergency response plans and business unit recovery workflows. Organize testing and training. Report on the state of the continuity plan.
    2. Leadership During a Crisis: Coordinate and support the execution of business recovery processes. To meet these goals, each team needs a mix of skill sets.

    Crisis leaders require strong crisis management skills:

    • Ability to make quick decisions under pressure with incomplete information.
    • Excellent verbal communication skills.
    • Strong leadership skills. Calm in stressful situations.
    • Team leaders are ideally, but not necessarily, those with the most senior title on each team. It’s more important that the team leader has the appropriate skill set.

    Collectively, the team must include a broad range of expertise as well as strong planning skills:

    • Diverse expertise to be able to plan for and respond to a wide range of potential incidents, from health and safety to reputational damage.
    • Excellent organizational skills and attention to detail.
    • Excellent written communication skills.

    Note: For specific BC team roles and responsibilities, including key resources such as Legal, HR, and IT SMEs required to prepare for and execute crisis management plans, see Implement Crisis Management Best Practices.

    Structure the BCM Team

    Create a hierarchy of teams to govern and coordinate business continuity planning and crisis management.

    BCM Team: Govern business continuity, DR, and crisis management planning. Support the organization’s response to a crisis, including the decision to declare a disaster or emergency.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    IT Disaster Recovery Team: Manage the recovery of IT services and data following an incident. Develop and maintain the IT DRP.

    Business Unit BCP Teams: Coordinate business process recovery at the business unit level. Develop and maintain business unit BCPs.

    “Planning Mode”

    Executive Team → BC Management Team ↓

    • Emergency Response Teams (ERT)
    • Crisis Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    “Crisis Mode”

    Executive Team ↔Crisis Management Team↓ ↔ Emergency Response Teams (ERT)

    • BC Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    For more details on specific roles to include on these teams, as well as more information on crisis management, review Info-Tech’s blueprint, Implement Crisis Management Best Practices.

    Tool: BCM Teams, Roles, Contacts, and Vendors

    Track teams, roles, and contacts in this template. It is pre-populated with roles and responsibilities for business continuity, crisis management, IT disaster recovery, emergency response, and vendors and suppliers critical to business operations.

    • Expect overlap across teams. For example, the BC Management Team will include representation from each secondary team to ensure plans are in sync. Similarly, both the Crisis Communication Team and BC Management Team should include a representative from your legal team to ensure legal issues are considered in communications as well as overall crisis management.
    • Clarify spending and decision authority for key members of each team during a crisis.

    Track contact information in this template only if you don’t have a more streamlined way of tracking it elsewhere.

    Download Info-Tech’s Business Continuity Teams and Roles Tool

    Manage key vendors

    Review supplier capabilities and contracts to ensure they meet your requirements.

    Suppliers and vendors might include:

    • Material shipments
    • IT/telecoms service providers
    • Integrators and business process outsourcing providers
    • Independent contractors
    • Utilities (power, water, etc.)

    Supplier RTOs and RPOs should align with the acceptable RTOs and RPOs defined in the BIA. Where they do not, explore options for improvement.

    Confirm the following:

    1. The supplier’s own BC/DR capabilities – how they would recover their own operations in a disaster scenario.
    2. Any continuity services the supplier provides – how they can help you recover your operations in a disaster scenario.
    3. Their existing contractual obligations for service availability (e.g. SLAs).

    Download Info-Tech’s BCP Supplier Evaluation Questionnaire

    Organize your BCMS documentation

    Your BCP isn’t any one document. It’s multiple documents that work together.

    Continue to work through any additional required documentation. Build a repository where master copies of each document will reside and can be updated as required. Assign ownership of document management to someone with an understanding of the process (e.g. the BCP Coordinator).

    Governance Recovery
    BCMS Policy BCP Summary Core BCP Recovery Workflows
    Business Process Workflows Action Items & Project Roadmap BCP Recovery Checklists
    BIA Teams, Roles, Contact Information BCP Business Process Workarounds and Recovery Checklists
    BCP Maturity Scorecard BCP Project Charter Additional Recovery Workflows
    Business Unit Prioritization Tool BCP Presentation

    Info-Tech Best Practice

    Recovery documentation has a different audience, purpose, and lifecycle than governance documentation, and keeping the documents separate can help with content management. Disciplined document management keeps the plan current and accessible.

    Align your IT DRP with your BCP

    Use the following BCP outputs to inform your DRP:

    • Business process technology dependencies. This includes technology not controlled by IT (e.g. cloud-based services).
    • RTOs and RPOs for business processes.
    • Technology projects identified by the business to improve resilience (e.g. improved mobility support).
    PCP Outputs DRP Activities
    Business processes defined Identify critical applications

    Dependencies identified:

    • People
    • Enterprise tech
    • Personal devices
    • Workspace and facilities
    • Services and other inputs

    Identify IT dependencies:

    • Infrastructure
    • Secondary applications

    Recovery objectives defined:

    • BIA and RTOs/RPOs
    • Recovery workflows

    Identify recovery objectives:

    • BIA and RTOs/RPOs
    • IT Recovery workflows

    Projects identified to close gaps:

    • Resourcing changes (e.g. training secondary staff)
    • Process changes (e.g. optimize processes and define interim processes)
    • Technology changes (e.g. improving mobility)

    Identify projects to close gaps:

    • Projects to improve DR capability (e.g. data replication, standby systems).
    • Projects to improve resiliency (e.g. redundant components)

    Info-Tech Insight

    Don’t think of inconsistencies between your DRP and BCP as a problem. Discrepancies between the plans are part of the discovery process, and they’re an opportunity to have a conversation that can improve alignment between IT service capabilities and business needs. You should expect that there will be discrepancies – managing discrepancies is part of the ongoing process to refine and improve both plans.

    Schedule activities to keep BC and DR in sync

    BC/DR Planning Workflow

    1. Collect BCP outputs that impact IT DRP (e.g. technology RTOs/RPOs).

    2. As BCPs are done, BCP Coordinator reviews outputs with IT DRP Management Team.

    3. Use the RTOs/RPOs from the BCPs as a starting point to determine IT recovery plans.

    4. Identify investments required to meet business-defined RTOs/RPOs, and validate with the business.

    5. Create a DR technology roadmap to meet validated RTOs/RPOs.

    6. Review and update business unit BCPs to reflect updated RTOs/RPOs.

    Find and address shadow IT

    Reviewing business processes and dependencies can identify workarounds or shadow IT solutions that weren’t visible to IT and haven’t been included in IT’s DR plan.

    • If you identify technology process dependencies that IT didn’t know about, it can be an opportunity to start a conversation about service support. This can be a “teachable moment” to highlight the risks of adopting and implementing technology solutions without consulting IT.
    • Highlight the possible impact of using technology services that aren’t supported by IT. For example:
      • RTOs and RPOs may not be in line with business requirements.
      • Costs could be higher than supported solutions.
      • Security controls may not be in line with compliance requirements.
      • IT may not be able to offer support when the service breaks or build new features or functionality that might be required in the future.
    • Make sure that if IT is expected to support shadow IT solutions, these systems are included in the IT DRP and that the risks and costs of supporting the non-core solution are clear to all parties and are compared to an alternative, IT-recommended solutions.

    Shadow IT can be a symptom of larger service support issues. There should be a process for requesting and tracking non-standard services from IT with appropriate technical, security, and management oversight.

    Review and reprioritize BC projects to create an overall BC project roadmap

    Assign the BCP Coordinator the task of creating a master list of BC projects, and then work with the BC management team to review and reprioritize this list, as described below:

    1. Build a list of BC projects as you work with each business unit.
      1. Add proposed projects to a master copy of the BCP Project Roadmap Tool
      2. For each subsequent business unit, copy project names, scoring, and timelines into the master roadmap tool.
    2. Work with the Executive Sponsor, the IT BCM representative, and the BCM team to review and reprioritize projects.
      1. In the master BCP Project Roadmap Tool, review and update project scoring, taking into account the relative importance of each project within the overall list. Rationalize the list (e.g. eliminate duplicate projects).
    3. The project roadmap is a suggested list of projects at this stage. Assign a project sponsor and project manager (from the BC management team or appropriate delegates) to each project to take it through your organization’s normal project scoping and approval process.

    Improving business continuity capabilities is a marathon, not a sprint. Change for the better is still change and introduces risk – massive changes introduce massive risk. Incremental changes help minimize disruption. Use Info-Tech research to deliver organizational change.

    "Developing a BCP can be like solving a Rubik’s Cube. It’s a complex, interdepartmental concern with multiple and sometimes conflicting objectives. When you have one side in place, another gets pushed out of alignment." – Ray Mach, BCP Expert

    Step 4.3

    Test and maintain your BCP

    This step will walk you through the following activities:

    • Create additional documentation to support your business continuity plan.
    • Create a repository for documentation, and assign ownership for BCP documentation.

    This step involves the following participants:

    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Create a plan to maintain the BCP.

    Iterate on your plan

    Tend your garden, and pull the weeds.

    Mastery comes through practice and iteration. Iterating on and testing your plan will help you keep up to date with business changes, identify plan improvements, and help your organization’s employees develop a mindset of continuity readiness. Maintenance drives continued success; don’t let your plan become stagnant, messy, and unusable.

    Your BCM program should structure BCP reviews and updates by answering the following:

    1. When do we review the plan?
    2. What are the goals of a review?
    3. Who must lead reviews and update BCP documents?
    4. How do we track reviews, tests, and updates?

    Structure plan reviews

    There are more opportunities for improvements than just planned reviews.

    At a minimum, review goals should include:

    1. Identify and document changes to BCP requirements.
    2. Identify and document changes to BCP capabilities.
    3. Identify gaps and risks and ways to remediate risks and close gaps.

    Who leads reviews and updates documents?

    The BCP Coordinator is likely heavily involved in facilitating reviews and updating documentation, at least at first. Look for opportunities to hand off document ownership to the business units over time.

    How do we track reviews, tests, and updates?

    Keep track of your good work by keeping a log of document changes. If you don’t have one, you can use the last tab on the BCP-DRP Maintenance Checklist.

    When do we review the plan?

    1. Scheduled reviews: At a minimum, plan reviews once a year. Plan owners should review the documents, identify needed updates, and notify the coordinator of any changes to their plan.
    2. As-needed reviews: Project launches, major IT upgrades, office openings or moves, organizational restructuring – all of these should trigger a BCP review.
    3. Testing exercises: Schedule controlled exercises to test and improve different aspects of your continuity plan, and ensure that lessons learned become part of plan documentation.
    4. Retrospectives: Take the opportunity to learn from actual continuity events and crises by conducting retrospectives to evaluate your response and brainstorm improvements.

    Conduct a retrospective after major incidents

    Use a retrospective on your COVID-19 response as a starting point. Build on the questions below to guide the conversation.

    • If needed, how did we set up remote work for our users? What worked, and what didn’t?
    • Did we discover any long-term opportunities to improve business processes?
    • Did we use any continuity plans we have documented?
    • Did we effectively prioritize business processes for recovery?
    • Were expectations from our business users in line with our plans?
    • What parts of our plan worked, and where can we improve the plan?
    1. Gather stakeholders and team members
    2. Ask:
      1. What happened?
      2. What did we learn?
      3. What did we do well?
      4. What should we have done differently?
      5. What gaps should we take action to address?
    3. Prepare a plan to take action

    Outcomes and benefits

    • Confirm business priorities.
    • Validate that business recovery solutions and procedures are effective in meeting business requirements (i.e. RTOs and RPOs).
    • Identify gaps in continuity resources, procedures, or documentation, and options to close gaps.
    • Build confidence in the response team and recovery capabilities.

    Tool: Testing and Maintenance Schedule

    Build a light-weight maintenance schedule for your BCP and DRP plans.

    This tool helps you set a schedule for plan update activities, identify document and exercise owners, and log updates for audit and governance purposes.

    • Add the names of your documents and brainstorm update activities.
    • Activities (document updates, testing, etc.) might be scheduled regularly, as-needed, or both. If they happen “as needed,” identify the trigger for the activity.
    • Start tracking past activities and resulting changes in Tab 3. You can also track crises that tested your continuity capabilities on this tab.

    Info-Tech Insight

    Everyone gets busy. If there’s a meeting you can schedule months in advance, schedule it months in advance! Then send reminders closer to the date. As soon as you’re done the pilot BCP, set aside time in everyone’s calendar for your first review session, whether that’s three months, six months, or a year from now.

    Appendix

    Additional BCP Tools and Templates

    Template Library: Business Continuity Policy

    Create a high-level policy to govern BCP and clarify BCP requirements.

    Use this template to:

    • Outline the organizational commitment to BCM.
    • Clarify the mandate to prepare, validate, and maintain continuity plans that align with business requirements.
    • Define specific policy statements that signatories to the policy are expected to uphold.
    • Require key stakeholders to review and sign off on the template.

    Download Info-Tech’s Business Continuity Policy template

    Template Library: Workarounds & Recovery Checklists

    Capture the step-by-step details to execute workarounds and steps in the business recovery process.

    If you require more detail to support your recovery procedures, you can use this template to:

    • Record specific steps or checklists to support specific workarounds or recovery procedures.
    • Identify prerequisites for workarounds or recovery procedures.

    Download Info-Tech’s BCP Process Workarounds & Recovery Checklists Template

    Template Library: Notification, Assessment, Declaration

    Create a procedure that outlines the conditions for assessing a disaster situation and invoking the business continuity plan.

    Use this template to:

    • Guide the process whereby the business is notified of an incident, assesses the situation, and declares a disaster.
    • Set criteria for activating business continuity plans.
    • Review examples of possible events, and suggest options on how the business might proceed or react.

    Download Info-Tech’s BCP Notification, Assessment, and Disaster Declaration Plan template

    Template Library: BCP Recovery Workflow Example

    Review an example of BCP recovery workflows.

    Use this template to:

    • Generate ideas for your own recovery processes.
    • See real examples of recovery processes for warehousing, supply, and distribution operations.
    • Review an example of working BCP documentation.

    Download Info-Tech’s BCP Recovery Workflows Example

    Create a Pandemic Response Plan

    If you’ve been asked to build a pandemic-specific response plan, use your core BCP findings to complete these pandemic planning documents.

    • At the onset of the COVID-19 crisis, IT departments were asked to rapidly ramp up work-from-home capabilities and support other process workarounds.
    • IT managers already knew that obstacles to working from home would go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needed to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Workarounds to speed the process up had to be balanced with good IT practices and governance (Asset Management, Security, etc.)
    • If you’ve been asked to update your Pandemic Response Plan, use this template and your core BCP deliverables to deliver a set of streamlined documentation that draws on lessons learned from the COVID-19 pandemic.

    Structure HR’s role in the pandemic plan

    Leverage the following materials from Info-Tech’s HR-focused sister company, McLean & Company.

    These HR research resources live on the website of Info-Tech’s sister company, McLean & Company. Contact your Account Manager to gain access to these resources.

    Summary of Accomplishment

    Knowledge Gained

    This blueprint outlined:

    • The streamlined approach to BCP development.
    • A BIA process to identify acceptable, appropriate recovery objectives.
    • Tabletop planning exercises to document and validate business recovery procedures.

    Processes Optimized

    • Business continuity development processes were optimized, from business impact analysis to incident response planning.
    • In addition, pilot business unit processes were identified and clarified to support BCP development, which also provided the opportunity to review and optimize those processes.

    Key Deliverables Completed

    • Core BCP deliverables for the pilot business unit, including a business impact analysis, recovery workflows, and a project roadmap.
    • BCP Executive Presentation to communicate pilot results as well as a summary of the methodology to the executive team.
    • BCP Summary to provide a high-level view of BCP scope, objectives, capabilities, and requirements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Dr. Bernard A. Jones, MBCI, CBCP

    Professor and Continuity Consultant Berkeley College

    Dr. Jones is a professor at Berkeley College within the School of Professional Studies teaching courses in Homeland Security and Emergency Management. He is a member of the National Board of Directors for the Association of Continuity Professionals (ACP) as well as the Information & Publications Committee Chair for the Garden State Chapter of the ACP. Dr. Jones earned a doctorate degree in Civil Security Leadership, Management & Policy from New Jersey City University where his research focus was on organizational resilience.

    Kris L. Roberson

    Disaster Recovery Analyst Veterans United Home Loans

    Kris Roberson is the Disaster Recovery Analyst for Veterans United Home Loans, the #1 VA mortgage lender in the US. Kris oversees the development and maintenance of the Veterans United Home Loans DR program and leads the business continuity program. She is responsible for determining the broader strategies for DR testing and continuity planning, as well as the implementation of disaster recovery and business continuity technologies, vendors, and services. Kris holds a Masters of Strategic Leadership with a focus on organizational change management and a Bachelors in Music. She is a member of Infragard, the National Association of Professional Women, and Sigma Alpha Iota, and holds a Project+ certification.

    Trevor Butler

    General Manager of Information Technology City of Lethbridge

    As the General Manager of Information Technology with the City of Lethbridge, Trevor is accountable for providing strategic management and advancement of the city’s information technology and communications systems consistent with the goals and priorities of the corporation while ensuring that corporate risks are appropriately managed. He has 15+ years of progressive IT leadership experience, including 10+ years with public sector organizations. He holds a B.Mgt. and PMP certification along with masters certificates in both Project Management and Business Analysis.

    Robert Miller

    Information Services Director Witt/Kieffer

    Bob Miller is the Information Services Director at Witt/Kieffer. His department provides end-user support for all company-owned devices and software for Oak Brook, the regional offices, home offices, and traveling employees. The department purchases, implements, manages, and monitors the infrastructure, which includes web hosting, networks, wireless solutions, cell phones, servers, and file storage. Bob is also responsible for the firm’s security planning, capacity planning, and business continuity and disaster preparedness planning to ensure that the firm has functional technology to conduct business and continue business growth.

    Related Info-Tech Research

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Select the Optimal Disaster Recovery Deployment Model

    Determine which deployment models, including hybrid solutions, best meet your DR requirements.

    Bibliography

    “Business Continuity Planning.” IT Examination HandBook. The Federal Financial Institution Examination Council (FFIEC), February 2015. Web.

    “Business Continuity Plans and Emergency Contact Information.” FINRA, 12 February 2015. Web.

    “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT.” ISACA, n.d. Web.

    Disaster Resource GUIDE. Emergency Lifeline Corporation, n.d. Web.

    “DR Rules & Regulations.” Disaster Recovery Journal, March 2017. Web.

    “Federal Information Security Management Act (FISMA).” Homeland Security, 2014. Web.

    FEMA. “Planning & Templates.” FEMA, n.d. Web.

    “FINRA-SEC-CFTC Joint Advisory (Regulatory Notice 13-25).” FINRA, August 2013. Web.

    Gosling, Mel and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 24 April 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, 2016. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup – Part Two.” RSA Link, 28 August 2012. Web.

    The Good Practice Guidelines. Business Continuity Institute, 2013. Web.

    Wang, Dashun and James A. Evans. “When Small Teams are Better than Big Ones.” Harvard Business Review, 21 February 2019. Web.

    Prototype With an Innovation Design Sprint

    • Buy Link or Shortcode: {j2store}90|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The business has a mandate for IT-led innovation.
    • IT doesn’t have the budget it wants for high-risk, high-reward initiatives.
    • Many innovation projects have failed in the past.
    • Many projects that have moved through the approval process failed to meet their expectations.

    Our Advice

    Critical Insight

    • Don’t let perfect be the enemy of good. Think like a start-up and use experimentation and rapid re-iteration to get your innovative ideas off the ground.

    Impact and Result

    • Build and test a prototype in four days using Info-Tech’s Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.
    • Learn techniques for socializing and selling your ideas to business stakeholders.
    • Refine your prototype through rapid iteration and user-experience testing.
    • Socialize design thinking culture, tactics, and methods with the business.

    Prototype With an Innovation Design Sprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should evaluate your ideas using a design sprint, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand and ideate

    Define the problem and start ideating potential solutions.

    • Prototype With an Innovation Design Sprint – Day 1: Understand and Ideate
    • Prototyping Workbook

    2. Divide and conquer

    Split off into prototyping teams to build and test the first-iteration prototypes

    • Prototype With an Innovation Design Sprint – Day 2: Divide and Conquer
    • Research Study Log Tool

    3. Unite and integrate

    Integrate the best ideas from the first iterations and come up with a team solution to the problem.

    • Prototype With an Innovation Design Sprint – Day 3: Unite and Integrate
    • Prototype One Pager

    4. Build and sell

    Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.

    • Prototype With an Innovation Design Sprint – Day 4: Build and Sell
    [infographic]

    Workshop: Prototype With an Innovation Design Sprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand and Ideate

    The Purpose

    Align the team around a well-defined business problem and start ideating solutions.

    Key Benefits Achieved

    Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.

    Activities

    1.1 Frame the problem.

    1.2 Develop evaluation criteria.

    1.3 Diverge and converge.

    Outputs

    Problem statement(s)

    Evaluation criteria

    Ideated solutions

    2 Divide and Conquer

    The Purpose

    Break off into teams to try and develop solutions that address the problem in unique ways.

    Key Benefits Achieved

    Develop and test a first-iteration prototype.

    Activities

    2.1 Design first prototypes in teams.

    2.2 Conduct UX testing.

    Outputs

    First-iteration prototypes

    User feedback and data

    3 Unite and Integrate

    The Purpose

    Bring the team back together to develop a team vision of the final prototype.

    Key Benefits Achieved

    Integrated, second-iteration prototype.

    Activities

    3.1 Create and deliver prototype pitches.

    3.2 Integrate prototypes.

    Outputs

    Prototype practice pitches

    Second-iteration prototype

    4 Build and Sell

    The Purpose

    Build and test the second prototype and prepare to sell it to business executives.

    Key Benefits Achieved

    Second-iteration prototype and a budget pitch.

    Activities

    4.1 Conduct second round of UX testing.

    4.2 Create one pager and budget pitch.

    Outputs

    User feedback and data

    Prototype one pager and budget pitch

    COVID-19 Work Status Tracking Guide

    • Buy Link or Shortcode: {j2store}594|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Keeping track of the multiple and frequently changing work arrangements on your team.
    • Ensuring you have a fast and easy way to keep an up-to-date record of where and how employees are working.

    Our Advice

    Critical Insight

    • During these critical times, keeping track of employees’ work status doesn’t have to be complicated – the right tool is one that does the job.
    • Keeping track of your employees is a health and safety issue – deployed well, it is an aid in keeping the business running and an additional communication channel, not a sign of lack of trust.

    Impact and Result

    • An Excel spreadsheet is all you need to ensure you have a way to record work arrangements that can change by the day.
    • An easy-to-use tool means minimal administrative overhead to ensuring you have this critical information at hand.

    COVID-19 Work Status Tracking Guide Research & Tools

    Start here – read the Work Status Tracking Guide

    Read our recommendations and use the accompanying tool to quickly get a handle on your team’s work arrangements.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • COVID-19 Work Status Tracking Guide Storyboard
    • COVID-19 Work Status Tracking Tool
    [infographic]

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk

    • Buy Link or Shortcode: {j2store}141|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • IBM customers want to make effective use of their paid-up licenses to avoid overspending and stay compliant with agreements.
    • Each IBM software product is subject to different rules.
    • Clients control and have responsibility for aligning usage and payments. Over time, the usage of the software may be out of sync with what the client has paid for, resulting in either overspending or violation of the licensing agreement.
    • IBM audits software usage in order to generate revenue from non-compliant customers.

    Our Advice

    Critical Insight

    • You have a lot of work to do if you haven’t been paying attention to your IBM software.
    • Focus on needs first. Conduct and document a thorough requirements assessment. Well-documented needs will be your core asset in negotiation.
    • Know what’s in IBM’s terms and conditions. Failure to understand these can lead to major penalties after an audit.
    • Review your agreements and entitlements quarterly. IBM may have changed the rules, and you have almost certainly changed your usage.

    Impact and Result

    • Establish clear licensing requirements.
    • Maintain an effective process for managing your IBM license usage and compliance.
    • Identify any cost-reduction opportunities.
    • Prepare for penalty-free IBM audits.

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you need to invest effort in managing usage and licensing of your IBM software.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review terms and conditions for your IT contract

    Use Info-Tech’s licensing best practices to avoid the common mistakes of overspending on IBM licensing or failing an IBM audit.

    • IBM Passport Advantage Software RFQ Template
    • IBM 3-Year Bundled Price Analysis Tool
    [infographic]

    Requirements Gathering

    • Buy Link or Shortcode: {j2store}49|cart{/j2store}
    • Related Products: {j2store}49|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $33,901
    • member rating average days saved: 23
    • Parent Category Name: Project Portfolio Management and Projects
    • Parent Category Link: /ppm-and-projects

    The challenge

    • The number reason projects fail because from the outset, what people wanted was not clear.
    • Without proper due diligence, IT will deliver projects that fail to meet business expectations and fail to provide business value.
    • If you failed to accurately capture the needs and desires, your projects are set up for costly rework. That will hurt your business's financial performance and result in damage to your relationship with your business partners.
    • Even with requirements gathering processes in place, your business analysts may not have the required competencies to execute them.

    Our advice

    Insight

    • You need to gather requirements with your organizations' end-state in mind. That requires IT and business alignment.
    • You would be good to create a set of standard operating procedures around requirements gathering. But many companies fail to do so.
    • Bring standardization and conformity to your requirements gathering processes via a centralized center of excellence. That brings cohesion and uniformity to your practice.
    • It is critical that your business analysts have the necessary competencies to execute your processes and that they ask the right questions.

    Impact and results 

    • Better requirements analysis will result in shorter cycle timed and reduced project rework and overhead.
    • You will enjoy better relationships with your business partners, greater stakeholder satisfaction, and gradually a better standing of IT.
    • Most importantly, the applications and systems you deliver will contain all must-haves and some nice-to-haves. Your minimal viable deliverable will start to create business value immediately.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should invest in optimizing requirements gathering in your company. We show you how we can support you.

    Build the target state

    Fully understand the target needs of the requirements gathering process.

    • Build a Strong Approach to Business Requirements Gathering – Phase 1: Build the Target State for the Requirements Gathering Process (ppt)
    • Requirements Gathering SOP and BA Playbook (doc)
    • Requirements Gathering Maturity Assessment (xls)
    • Project Level Selection Tool (xls)
    • Business Requirements Analyst (doc)
    • Requirements Gathering Communication Tracking Template (xls)

    Develop best practices to gather business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 2: Define the Elicitation Process (ppt)
    • Business Requirements Document Template (xls)
    • Scrum Documentation Template (doc)

    Analyze and validate requirements

    Standardize your frameworks for analysis and validation of the business requirements

    • Build a Strong Approach to Business Requirements Gathering – Phase 3: Analyze and Validate Requirements (ppt)
    • Requirements Gathering Documentation Tool (xls)
    • Requirements Gathering Testing Checklist (doc)

    Build your requirements gathering governance action plan

    Formalize governance.

    • Build a Strong Approach to Business Requirements Gathering – Phase 4: Create a Requirements Governance Action Plan (ppt)
    • Requirements Traceability Matrix (xls)

     

     

    Position IT to Support and Be a Leader in Open Data Initiatives

    • Buy Link or Shortcode: {j2store}326|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Open data programs are often seen as unimportant or not worth taking up space in the budget in local government.
    • Open data programs are typically owned by a single open data evangelist who works on it as a side-of-desk project.
    • Having a single resource spend a portion of their time on open data doesn’t allow the open data program to mature to the point that local governments are realizing benefits from it.
    • It is difficult to gain buy-in for open data as it is hard to track the benefits of an open data program.

    Our Advice

    Critical Insight

    • Local government can help push the world towards being more open, unlocking economic benefits for the wider economy.
    • Cities don’t know the solutions to all of their problems often they don’t know all of the problems they have. Release data as a platform to crowdsource solutions and engage your community.
    • Build your open data policies in collaboration with the community. It’s their data, let them shape the way it’s used!

    Impact and Result

    • Level-set expectations for your open data program. Every local government is different in terms of the benefits they can achieve with open data; ensure the business understands what is realistic to achieve.
    • Create a team of open data champions from departments outside of IT. Identify potential champions for the team and use this group to help gain greater business buy-in and gather feedback on the program’s direction.
    • Follow the open data maturity model in order to assess your current state, identify a target state, and assess capability gaps that need to be improved upon.
    • Use industry best practices to develop an open data policy and processes to help improve maturity of the open data program and reach your desired target state.
    • Identify metrics that you can use to track, and communicate the success of, the open data program.

    Position IT to Support and Be a Leader in Open Data Initiatives Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop your open data program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set the foundation for the success of your open data program

    Identify your open data program's current state maturity, and gain buy-in from the business for the program.

    • Position IT to Support and Be a Leader in Open Data Initiatives – Phase 1: Set the Foundation for the Success of Your Open Data Program
    • Open Data Maturity Assessment
    • Open Data Program – IT Stakeholder Powermap Template
    • Open Data in Our City Stakeholder Presentation Template

    2. Grow the maturity of your open data program

    Identify a target state maturity and reach it through building a policy and processes and the use of metrics.

    • Position IT to Support and Be a Leader in Open Data Initiatives – Phase 2: Grow the Maturity of Your Open Data Program
    • Open Data Policy Template
    • Open Data Process Template
    • Open Data Process Descriptions Template
    • Open Data Process Visio Templates (Visio)
    • Open Data Process Visio Templates (PDF)
    • Open Data Metrics Template
    [infographic]

    Workshop: Position IT to Support and Be a Leader in Open Data Initiatives

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Drivers for Open Data Program

    The Purpose

    Ensure that the open data program is being driven out from the business in order to gain business support.

    Key Benefits Achieved

    Identify drivers for the open data program that are coming directly from the business.

    Activities

    1.1 Understand constraints for the open data program.

    1.2 Conduct interviews with the business to gain input on business drivers and level-set expectations.

    1.3 Develop list of business drivers for open data.

    Outputs

    Defined list of business drivers for the open data program

    2 Assess Current State and Define Target State of the Open Data Program

    The Purpose

    Understand the gaps between where your program currently is and where you want it to be.

    Key Benefits Achieved

    Identify top processes for improvement in order to bring the open data program to the desired target state maturity.

    Activities

    2.1 Perform current state maturity assessment.

    2.2 Define desired target state with business input.

    2.3 Highlight gaps between current and target state.

    Outputs

    Defined current state maturity

    Identified target state maturity

    List of top processes to improve in order to reach target state maturity

    3 Develop an Open Data Policy

    The Purpose

    Develop a draft open data policy that will give you a starting point when building your policy with the community.

    Key Benefits Achieved

    A draft open data policy will be developed that is based on best-practice standards.

    Activities

    3.1 Define the purpose of the open data policy.

    3.2 Establish principles for the open data program.

    3.3 Develop a rough governance outline.

    3.4 Create a draft open data policy document based on industry best-practice examples.

    Outputs

    Initial draft of open data policy

    4 Develop Open Processes and Identify Metrics

    The Purpose

    Build open data processes and identify metrics for the program in order to track benefits realization.

    Key Benefits Achieved

    Formalize processes to set in place to improve the maturity of the open data program.

    Identify metrics that can track the success of the open data program.

    Activities

    4.1 Develop the roles that will make up the open data program.

    4.2 Create processes for new dataset requests, updates of existing datasets, and the retiring of datasets.

    4.3 Identify metrics that will be used for measuring the success of the open data program.

    Outputs

    Initial draft of open data processes

    Established metrics for the open data program

    Build a Winning Business Process Automation Playbook

    • Buy Link or Shortcode: {j2store}407|cart{/j2store}
    • member rating overall impact (scale of 10): 8.3/10 Overall Impact
    • member rating average dollars saved: $8,065 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Organizations often have many business processes that rely on manual, routine, and repetitive data collection and processing work. These processes need to be automated to meet strategic priorities.
    • Your stakeholders may have decided to invest in process automation solutions. They may be ready to begin the planning and delivery of their first automated processes.
    • However, if your processes are costly, slow, defective, and do not generate the value end users want, automation will only magnify these inefficiencies.

    Our Advice

    Critical Insight

    • Put the user front and center. Aim to better understand the end user and their operational environment. Use cases, data models, and quality factors allow you to visualize the human-computer interactions from an end-user perspective and initiate a discussion on how technology and process improvements can be better positioned to help your end users.
    • Build for the future. Automation sets the technology foundations and process governance and management building blocks in your organization. Expect that more automation will be done using earlier investments.
    • Manage automations as part of your application portfolio. Automations are add-ons to your application portfolio. Unmanaged automations, like applications, will sprawl and reduce in value over time. A collaborative rationalization practice pinpoints where automation is required and identifies which business inefficiencies should be automated next.

    Impact and Result

    • Clarify the problem being solved. Gain a grounded understanding of your stakeholders’ drivers for business process automation. Discuss current business operations and systems to identify automation candidates.
    • Optimate your processes. Apply good practices to first optimize (opti-) and then automate (-mate) key business processes. Take a user-centric perspective to understand how users interact with technology to complete their tasks.
    • Deliver minimum viable automations (MVAs). Maximize the learning of automation solutions and business operational changes through small, strategic automation use cases. This sets the foundations for a broader automation practice.

    Build a Winning Business Process Automation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Business Process Automation Deck – A step-by-step document that walks you through how to optimize and automate your business processes.

    This blueprint helps you develop a repeatable approach to understand your process challenges and to optimize and automate strategic business processes.

    • Build a Winning Business Process Automation Playbook – Phases 1-3

    2. Business Process Automation Playbook – A repeatable set of practices to assess, optimize, and automate your business processes.

    This playbook template gives your teams a step-by-step guide to build a repeatable and standardized framework to optimize and automate your processes.

    • Business Process Automation Playbook

    3. Process Interview Template – A structured approach to interviewing stakeholders about their business processes.

    Info-Tech's Process Interview Template provides a number of sections that you can populate to help facilitate and document your stakeholder interviews.

    • Process Interview Template

    4. Process Mapping Guide – A guide to mapping business processes using BPMN standards.

    Info-Tech's Process Mapping Guide provides a thorough framework for process mapping, including the purpose and benefits, the best practices for facilitation, step-by-step process mapping instructions, and process mapping naming conventions.

    • Process Mapping Guide

    Infographic

    Workshop: Build a Winning Business Process Automation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Opportunities

    The Purpose

    Understand the goals and visions of business process automation.

    Develop your guiding principles.

    Build a backlog of automation opportunities

    Key Benefits Achieved

    Business process automation vision, expectations, and objectives.

    High-priority automation opportunities identified to focus on.

    Activities

    1.1 State your objectives and metrics.

    1.2 Build your backlog.

    Outputs

    Business process automation vision and objectives

    Business process automation guiding principles

    Process automation opportunity backlog

    2 Define Your MVAs

    The Purpose

    Assess and optimize high-strategic-importance business process automation use cases from the end user’s perspective.

    Shortlist your automation solutions.

    Build and plan to deliver minimum viable automations (MVAs).

    Key Benefits Achieved

    Repeatable framework to assess and optimize your business process.

    Selection of the possible solutions that best fit the business process use case.

    Maximized learning with a low-risk minimum viable automation.

    Activities

    2.1 Optimize your processes.

    2.2 Automate your processes.

    2.3 Define and roadmap your MVAs.

    Outputs

    Assessed and optimized business processes with a repeatable framework

    Fit assessment of use cases to automation solutions

    MVA definition and roadmap

    3 Deliver Your MVAs

    The Purpose

    Modernize your SDLC to support business process automation delivery.

    Key Benefits Achieved

    An SDLC that best supports the nuances and complexities of business process automation delivery.

    Activities

    3.1 Deliver your MVAs

    Outputs

    Refined and enhanced SDLC

    Identify and Reduce Agile Contract Risk

    • Buy Link or Shortcode: {j2store}232|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Our Advice

    Critical Insight

    • Agile contracts require different wording and protections than traditional or waterfall contracts.
    • Agile buzzwords by themselves do not create an Agile contract.
    • There is a delicate balance between being overly prescriptive in an Agile contract and too lax.

    Impact and Result

    • Identify options for Agile contract provisions.
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Harness the power of Agile development and collaboration with the vendor while preserving contractual flexibility.
    • Focus on the correct contract clauses to manage Agile risk.

    Identify and Reduce Agile Contract Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should treat Agile contracts differently from traditional or waterfall contracts, and review Info-Tech’s methodology, and understand the twelve contract clauses that are different for Agile contracts.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and evaluate options

    Use the information in this blueprint and Info-Tech’s Agile Contract Playbook-Checklist to review and assess your Agile contracts, ensuring that the provisions and protections are suitable for Agile contracts specifically.

    • Agile Contracts Playbook-Checklist
    [infographic]

    Workshop: Identify and Reduce Agile Contract Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify and Evaluate Options

    The Purpose

    To understand Agile-specific contract clauses, to improve risk identification, and to be more effective at negotiating Agile contract terms.

    Key Benefits Achieved

    Increased awareness of how Agile contract provisions are different from traditional or waterfall contracts in 12 key areas.

    Understanding available options.

    Understanding the impact of being too prescriptive.

    Activities

    1.1 Review the Agile Contract Playbook-Checklist.

    1.2 Review 12 contract provisions and reinforce key learnings with exercises.

    Outputs

    Configured Playbook-Checklist as applicable

    Exercise results and debrief

    Demystify the New PMBOK Guide and PMI Certifications

    • Buy Link or Shortcode: {j2store}446|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • There is lots of confusion with the latest edition of A Guide to The Project Management Body of Knowledge (PMBOK Guide).
    • The Project Management Professional (PMP) certification is not satisfying the needs of PMOs.
    • There is still a divide on whether the focus should be on the PMP or an Agile-related certification.
    • The PMP certification has lost its sizzle while other emerging certifications have started to penetrate the market. It’s hard to distinguish which certifications still hold weight.

    Our Advice

    Critical Insight

    • The PMP certification is still valuable and worth your time in 2023.
    • There are still over a million active PMP-certified individuals worldwide.
    • PMP can make you more money.

    Impact and Result

    • Study the market trends for certification options as they emerge and evolve.
    • Go with longstanding, reputable certifications, but be ready to pivot if they are not adding value.
    • Look at the job market as an indicator of certification demands.
    • There are a lot of certification options out there, and every day there seems to be a new one that pops up. Wait and see how the market reacts before investing your time and money in a new certification.

    Demystify the New PMBOK Guide and PMI Certifications Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify the New PMBOK and PMI Certifications Storyboard – A guide to validate if the PMP is still valuable. It will also provide clarity related to the updated PMBOK 7th edition.

    This publication will validate if the PMP certification is still valuable and worth your time. In addition, you will gain different perspectives related to other PMI and non-PMI certifications. You will gain a better understanding of the evolution of the PMBOK Guide, and the significant changes made from PMBOK 6th edition to the 7th edition.

    • Demystify the New PMBOK and PMI Certifications Storyboard
    [infographic]

    Further reading

    Demystify the New PMBOK Guide and the PMI Certifications

    The PMP certification is still valuable and worth your time in 2023.

    Analyst Perspective

    The PMP (Project Management Professional) certification is still worth your time.

    Long Dam

    I often get asked, “Is the PMP worth it?” I then proceed with a question of my own: “If it gets you an interview or a foot in the door or bolsters your salary, would it be worth it?” Typically, the answer is a resounding “YES!”

    CIO magazine ranked the PMP as the top project management certification in North America because it demonstrates that you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.

    Given its popularity and the demand in the marketplace, I strongly believe it is still worth your time and investment. The PMP is a globally recognized certification that has dominated for decades. It is hard to overlook the fact that the Project Management Institute (PMI) has more than 1.2 million PMP certification holders worldwide and is still considered the gold standard for project management.

    Yes, it’s worth it. It gets you interviews, a foot in the door, and bolsters your salary. Oh, and it makes you a more complete project manager.

    Long Dam, PMP, PMI-ACP, PgMP, PfMP

    Principal Research Director, Project Portfolio Management Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • There is lots of confusion with the latest A Guide to The Project Management Body of Knowledge (aka PMBOK Guide).
    • The Project Management Professional (PMP) certification is not satisfying the needs of PMOs.
    • There is still a divide on whether the focus should be on the PMP or an Agile-related certification.

    The PMP certification has lost its sizzle while other emerging certifications have started to penetrate the market. It’s hard to distinguish which certification still holds weight.

    Common Obstacles

    • Poor understanding and lack of awareness of other PMI certifications outside of the PMP.
    • There are too many competing certifications out there, and it’s hard to decipher which ones to choose.
    • PMI certifications typically take a lot of effort to obtain and maintain.

    There are other, less intensive certifications available. It’s unclear what will be popular in the future.

    Info-Tech's Approach

    • Study the market trends for certification options as they emerge and evolve.
    • Go with longstanding reputable certifications, but be ready to pivot if they are not adding value.
    • Look at the job market as an indicator for certification demands.

    There are a lot of certification options out there, and every day there seems to be a new one that pops up. Wait and see how the market reacts before investing your time and money in a new certification.

    Info-Tech Insight

    The PMP certification is still valuable and worthy of your time in 2023.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guide Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or knowledge to take this project on. We need assistance through the entirety of the this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    The PMP dominated the market for decades and got over 1 million people certified

    Total active project management professional holders from December 2021 versus July 2022

    Info-Tech Insight

    The PMI’s flagship PMP certification numbers have not significantly increased from 2021 to 2022. However, PMP substantially outpaces all competitors with over 1.2 million certified PMPs.

    Source: projectmanagement.com

    The PMP penetrated over 200 countries

    PMP is the global project management gold standard.

    • CIO magazine ranked the PMP as the top project management certification because it demonstrates you have the specific skills employers seek, dedication to excellence, and the capacity to perform at the highest levels.
    • It delivers real value in the form of professional credibility, deep knowledge, and increased earning potential. Those benefits have staying power.
    • The PMP now includes predictive, Agile, and hybrid approaches.
    • The PMP demonstrates expertise across the wide array of planning and work management styles.

    Source: PMI, “PMP Certification.” PMI, “Why You Should Get the PMP.”

    The PMP was valuable in the past specifically because it was the standard

    79% of project managers surveyed have the PMP certification out of 30,000 respondents in 40 countries.

    The PMP became table stakes for jobs in project management and PMO’s.

    Work desk with project management written in middle. Arrows point to: Goals, planning, risks, control, teamwork, cost, communication, and problem solving.

    Source: PMI’s Earning Power: Project Management Salary Survey—Twelfth Edition (2021)

    The PMP put itself on a collision course with Agile

    • The Agile Certified Practitioner (PMI-ACP) was introduced in 2012 which initially clashed with the PMP for project management supremacy from the PMI.
    • Then the Disciplined Agile (DA) was introduced in 2019, which further compounded the issue and caused even more confusion with both the PMP and the PMI-ACP certification.
    • Instead of complementing the PMP, these certifications began to inadvertently compete with it head-to-head.

    There is a new PMBOK Guide Seventh Edition in town

    The PMI made its most significant changes between 2017 and 2021.

    Chart showing editions of the PMBOK guide from 1996 to 2021.

    Timeline adapted from Wikipedia, “Project Management Body of Knowledge.”

    Roughly every 3-5 years, the PMI has released a new PMBOK version. It’s unclear if there will be an eighth edition.

    The market got confused by PMBOK Guide – Seventh Edition

    PMBOK guide version 5 considered the gold standard, version 6 first included Agile and version 7 was the most radical change.

    • Die-hard traditional project managers have a hard time grasping why the PMI messed around with the PMBOK Guide. There is sentiment that the PMBOK Guide V7 got diluted.
    • Naysayers do not think that the PMBOK Guide V7 hit the mark and found it to be a concession to Agilists.
    • The PMBOK Guide V7 was significantly trimmed down by almost two-thirds to 274 pages whereas the PMBOK V6 ballooned to 756 pages!
    • Some Agile practitioners found this to be a refreshing, bold move from the PMI. Most, however, ignored or resisted it.
    PMBOK Guide: A guide to the Project Management Body of Knowledge Seventh Edition.  AND The Standard for Project Management.

    PMBOK Guide – Seventh edition released in 2021

    • The PMBOK Guide – Seventh Edition was released in late 2021. It was the most radical change since 1987. For the first time, the PMI went from a process-based standard to a principles-based standard, and the guide went from knowledge areas to project performance domains. This may have diluted the traditional predictive project management practices. However, it was offset by incorporating more iterative, Agile, and hybrid approaches.
    • The market is confused and is clearly shifting toward Agile and away from the rigor that is typically associated with the PMI.
    • The PMI transitioned most of the process-based standards & ITTO to their new digital PMIStandards+ online platform, which can be found here (access for PMI members only).
    • The PMBOK Guide is not the sole basis of the certification exam; however, it can be used as one of several reference resources. Using the exam content outline (ECO) is the way forward, which can be found here.

    The Agile certification seems to be the focus for the PMI in the coming years

    • The PMI started to get into the Agile game with the introduction of Agile certifications, which is where all the confusion started. Although the PMI-ACP & the DASM have seen a steady uptake recently, it appears to be at the expense of the PMP certification.
    • The PMI acquired the Discipline Agile (DA) in late 2019, which expanded their offerings and capabilities for project managers and teams to choose their “way of working.”
    • This was an important milestone for the PMI to address the new way of working for Agile practitioners with this offering to provide more options and to better support enterprise agility.
    PMI-ACP & the DASM have seen a steady uptake recently.

    Source: projectmanagement.com as of July 2022

    The PMI has lost more certified PMPs than they have gained so far in 2022

    The PMI has lost more certified PMPs than they have gained so far in 2022.

    PMP

    PMP – Project Management Professional

    It is a concerning trend that their bread and butter, the PMP flagship certification, has largely stalled in 2022. We are unsure if this was attributed to them being displaced by competitors such as the Agile Alliance, their own Agile offerings, or the market’s lackluster reaction to PMBOK Guide – Seventh Edition.

    Source: projectmanagement.com as of July 2022

    The PMI’s total memberships have stalled since September 2021

    The PMIs total memberships have stalled since September 2021.

    PMI: Project Management Insitute

    The PMI’s membership appears to have a direct correlation to the PMP numbers. As the PMP number stalls, so do the PMI’s memberships.

    Source: projectmanagement.com as of July 2022

    The PMP and the PMBOK Guide are more focused on project management

    The knowledge and skills were not all that helpful for running programs, portfolios, and PMOs.
    • It became evident that other certifications were more tightly aligned to program and portfolio management for the PMOs. The PMI provides the following:
      • Program Management Professional (PgMP)
      • Portfolio Management Professional (PfMP)
    • Axelos also has certifications for program management and portfolio management, such as:
      • Managing Successful Programmes (MSP)
      • Management of Portfolios (MoP)
      • Portfolio, Programme, and Project Offices (P3O)

    The market didn’t know what to do with the PgMP or the PfMP

    These were relatively unknown certifications for Program and Portfolio Management.

    • The PMI’s story was that you would start as a project manager with the PMP certification and then the natural progression would be toward either Program Management (PgMP) or Portfolio Management (PfMP).
    • The uptake for the PgMP and the PfMP certification has been insignificant and underwhelming. The appetite and the demand for PMO-aligned certifications has been lackluster since their inception.
    PgMP - Program Management Professional and PfMP - Portfolio Management Professioanal Certifications are relatively unkown. PgMP only has 3780 members since 2007, and PfMP has 1266 since 2014.

    Source: projectmanagement.com as of July 2022

    There are other non-PMI certifications to consider

    Depending on your experience level

    List of non-PMI certifications based on specialization. List of non-PMI certifications based on years of experience.  Divided into 3 categories: 0-3 years, 3+ years, and 8+ years of experience.

    Other non-PMI project management certifications

    Non-PMI project management certifications

    PRINCE2 and CSM appear to be the more popular ones in the market.

    In April 2022, CIO.com outlined other popular project management certifications outside of the PMI.

    Source: CIO.com

    Project managers have an image problem among senior leaders

    There is a perception that PMs are just box-checkers and note-takers.

    • Project managers are seen as tactical troubleshooters rather than strategic partners. This suggests a widespread lack of understanding of the value and impact of project management at the C-suite level.
    • Very few C-suite executives associate project managers with "realizing visions," being "essential," or being "changemakers."
    • Strong strategic alignment between the PMO and the C-suite helps to reinforce the value of project management capabilities in achieving wider strategic aims.

    Source: PMI, Narrowing The Talent Gap, 2021

    Hiring practices have yet to change in response to the PMI’s moves

    The PMP is still the standard, even for organizations transitioning to Agile and PMO/portfolio jobs.

    • Savvy business leaders are still unsure about how Agile will impact them in the long term.
    • According to the Narrowing the Talent Gap report, PMI and PwC’s latest global research indicates that talent strategies haven’t changed much. There’s a widespread lack of focus on developing and retaining existing project managers, and a lack of variety and innovation in attracting and recruiting new talent. The core problem is that there isn’t a business case for investment in talent.

    Noteworthy Agile certifications to consider

    AGILE Certified Practioner(PMI-ACP) and Certified ScrumMaster(CSM) certification details.

    Source: PMI, “Agile Certifications,” and ScrumAlliance, “Become a Certified ScrumMaster.”

    Info-Tech Insight

    There is a lot of chatter about which Agile certification is better, and the jury is still out with no consensus. There are pros and cons to both certifications. We believe the PMI-ACP will give you more mileage and flexibility because of its breath of coverage in the Agile practice compared to the CSM.

    The talent shortage is a considerable risk to organizations

    • According to the PMI’s 2021 Talent Gap report1, the talent gap is likely to impact every region. By 2030, at least 13 million project managers are expected to have retired, creating additional challenges for recruitment. To close the gap, 25 million new project professionals are needed by 2030.
    • Young project managers will change the profession. Millennials and Generation Z are bringing fresh perspectives to projects. Learning to work alongside these younger generations isn't optional, as they increasingly dominate the labor force and extend their influence.
    • Millennials have already arrived: According to Pew Research2, this group surpassed Gen X in 2016 and is now the largest generation in the US labor force.

    1. PMI, Talent Gap, 2021.
    2. PM Network, 2019.

    Money talks – the PMP is still your best payoff

    It is a financially rewarding profession!

    The median salary for PMP holders in the US is 25% higher than those without PMP certification.

    On a global level, the Project Management Professional (PMP) certification has been shown to bolster salary levels. Holders of the PMP certification report higher median salaries than those without a PMP certification – 16% higher on average across the 40 countries surveyed.

    Source: PMI, Earning Power, 2021

    Determine which skills and capabilities are needed in the coming years

    • A scan of 2022 PM and PMO postings still shows continued dominance of the PMP certification requirement.
    • People and relationships have become more important than predicting budgets and timelines.
    • The PMI and PwC Global Survey on Transformation and Project Management 2021 identified the top five skills/capabilities for project managers (in order of priority):
      1. Relationship building
      2. Collaborative leadership
      3. Strategic thinking
      4. Creative problem solving
      5. Commercial awareness

    Source: PMI, Narrowing The Talent Gap, 2021.

    Prepare for product delivery by focusing on top digital-age skills

    According to the PMI Megatrends 2022 report, they have identified six areas as the top digital-age skills for product delivery:

    1. Innovative mindset
    2. Legal and regulatory compliance knowledge
    3. Security and privacy knowledge
    4. Data science skills
    5. Ability to make data-driven decisions
    6. Collaborative leadership skills

    Many organizations aren’t considering candidates who don’t have project-related qualifications. Indeed, many more are increasing the requirements for their qualifications than those who are reducing it.

    Source: PMI, Narrowing The Talent Gap, 2021

    Prioritize training and development at the C-suite level

    Currently, there is an imbalance with more emphasis of training on tools, processes, techniques, and methodologies rather than business acumen skills, collaboration, and management skills. With the explosion of remote work, training needs to be revamped and, in some cases, redesigned altogether to accommodate remote employees.

    Train of gears Labeled: Training. Gears from left to right are labeled: Knowledge, coaching, skills, developement, and experience.

    Lack of strategic prioritization is evident in how training and development is being done, with organizations largely not embracing a diversity of learning preferences and opportunities.

    Source: PMI, Narrowing The Talent Gap, 2021

    PM is evolving into a more strategic role

    • Ensure program and portfolio management roles are supported by the most appropriate certifications.
    • For project managers that have evolved beyond the iron triangle of managing projects, there is applicability to the PgMP and the PfMP for program managers, portfolio managers, and those in charge of PMOs.
    • Although these certifications have not been widely adopted due to lack of awareness and engagement at the decision-maker level, they still hold merit and prestige within the project management community.

    Project managers are evolving. No longer creatures of scope, schedule, and budget alone, they are now – enabled by new technology – focusing on influencing outcomes, building relationships, and achieving the strategic goals of their organizations.

    Source: PMI, Narrowing the Talent Gap, 2021

    Overhaul your recruitment practices to align with skills/capabilities

    World map with cartoon profile images, linked in a network.

    Talent managers will need to retool their toolbox to fill the capability gap and to look beyond where the role is geographically based by embracing flexible staffing models.

    They will need to evolve their talent strategies in line with changing business priorities.

    Organizations should be actively working to increase the diversity of candidates and upskilling young people in underrepresented communities as a priority.

    Most organizations are still relying on traditional approaches to recruit talent. Although we are prioritizing power skills and business acumen, we are still searching in the same, shrinking pool of talent.

    Source: PMI, Narrowing the Talent Gap, 2021.

    Bibliography

    “Agile Certifications for Every Step in Your Career.” PMI. Web.

    “Become a Certified ScrumMaster and Help Your Team Thrive.” ScrumAlliance. Web.

    “Become a Project Manager.” PMI. Accessed 14 Sept. 2022.

    Bucero, A. “The Next Evolution: Young Project Managers Will Change the Profession: Here's What Organizations Need to Know.” PM Network, 2019, 33(6), 26–27.

    “Certification Framework.” PMI. Accessed 14 Sept. 2022.

    “Certifications.” PMI. Accessed 14 Sept. 2022.

    DePrisco, Mike. Global Megatrends 2022. “Foreword.” PMI, 2022. Accessed 14 Sept. 2022.

    Earning Power: Project Management Salary Survey. 12th ed. PMI, 2021. Accessed 14 Sept. 2022.

    “Global Research From PMI and PwC Reveals Attributes and Strategies of the World’s Leading Project Management Offices.” PMI, 1 Mar. 2022. Press Release. Accessed 14 Sept. 2022.

    Narrowing the Talent Gap. PMI, 2021. Accessed 14 Sept. 2022.

    “PMP Certification.” PMI. Accessed 4 Aug. 2022.

    “Project Management Body of Knowledge.” Wikipedia, Wikimedia Foundation, 29 Aug. 2022.

    “Project Portfolio Management Pulse Survey 2021.” PwC. Accessed 30 Aug. 2022.

    Talent Gap: Ten-Year Employment Trends, Costs, and Global Implications. PMI. Accessed 14 Sept. 2022.

    “The Critical Path.” ProjectManagement.com. Accessed 14 Sept. 2022.

    “True Business Agility Starts Here.” PMI. Accessed 14 Sept. 2022.

    White, Sarah K. and Sharon Florentine. “Top 15 Project Management Certifications.” CIO.com, 22 Apr. 2022. Web.

    “Why You Should Get the PMP.” PMI. Accessed 14 Sept. 2022.

    Prepare for Cognitive Service Management

    • Buy Link or Shortcode: {j2store}335|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • The evolution of natural language processing and machine learning applications has led to specialized AI-assisted toolsets that promise to improve the efficiency and timeliness of IT operations.

    Our Advice

    Critical Insight

    • These are early days. These AI-assisted toolsets are generating a considerable amount of media attention, but most of them are relatively untested. Early adopters willing to absorb experimentation costs are in the process of deploying the first use cases. Initial lessons are showing that IT operations in most organizations are not yet mature enough to take advantage of AI-assisted toolsets.
    • Focus on the problem, not the tool. Explicit AI questions should be at the end of the list. Start by asking what business problem you want to solve.
    • Get your house in order. The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Impact and Result

    • Don’t fall prey to the AI-bandwagon effect. AI-assisted innovations will support shift-left service support strategies through natural language processing and machine learning applications. However, the return on your AI investment will depend on whether it helps you meet an actual business goal.
    • AI-assisted tools presuppose the existence of mature IT operations functions, including standardized processes, high-quality structured content focused on the incidents and requests that matter, and a well-functioning ITSM web portal.
    • The success of AI ITSM projects hinges on adoption. If your vision is to power end-user interactions with chatbots and deploy intelligent agents on tickets coming through the web portal, be sure to develop a self-service culture that empowers end users to help themselves and experiment with new tools and technologies. Without end-user adoption, the promised benefits of AI projects will not materialize.

    Prepare for Cognitive Service Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prepare for cognitive service management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review emerging AI technology

    Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.

    2. Sort potential IT operations AI use cases

    Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.

    • Disruptive Technology Shortlisting Tool
    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    3. Prepare for a cognitive service management project

    Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.

    • Customer Journey Map (PDF)
    • Customer Journey Map (Visio)
    • Infrastructure Roadmap Technology Assessment Tool
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Kick-Start IT-Led Business Innovation

    • Buy Link or Shortcode: {j2store}87|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $38,844 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The CIO is not considered a strategic partner. The business may be satisfied with IT services, but no one is looking to IT to solve business problems or drive the enterprise forward.
    • Even if IT staff do generate ideas that will improve operational efficiency or enable the business, few are ever assessed or executed upon.

    Our Advice

    Critical Insight

    • Business demand for new technology is creating added pressure to innovate and executive stakeholders expect more from IT. If IT is not viewed as a source of innovation, its perceived value will decrease and the threat of shadow IT will grow. Do not wait to start finding and capitalizing on opportunities for IT-led innovation.

    Impact and Result

    • Start innovating right away. All you need are business pains and people willing to ideate around them.
    • Assemble a small team and arm them with proven techniques for identifying unique opportunities for innovation, developing impactful solutions, and prototyping quickly and effectively. Incubate a reservoir of ideas, both big and small, so that you are ready to execute on innovative projects when the timing is right.
    • Once you have demonstrated IT’s ability to innovate, mature your capability with a permanent innovation process and program.

    Kick-Start IT-Led Business Innovation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create innovation processes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch innovation

    Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.

    • Kick-Start IT-Led Business Innovation – Phase 1: Launch Innovation
    • Innovation Working Group Charter

    2. Ideate

    Identify critical opportunities for innovation and brainstorm effective solutions.

    • Kick-Start IT-Led Business Innovation – Phase 2: Ideate
    • Idea Document
    • Idea Reservoir Tool

    3. Prototype

    Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.

    • Kick-Start IT-Led Business Innovation – Phase 3: Prototype
    • Prototyping Workbook
    • Prototype Assessment

    4. Mature innovation capability

    Formalize the innovation process and implement a program to create a strong culture of innovation in IT.

    • Kick-Start IT-Led Business Innovation – Phase 4: Mature Innovation Capability

    Infographic

    Workshop: Kick-Start IT-Led Business Innovation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Innovation

    The Purpose

    Introduce innovation.

    Assess overall IT maturity to understand what you want to achieve with innovation.

    Define the innovation mandate.

    Introduce ideation.

    Key Benefits Achieved

    A set of shared objectives for innovation will be defined.

    A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.

    The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.

    Activities

    1.1 Define workshop goals and objectives.

    1.2 Introduce innovation.

    1.3 Assess IT maturity.

    1.4 Define the innovation mandate.

    1.5 Introduce ideation.

    Outputs

    Workshop goals and objectives.

    An understanding of innovation.

    IT maturity assessment.

    Sponsored innovation mandate.

    An understanding of ideation.

    2 Ideate, Part I

    The Purpose

    Identify and prioritize opportunities for IT-led innovation.

    Map critical processes to identify the pains that should be ideated around.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Key Benefits Achieved

    The team will learn best practices for ideation.

    Critical pain points that might be addressed through innovation will be identified and well understood.

    A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.

    The team will prioritize the ideas that should be investigated further and prototyped after the workshop.

    Activities

    2.1 Identify processes that present opportunities for IT-led innovation.

    2.2 Map selected processes.

    2.3 Finalize problem statements.

    2.4 Generate ideas.

    2.5 Assess ideas.

    2.6 Pitch and prioritize ideas.

    Outputs

    A list of processes with high opportunity for IT-enablement.

    Detailed process maps that highlight pain points and stakeholder needs.

    Problem statements to ideate around.

    A long list of ideas to address pain points.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    3 Ideate, Part II

    The Purpose

    Ideate around a more complex problem that presents opportunity for IT-led innovation.

    Map the associated process to define pain points and stakeholder needs in detail.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Introduce prototyping.

    Map the user journey for prioritized ideas.

    Key Benefits Achieved

    The team will be ready to facilitate ideation independently with other staff after the workshop.

    A critical problem that might be addressed through innovation will be defined and well understood.

    A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.

    Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.

    The team will learn best practices for prototyping.

    The team will identify the assumptions that need to be tested when top ideas are prototyped.

    Activities

    3.1 Select an urgent opportunity for IT-led innovation.

    3.2 Map the associated process.

    3.3 Finalize the problem statement.

    3.4 Generate ideas.

    3.5 Assess ideas.

    3.6 Pitch and prioritize ideas.

    3.7 Introduce prototyping.

    3.8 Map the user journey for top ideas.

    Outputs

    Selection of a process which presents a critical opportunity for IT-enablement.

    Detailed process map that highlights pain points and stakeholder needs.

    Problem statement to ideate around.

    A long list of ideas to solve the problem.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    An understanding of effective prototyping techniques.

    A user journey for at least one of the top ideas.

    4 Implement an Innovation Process and Program

    The Purpose

    Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.

    Create an action plan to operationalize your new process.

    Develop a program to help support the innovation process and nurture your innovators.

    Create an action plan to implement your innovation program.

    Decide how innovation success will be measured.

    Key Benefits Achieved

    The team will learn best practices for managing innovation.

    The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.

    The team will understand the current innovation ecosystem: drivers, barriers, and enablers.

    The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.

    You will be ready to measure and report on the success of your program.

    Activities

    4.1 Design an IT-led innovation process.

    4.2 Assign roles and responsibilities.

    4.3 Generate an action plan to roll out the process.

    4.4 Determine critical process metrics to track.

    4.5 Identify innovation drivers, enablers, and barriers.

    4.6 Develop a program to nurture a culture of innovation.

    4.7 Create an action plan to jumpstart each of your program components.

    4.8 Determine critical metrics to track.

    4.9 Summarize findings and gather feedback.

    Outputs

    A process for IT-led innovation.

    Defined process roles and responsibilities.

    An action plan for operationalizing the process.

    Critical process metrics to measure success.

    A list of innovation drivers, enablers, and barriers.

    A program for innovation that will leverage enablers and minimize barriers.

    An action plan to roll out your innovation program.

    Critical program metrics to track.

    Overview of workshop results and feedback.

    Set a Strategic Course of Action for the PMO in 100 Days

    • Buy Link or Shortcode: {j2store}356|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $13,744 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As a new PMO director, you’ve been thrown into the middle of an unfamiliar organizational structure and a chaotic project environment.
    • The expectations are that the PMO will help improve project outcomes, but beyond that your mandate as PMO director is opaque.
    • You know that the statistics around PMO longevity aren’t good, with 50% of new PMOs closing within the first three years. As early in your tenure as possible, you need to make sure that your stakeholders understand the value that your role could provide to the organization with the right level of buy-in and support.
    • Whether you’re implementing a new PMO or taking over an already existing one, you need to quickly overcome these challenges by rapidly assessing your unfamiliar tactical environment, while at the same time demonstrating confidence and effective leadership to project staff, business stakeholders, and the executive layer.

    Our Advice

    Critical Insight

    • The first 100 days are critical. You have a window of influence where people are open to sharing insights and opinions because you were wise enough to seek them out. If you don’t reach out soon, people notice and assume you’re not wise enough to seek them out, or that you don’t think they are important enough to involve.
    • PMOs most commonly stumble when they shortsightedly provide project management solutions to what are, in fact, more complex, systemic challenges requiring a mix of project management, portfolio management, and organizational change management capabilities. If you fail to accurately diagnose pain points and needs in your first days, you could waste your tenure as PMO leader providing well-intentioned solutions to the wrong project problems.
    • You have diminishing value on your time before skepticism and doubt start to erode your influence. Use your first 100 days to define an appropriate mandate for your PMO, get the right people behind you, and establish buy-in for long-term PMO success.

    Impact and Result

    • Develop an action plan to help leverage your first 100 days on the job. Hit the ground running in your new role with an action plan to achieve realistic goals and milestones in your first 100 days. A results-driven first three months will help establish roots throughout the organization that will continue to feed and grow the PMO beyond your first year.
    • Get to know what you don’t know quickly. Use Info-Tech’s advice and tools to perform a triage of every aspect of PMO accountability as well as harvest stakeholder input to ensure that your PMO meets or exceeds expectations and establishes the right solutions to the organization’s project challenges.
    • Solidify the PMO’s long-term mission. Adopt our stakeholder engagement best practices to ensure that you knock on the right doors early in your tenure. Not only do you need to clarify expectations, but you will ultimately need buy-in from key stakeholders as you move to align the mandate, authority, and resourcing needed for long-term PMO success.

    Set a Strategic Course of Action for the PMO in 100 Days Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how capitalizing on your first 100 days as PMO leader can help ensure the long-term success of your PMO.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Survey the project landscape

    Get up-to-speed quickly on key PMO considerations by engaging PMO sponsors, assessing stakeholders, and taking stock of your PMO inventory.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 1: Survey the Project Landscape
    • Mission Identification and Inventory Tool
    • PMO Director First 100 Days Timeline - MS Project
    • PMO Director First 100 Days Timeline - MS Excel

    2. Gather PMO requirements

    Make your first major initiative as PMO director be engaging the wider pool of PMO stakeholders throughout the organization to determine their expectations for your office.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 2: Gather PMO Requirements
    • PMO Requirements Gathering Tool
    • PMO Course of Action Stakeholder Interview Guide

    3. Solidify your PPM goals

    Review the organization’s current PPM capabilities in order to identify your ability to meet stakeholder expectations and define a sustainable mandate.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 3: Solidify Your PPM Goals
    • Project Portfolio Management Maturity Assessment Workbook
    • Project Management Maturity Assessment Workbook
    • Organizational Change Management Maturity Assessment Workbook
    • PMO Strategic Expectations Glossary

    4. Formalize the PMO’s mandate

    Communicate your strategic vision for the PMO and garner stakeholder buy-in.

    • Set a Strategic Course of Action for the PMO in 100 Days – Phase 4: Formalize the PMO's Mandate
    • PMO Mandate and Strategy Roadmap Template
    • PMO Director Peer Feedback Evaluation Template
    • PMO Director First 100 Days Self-Assessment Tool
    [infographic]

    Workshop: Set a Strategic Course of Action for the PMO in 100 Days

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Project Ecosystem

    The Purpose

    Quickly develop an on-the-ground view of the organization’s project ecosystem and the PMO’s abilities to effectively serve.

    Key Benefits Achieved

    A comprehensive and actionable understanding of the PMO’s tactical environment

    Activities

    1.1 Perform a PMO SWOT analysis.

    1.2 Assess the organization’s portfolio management, project management, and organizational change management capability levels.

    1.3 Take inventory of the PMO’s resourcing levels, project demand levels, and tools and artifacts.

    Outputs

    Overview of current strengths, weaknesses, opportunities, and threats

    Documentation of your current process maturity to execute key portfolio management, project management, and organizational change management functions

    Stock of the PMO’s current access to PPM personnel relative to total project demand

    2 Analyze PMO Stakeholders

    The Purpose

    Determine stakeholder expectations for the PMO.

    Key Benefits Achieved

    An accurate understanding of others’ expectations to help ensure the PMO’s course of action is responsive to organizational culture and strategy

    Activities

    2.1 Conduct a PMO Mission Identification Survey with key stakeholders.

    2.2 Map the PMO’s stakeholder network.

    2.3 Analyze key stakeholders for influence, interest, and support.

    Outputs

    An understanding of expected PMO outcomes

    A stakeholder map and list of key stakeholders

    A prioritized PMO requirements gathering elicitation plan

    3 Determine Strategic Expectations and Define the Tactical Plan

    The Purpose

    Develop a process and method to turn stakeholder requirements into a strategic vision for the PMO.

    Key Benefits Achieved

    A strategic course of action for the PMO that is responsive to stakeholders’ expectations.

    Activities

    3.1 Assess the PMO’s ability to support stakeholder expectations.

    3.2 Use Info-Tech’s PMO Strategic Expectations glossary to turn raw process and service requirements into specific strategic expectations.

    3.3 Define an actionable tactical plan for each of the strategic expectations in your mandate.

    Outputs

    An understanding of PMO capacity and limits

    A preliminary PMO mandate

    High-level statements of strategy to help support your mandate

    4 Formalize the PMO’s Mandate and Roadmap

    The Purpose

    Establish a final PMO mandate and a process to help garner stakeholder buy-in to the PMO’s long-term vision.

    Key Benefits Achieved

    A viable PMO course of action complete with stakeholder buy-i

    Activities

    4.1 Finalize the PMO implementation timeline.

    4.2 Finalize Info-Tech’s PMO Mandate and Strategy Roadmap Template.

    4.3 Present the PMO’s strategy to key stakeholders.

    Outputs

    A 3-to-5-year implementation timeline for key PMO process and staffing initiatives

    A ready-to-present strategy document

    Stakeholder buy-in to the PMO’s mandate

    Deliver Digital Products at Scale

    • Buy Link or Shortcode: {j2store}156|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $86,499 Average $ Saved
    • member rating average days saved: 53 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Products are the lifeblood of an organization. They provide the capabilities the business needs to deliver value to both internal and external customers and stakeholders.
    • Product organizations are expected to continually deliver evolving value to the overall organization as they grow.
    • You need to clearly convey the direction and strategy of a broad product portfolio to gain alignment, support, and funding from your organization.

    Our Advice

    Critical Insight

    • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that improve end-user value and enterprise alignment.
    • Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.
    • Recognize that each product owner represents one of three primary perspectives: business, technical, and operational. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.
    • The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.
    • Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.
    • Although products can be delivered with any software development lifecycle, methodology, delivery team structure, or organizational design, high-performing product teams optimize their structure to fit the needs of product and product family delivery.

    Impact and Result

    • Understand the importance of product families for scaling product delivery.
    • Define products in your context and organize products into operational families.
    • Use product family roadmaps to align product roadmaps to enterprise goals and priorities.
    • Evaluate the different approaches to improve your product family delivery pipelines and milestones.

    Deliver Digital Products at Scale Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define enterprise product families to scale your product delivery capability, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Become a product-centric organization

    Define products in your organization’s context and explore product families as a way to organize products at scale.

    • Deliver Digital Products at Scale – Phase 1: Become a Product-Centric Organization
    • Deliver Digital Products at Scale Workbook
    • Digital Product Family Strategy Playbook

    2. Organize products into product families

    Identify an approach to group the inventory of products into one or more product families.

    • Deliver Digital Products at Scale – Phase 2: Organize Products Into Product Families

    3. Ensure alignment between products and families

    Confirm alignment between your products and product families via the product family roadmap and a shared definition of delivered value.

    • Deliver Digital Products at Scale – Phase 3: Ensure Alignment Between Products and Families

    4. Bridge the gap between product families and delivery

    Agree on a delivery approach that best aligns with your product families.

    • Deliver Digital Products at Scale – Phase 4: Bridge the Gap Between Product Families and Delivery
    • Deliver Digital Products at Scale Readiness Assessment

    5. Build your transformation roadmap and communication plan

    Define your communication plan and transformation roadmap for transitioning to delivering products at the scale of your organization.

    • Deliver Digital Products at Scale – Phase 5: Transformation Roadmap and Communication

    Infographic

    Workshop: Deliver Digital Products at Scale

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Become a Product-Centric Organization

    The Purpose

    Define products in your organization’s context and explore product families as a way to organize products at scale.

    Key Benefits Achieved

    An understanding of the case for product practices

    A concise definition of products and product families

    Activities

    1.1 Understand your organizational factors driving product-centric delivery.

    1.2 Establish your organization’s product inventory.

    1.3 Determine your approach to scale product families.

    Outputs

    Organizational drivers and goals for a product-centric delivery

    Definition of product

    Product scaling principles

    Scaling approach and direction

    Pilot list of products to scale

    2 Organize Products Into Product Families

    The Purpose

    Identify a suitable approach to group the inventory of products into one or more product families.

    Key Benefits Achieved

    A scaling approach for products that fits your organization

    Activities

    2.1 Define your product families.

    Outputs

    Product family mapping

    Enabling applications

    Dependent applications

    Product family canvas

    3 Ensure Alignment Between Products and Families

    The Purpose

    Confirm alignment between your products and product families via the product family roadmap and a shared definition of delivered value.

    Key Benefits Achieved

    Recognition of the product family roadmap and a shared definition of value as key concepts to maintain alignment between your products and product families

    Activities

    3.1 Leverage product family roadmaps.

    3.2 Use stakeholder management to improve roadmap communication.

    3.3 Configure your product family roadmaps.

    3.4 Confirm product family to product alignment.

    Outputs

    Current approach for communication of product family strategy

    List of product family stakeholders and a prioritization plan for communication

    Defined key pieces of a product family roadmap

    An approach to confirming alignment between products and product families through a shared definition of business value

    4 Bridge the Gap Between Product Families and Delivery

    The Purpose

    Agree on the delivery approach that best aligns with your product families.

    Key Benefits Achieved

    An understanding of the team configuration and operating model required to deliver value through your product families

    Activities

    4.1 Assess your organization’s delivery readiness.

    4.2 Understand your delivery options.

    4.3 Determine your operating model.

    4.4 Identify how to fund product delivery.

    4.5 Learn how to introduce your digital product family strategy.

    4.6 Communicate changes on updates to your strategy.

    4.7 Determine your next steps.

    Outputs

    Assessment results on your organization’s delivery maturity

    A preferred approach to structuring product delivery

    Your preferred operating model for delivering product families

    Understanding of your preferred approach for product family funding

    Product family transformation roadmap

    Your plan for communicating your roadmap

    List of actionable next steps to start on your journey

    5 Advisory: Next Steps and Wrap-Up (offsite)

    The Purpose

    Implement your communication plan and transformation roadmap for transitioning to delivering products at the scale of your organization.

    Key Benefits Achieved

    New product family organization and supporting product delivery approach

    Activities

    5.1 Execute communication plan and product family changes.

    5.2 Review the pilot family implementation and update the transformation roadmap.

    5.3 Begin advisory calls for related blueprints.

    Outputs

    Organizational communication of product families and product family roadmaps

    Product family implementation and updated transformation roadmap

    Support for product owners, backlog and roadmap management, and other topics

    Further reading

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    Analyst Perspective

    Product families align enterprise goals to product changes and value realization.

    A picture of Info-Tech analyst Banu Raghuraman. A picture of Info-Tech analyst Ari Glaizel. A picture of Info-Tech analyst Hans Eckman

    Our world is changing faster than ever, and the need for business agility continues to grow. Organizations are shifting from long-term project delivery to smaller, iterative product delivery models to be able to embrace change and respond to challenges and opportunities faster.

    Unfortunately, many organizations focus on product delivery at the tactical level. Product teams may be individually successful, but how well are their changes aligned to division and enterprise goals and priorities?

    Grouping products into operationally aligned families is key to delivering the right value to the right stakeholders at the right time.

    Product families translate enterprise goals, constraints, and priorities down to the individual product level so product owners can make better decisions and more effectively manage their roadmaps and backlogs. By scaling products into families and using product family roadmaps to align product roadmaps, product owners can deliver the capabilities that allow organizations to reach their goals.

    In this blueprint, we’ll provide the tools and guidance to help you define what “product” means to your organization, use scaling patterns to build product families, align product and product family roadmaps, and identify impacts to your delivery and organizational design models.

    Banu Raghuraman, Ari Glaizel, and Hans Eckman

    Applications Practice

    Info-Tech Research Group

    Deliver Digital Products at Scale

    Deliver value at the scale of your organization through defining enterprise product families.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • The shift to becoming a product organization is intended to continually increase the value you provide to the broader organization as you grow and evolve.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.

    Common Obstacles

    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Info-Tech’s Approach

    Info-Tech’s approach will guide you through:

    • Understanding the importance of product families in scaling product delivery.
    • Defining products in your context and organizing products into operational families.
    • Using product family roadmaps to align product roadmaps to enterprise goals and priorities.
    • Evaluating the different approaches to improve your product family delivery pipelines and milestones.

    Info-Tech Insight

    Changes can only be made at the individual product or service level. To achieve enterprise goals and priorities, organizations needed to organize and scale products into operational families. This structure allows product managers to translate goals and constraints to the product level and allows product owners to deliver changes that support enabling capabilities. In this blueprint, we’ll help you define your products, scale them using the best patterns, and align your roadmaps and delivery models to improve throughput and value delivery.

    Info-Tech’s approach

    Operationally align product delivery to enterprise goals

    A flowchart is shown on how to operationally align product delivery to enterprise goals.

    The Info-Tech difference:

    1. Start by piloting product families to determine which approaches work best for your organization.
    2. Create a common definition of what a product is and identify products in your inventory.
    3. Use scaling patterns to build operationally aligned product families.
    4. Develop a roadmap strategy to align families and products to enterprise goals and priorities.
    5. Use products and families to evaluate delivery and organizational design improvements.

    Deliver Digital Products at Scale via Enterprise Product Families

    An infographic on the Enterprise Product Families is shown.

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.

    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.”

    - Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance

    “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.”

    - TechTarget

    “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.”

    - Mark Curphey

    Organizations need a common understanding of what a product is and how it pertains to the business. This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.”

    – Chad Beier, "How Do You Define a Product?” Scrum.org

    What is a product?

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    Business:

    • Customer facing, revenue generating

    Technical:

    • IT systems and tools

    Operations:

    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman, “Tips for Starting Product Owners”

    Identify the differences between a project-centric and a product-centric organization

    Project

    Product

    Fund projects

    Funding

    Fund products or teams

    Line of business sponsor

    Prioritization

    Product owner

    Makes specific changes to a product

    Product management

    Improve product maturity and support

    Assign people to work

    Work allocation

    Assign work to product teams

    Project manager manages

    Capacity management

    Team manages capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for delivering product changes and improvements

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply. The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release. Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    An image is shown to demonstrate the relationship between the product backlog and the product roadmap.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Adapted from: Pichler, "What Is Product Management?""

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Use Agile DevOps principles to expedite product-centric delivery and management

    Delivering products does not necessarily require an Agile DevOps mindset. However, Agile methods facilitate the journey because product thinking is baked into them.

    A flowchart is shown to demonstrate the product deliery maturity and the Agile DevOps used.
    Based on: Ambysoft, 2018

    Organizations start with Waterfall to improve the predictable delivery of product features.

    Iterative development shifts the focus from delivery of features to delivery of user value.

    Agile further shifts delivery to consider ROI. Often, the highest-value backlog items aren’t the ones with the highest ROI.

    Lean and DevOps improve your delivery pipeline by providing full integration between product owners, development teams, and operations.

    CI/CD reduces time in process by allowing release on demand and simplifying release and support activities.

    Although teams will adopt parts of all these stages during their journey, it isn’t until you’ve adopted a fully integrated delivery chain that you’ve become product centric.

    Scale products into related families to improve value delivery and alignment

    Defining product families builds a network of related products into coordinated value delivery streams.

    A flowchart is shown to demonstrate the relations between product family and the delivery streams.

    “As with basic product management, scaling an organization is all about articulating the vision and communicating it effectively. Using a well-defined framework helps you align the growth of your organization with that of the company. In fact, how the product organization is structured is very helpful in driving the vision of what you as a product company are going to do.”

    – Rich Mironov, Mironov Consulting

    Product families translate enterprise goals into value-enabling capabilities

    A flowchart is shown to demonstrate the relationship between enterprise strategy and enabling capabilities.

    Info-Tech Insight

    Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.

    Arrange product families by operational groups, not solely by your org chart

    A flowchart is shown to demonstrate how to arrange product families by operational groups.

    1. To align product changes with enterprise goals and priorities, you need to organize your products into operational groups based on the capabilities or business functions the product and family support.

    2. Product managers translate these goals, priorities, and constraints into their product families, so they are actionable at the next level, whether that level is another product family or products implementing enhancements to meet these goals.

    3. The product family manager ensures that the product changes enhance the capabilities that allow you to realize your product family, division, and enterprise goals.

    4. Enabling capabilities realize value and help reach your goals, which then drives your next set of enterprise goals and strategy.

    Approach alignment from both directions, validating by the opposite way

    Defining your product families is not a one-way street. Often, we start from either the top or the bottom depending on our scaling principles. We use multiple patterns to find the best arrangement and grouping of our products and families.

    It may be helpful to work partway, then approach your scaling from the opposite direction, meeting in the middle. This way you are taking advantage of the strengths in both approaches.

    Once you have your proposed structure, validate the grouping by applying the principles from the opposite direction to ensure each product and family is in the best starting group.

    As the needs of your organization change, you may need to realign your product families into your new business architecture and operational structure.

    A top-down alignment example is shown.

    When to use: You have a business architecture defined or clear market/functional grouping of value streams.

    A bottom-up alignment example is shown.

    When to use: You are starting from an Application Portfolio Management application inventory to build or validate application families.

    Leverage patterns for scaling products

    Organizing your products and families is easier when leveraging these grouping patterns. Each is explained in greater detail on the following slides

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Organizational Alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Leverage the product family roadmap for alignment

    It’s more than a set of colorful boxes. It’s the map to align everyone to where you are going.

    Your product family roadmap

      ✓ Lays out a strategy for your product family.

      ✓ Is a statement of intent for your family of products.

      ✓ Communicates direction for the entire product family and product teams.

      ✓ Directly connects to the organization’s goals.

    However, it is not:

      x Representative of a hard commitment.

      x A simple combination of your current product roadmaps.

    Before connecting your family roadmap to products, think about what each roadmap typically presents

    An example of a product family roadmap is shown and how it can be connected to the products.

    Info-Tech Insight

    Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.

    Product family roadmaps are more strategic by nature

    While individual product roadmaps can be different levels of tactical or strategic depending on a variety of market factors, your options are more limited when defining roadmaps for product families.

    Product

    TACTICAL

    A roadmap that is technical, committed, and detailed.

    Product Family

    STRATEGIC

    A roadmap that is strategic, goal based, high level, and flexible.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Consider volatility when structuring product family roadmaps

    A roadmap is shown without any changes.

    There is no such thing as a roadmap that never changes.

    Your product family roadmap represents a broad statement of intent and high-level tactics to get closer to the organization’s goals.

    A roadmap is shown with changes.

    All good product family roadmaps embrace change!

    Your strategic intentions are subject to volatility, especially those planned further in the future. The more costs you incur in planning, the more you leave yourself exposed to inefficiency and waste if those plans change.

    Info-Tech Insight

    A good product family roadmap is intended to manage and communicate the inevitable changes as a result of market volatility and changes in strategy.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    PRODUCT STRATEGY

    What are the artifacts?

    What are you saying?

    Defined at the family level?

    Defined at the product level?

    Vision

    I want to...

    Strategic focus

    Delivery focus

    Goals

    To get there we need to...

    Roadmap

    To achieve our goals, we’ll deliver...

    Backlog

    The work will be done in this order...

    Release Plan

    We will deliver in the following ways...

    Typical elements of a product family roadmap

    While there are others, these represent what will commonly appear across most family-based roadmaps.

    An example is shown to highlight the typical elements of a product family roadmap.

    GROUP/CATEGORY: Groups are collections of artifacts. In a product family context, these are usually product family goals, value streams, or products.

    ARTIFACT: An artifact is one of many kinds of tangible by-products produced during the delivery of products. For a product family, the artifacts represented are capabilities or value streams.

    MILESTONE: Points in the timeline when established sets of artifacts are complete. This is a critical tool in the alignment of products in a given family.

    TIME HORIZON: Separated periods within the projected timeline covered by the roadmap.

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn’t available.

    An example is shown on how the product family roadmpas can be connected to the product roadmaps.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Audience

    Business/ IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot of the portfolio and priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize those goals.

    Artifacts are grouped by the teams who deliver that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Your communication objectives are linked to your audience; ensure you know your audience and speak their language

    I want to...

    I need to talk to...

    Because they are focused on...

    ALIGN PRODUCT TEAMS

    Get my delivery teams on the same page.

    Architects

    Products Owners

    PRODUCTS

    A product that delivers value against a common set of goals and objectives.

    SHOWCASE CHANGES

    Inform users and customers of product strategy.

    Bus. Process Owners

    End Users

    FUNCTIONALITY

    A group of functionality that business customers see as a single unit.

    ARTICULATE RESOURCE REQUIREMENTS

    Inform the business of product development requirements.

    IT Management

    Business Stakeholders

    FUNDING

    An initiative that those with the money see as a single budget.

    Assess the impacts of product-centric delivery on your teams and org design

    Product delivery can exist within any org structure or delivery model. However, when making the shift toward product management, consider optimizing your org design and product team structure to match your capacity and throughput needs.

    A flowchart is shown to see how the impacts of product-centric delivery can impact team and org designs.

    Determine which delivery team structure best fits your product pipeline

    Four delivery team structures are shown. The four are: functional roles, shared service and resource pools, product or system, and skills and competencies.

    Weigh the pros and cons of IT operating models to find the best fit

    There are many different operating models. LoB/Product Aligned and Hybrid Functional align themselves most closely with how products and product families are typically delivered.

    1. LoB/Product Aligned – Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned
    2. A decentralized IT operating model that embeds specific functions within LoBs/product teams and provides cross-organizational support for their initiatives.

    3. Hybrid Functional: Functional/Product Aligned
    4. A best-of-both-worlds model that balances the benefits of centralized and decentralized approaches to achieve both customer responsiveness and economies of scale.

    5. Hybrid Service Model: Product-Aligned Operating Model
    6. A model that supports what is commonly referred to as a matrix organization, organizing by highly related service categories and introducing the role of the service owner.

    7. Centralized: Plan-Build-Run
    8. A highly typical IT operating model that focuses on centralized strategic control and oversight in delivering cost-optimized and effective solutions.

    9. Centralized: Demand-Develop-Service
    10. A centralized IT operating model that lends well to more mature operating environments. Aimed at leveraging economies of scale in an end-to-end services delivery model.

    Consider how investment spending will differ in a product environment

    Reward for delivering outcomes, not features

    Autonomy

    Flexibility

    Accountability

    Fund what delivers value

    Allocate iteratively

    Measure and adjust

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Adapted from Bain, 2019

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    Why is having a common value measure important?

    CIO-CEO Alignment Diagnostic

    A stacked bar graph is shown to demonstrate CIO-CEO Alignment Diagnostic. A bar titled: Business Value Metrics is highlighted. 51% had some improvement necessary and 32% had significant improvement necessary.

    Over 700 Info-Tech members have implemented the Balanced Value Measurement Framework.

    “The cynic knows the price of everything and the value of nothing.”

    – Oscar Wilde

    “Price is what you pay. Value is what you get.”

    – Warren Buffett

    Understanding where you derive value is critical to building solid roadmaps.

    Measure delivery and success

    Metrics and measurements are powerful tools to drive behavior change and decision making in your organization. However, metrics are highly prone to creating unexpected outcomes, so use them with great care. Use metrics judiciously to uncover insights but avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    Build good practices in your selection and use of metrics:

    • Choose the metrics that are as close to measuring the desired outcome as possible.
    • Select the fewest metrics possible and ensure they are of the highest value to your team, the safest from gaming behaviors and unintended consequences, and the easiest to gather and report.
    • Never use metrics for reward or punishment; use them to develop your team.
    • Automate as much metrics gathering and reporting as possible.
    • Focus on trends rather than precise metrics values.
    • Review and change your metrics periodically.

    Executive Brief Case Study

    INDUSTRY: Public Sector & Financial Services

    SOURCE: Info-Tech Interviews

    A tale of two product transformations

    Two of the organizations we interviewed shared the challenges they experienced defining product families and the impact these challenges had on their digital transformations.

    A major financial services organization (2,000+ people in IT) had employed a top-down line of business–focused approach and found itself caught in a vicious circle of moving applications between families to resolve cross-LoB dependencies.

    A similarly sized public sector organization suffered from a similar challenge as grouping from the bottom up based on technology areas led to teams fragmented across multiple business units employing different applications built on similar technology foundations.

    Results

    Both organizations struggled for over a year to structure their product families. This materially delayed key aspects of their product-centric transformation, resulting in additional effort and expenditure delivering solutions piecemeal as opposed to as a part of a holistic product family. It took embracing a hybrid top-down and bottom-up approach and beginning with pilot product families to make progress on their transformation.

    A picture of Cole Cioran is shown.

    Cole Cioran

    Practice Lead,

    Applications Practice

    Info-Tech Research Group

    There is no such thing as a perfect product-family structure. There will always be trade-offs when you need to manage shifting demand from stakeholder groups spanning customers, business units, process owners, and technology owners.

    Focusing on a single approach to structure your product families inevitably leads to decisions that are readily challenged or are brittle in the face of changing demand.

    The key to accelerating a product-centric transformation is to build a hybrid model that embraces top-down and bottom-up perspectives to structure and evolve product families over time. Add a robust pilot to evaluate the structure and you have the key to unlocking the potential of product delivery in your organization.

    Info-Tech’s methodology for Deliver Digital Products at Scale

    1. Become a Product-Centric Organization

    2. Organize Products Into Product Families

    3. Ensure Alignment Between Products and Families

    4. Bridge the Gap Between Product Families and Delivery

    5. Build Your Transformation Roadmap and Communication Plan

    Phase Steps

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm goal and value alignment of products and their product families

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    Phase Outcomes
    • Organizational drivers and goals for a product-centric delivery
    • Definition of product
    • Pilot list of products to scale
    • Product scaling principles
    • Scaling approach and direction
    • Product family mapping
    • Enabling applications
    • Dependent applications
    • Product family canvas
    • Approach for communication of product family strategy
    • Stakeholder management plan
    • Defined key pieces of a product family roadmap
    • An approach to confirming alignment between products and product families
    • Assessment of delivery maturity
    • Approach to structuring product delivery
    • Operating model for product delivery
    • Approach for product family funding
    • Product family transformation roadmap
    • Your plan for communicating your roadmap
    • List of actionable next steps to start on your journey

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Deliver Digital Products at Scale Workbook

    Use this supporting workbook to document interim results from a number of exercises that will contribute to your overall strategy.

    A screenshot of the Scale Workbook is shown.

    Deliver Digital Products at Scale Readiness Assessment

    Your strategy needs to encompass your approaches to delivery. Understand where you need to focus using this simple assessment.

    A screenshot of the Scale Readiness Assessment is shown.

    Key deliverable:

    Digital Product Family Strategy Playbook

    Record the results from the exercises to help you define, detail, and deliver digital products at scale.

    A screenshot of the Digital Product Family Strategy Playbook is shown.

    Blueprint benefits

    IT Benefits

    • Improved product delivery ROI.
    • Improved IT satisfaction and business support.
    • Greater alignment between product delivery and product family goals.
    • Improved alignment between product delivery and organizational models.
    • Better support for Agile/DevOps adoption.

    Business Benefits

    • Increased value realization across product families.
    • Faster delivery of enterprise capabilities.
    • Improved IT satisfaction and business support.
    • Greater alignment between product delivery and product family goals.
    • Uniform understanding of product and product family roadmaps and key milestones.

    Measure the value of this blueprint

    Align product family metrics to product delivery and value realization.

    Member Outcome Suggested Metric Estimated Impact

    Increase business application satisfaction

    Satisfaction with business applications (CIO Business Vision diagnostic)

    20% increase within one year after implementation

    Increase effectiveness of application portfolio management

    Effectiveness of application portfolio management (Management & Governance diagnostic)

    20% increase within one year after implementation

    Increase importance and effectiveness of application portfolio

    Importance and effectiveness to business ( Application Portfolio Assessment diagnostic)

    20% increase within one year after implementation

    Increase satisfaction of support of business operations

    Support to business (CIO Business Vision diagnostic.

    20% increase within one year after implementation

    Successfully deliver committed work (productivity)

    Number of successful deliveries; burndown

    20% increase within one year after implementation

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1: Become a Product-Centric Organization

    Phase 2: Organize Products Into Product Families

    Phase 3: Ensure Alignment Between Products and Families

    Phase 4: Bridge the Gap Between Product Families and Delivery

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Define products and product families in your context.

    Call #3: Understand the list of products in your context.

    Call #4: Define your scaling principles and goals.

    Call #5: Select a pilot and define your product families.

    Call #6: Understand the product family roadmap as a method to align products to families.

    Call #7: Define components of your product family roadmap and confirm alignment.

    Call #8: Assess your delivery readiness.

    Call #9: Discuss delivery, operating, and funding models relevant to delivering product families.

    Call #10: Wrap up.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Become a Product-Centric Organization

    Day 2

    Organize Products Into Product Families

    Day 3

    Ensure Alignment Between Products and Families

    Day 4

    Bridge the Gap Between Product Families and Delivery

    Advisory

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand your organizational factors driving product-centric delivery.

    1.2 Establish your organization’s product inventory.

    2.1 Determine your approach to scale product families.

    2.2 Define your product families.

    3.1 Leverage product family roadmaps.

    3.2 Use stakeholder management to improve roadmap communication.

    3.3 Configure your product family roadmaps.

    3.4 Confirm product family to product alignment.

    4.1 Assess your organization’s delivery readiness.

    4.2 Understand your delivery options.

    4.3 Determine your operating model.

    4.4 Identify how to fund product family delivery.

    5.1 Learn how to introduce your digital product family strategy.

    5.2 Communicate changes on updates to your strategy.

    5.3 Determine your next steps.

    1. Execute communication plan and product family changes.
    2. Review the pilot family implementation and update the transformation roadmap.
    3. Begin advisory calls for related blueprints.

    Key Deliverables

    1. Organizational drivers and goals for a product-centric delivery
    2. Definition of product
    3. Product scaling principles
    4. Scaling approach and direction
    5. Pilot list of products to scale
    1. Product family mapping
    2. Enabling applications
    3. Dependent applications
    4. Product family canvas
    1. Current approach for communication of product family strategy
    2. List of product family stakeholders and a prioritization plan for communication
    3. Defined key pieces of a product family roadmap
    4. An approach to confirming alignment between products and product families through a shared definition of business value
    1. Assessment results on your organization’s delivery maturity
    2. A preferred approach to structuring product delivery
    3. Your preferred operating model for delivering product families
    4. Understanding your preferred approach for product family funding
    5. Product family transformation roadmap
    6. Your plan for communicating your roadmap
    7. List of actionable next steps to start on your journey
    1. Organizational communication of product families and product family roadmaps
    2. Product family implementation and updated transformation roadmap
    3. Support for product owners, backlog and roadmap management, and other topics

    Phase 1

    Become a Product-Centric Organization

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    1.1.1 Understand your drivers for product-centric delivery

    1.1.2 Identify the differences between project and product delivery

    1.1.3 Define the goals for your product-centric organization

    1.2.1 Define “product” in your context

    1.2.2 Identify and establish a pilot list of products

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Step 1.1

    Understand the organizational factors driving product-centric delivery

    Activities

    1.1.1 Understand your drivers for product-centric delivery

    1.1.2 Identify the differences between project and product delivery

    1.1.3 Define the goals for your product-centric organization

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Organizational drivers to move to product-centric delivery
    • List of differences between project and product delivery
    • Goals for product-centric delivery

    1.1.1 Understand your drivers for product-centric delivery

    30-60 minutes

    1. Identify your pain points in the current delivery model.
    2. What is the root cause of these pain points?
    3. How will a product-centric delivery model fix the root cause?
    4. Record the results in the Deliver Digital Products at Scale Workbook.
    Pain Points Root Causes Drivers
    • Lack of ownership
    • Siloed departments
    • Accountability

    Output

    • Organizational drivers to move to product-centric delivery.

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    1.1.2 Identify the differences between project and product delivery

    30-60 minutes

    1. Consider project delivery and product delivery.
    2. Discuss what some differences are between the two.
    3. Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.

    4. Record the results in the Deliver Digital Products at Scale Workbook.
    Project Delivery Product Delivery
    Point in time What is changed
    Method of funding changes Needs an owner

    Output

    • List of differences between project and product delivery

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Identify the differences between a project-centric and a product-centric organization

    Project Product
    Fund projects Funding Fund products or teams
    Line of business sponsor Prioritization Product owner
    Makes specific changes to a product Product management Improves product maturity and support
    Assignment of people to work Work allocation Assignment of work to product teams
    Project manager manages Capacity management Team manages capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle, and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Use Agile DevOps principles to expedite product-centric delivery and management

    Delivering products does not necessarily require an Agile DevOps mindset. However, Agile methods facilitate the journey because product thinking is baked into them.

    A flowchart is shown to demonstrate the product delivery maturity and the Agile DevOps used.

    Based on: Ambysoft, 2018

    Organizations start with Waterfall to improve the predictable delivery of product features.

    Iterative development shifts the focus from delivery of features to delivery of user value.

    Agile further shifts delivery to consider ROI. Often, the highest-value backlog items aren’t the ones with the highest ROI.

    Lean and DevOps improve your delivery pipeline by providing full integration between product owners, development teams, and operations.

    CI/CD reduces time in process by allowing release on demand and simplifying release and support activities.

    Although teams will adopt parts of all these stages during their journey, it isn’t until you’ve adopted a fully integrated delivery chain that you’ve become product centric.

    1.1.3 Define the goals for your product-centric organization

    30 minutes

    1. Review your list of drivers from exercise 1.1.1 and the differences between project and product delivery from exercise 1.1.2.
    2. Define your goals for achieving a product-centric organization.
    3. Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.

    Pain PointsRoot CausesDriversGoals
    • Lack of ownership
    • Siloed departments
    • Accountability
    • End-to-end ownership

    Output

    • Goals for product-centric delivery

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 1.2

    Establish your organization’s product inventory

    Activities

    1.2.1 Define “product” in your context

    1.2.2 Identify and establish a pilot list of products

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Your organizational definition of products and services
    • A pilot list of active products

    Product does not mean the same thing to everyone

    Do not expect a universal definition of products.

    Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

    “A product [is] something (physical or not) that is created through a process and that provides benefits to a market.”

    - Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance

    “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.”

    - TechTarget

    “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.”

    - Mark Curphey

    Organizations need a common understanding of what a product is and how it pertains to the business. This understanding needs to be accepted across the organization.

    “There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.”

    – Chad Beier, "How Do You Define a Product?” Scrum.org

    Products and services share the same foundation and best practices

    For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

    Product = Service

    “Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    Business:

    • Customer facing, revenue generating

    Technical:

    • IT systems and tools

    Operations

    • Keep the lights on processes

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Info-Tech Insight

    Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

    “A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.”

    – Robbin Schuurman, “Tips for Starting Product Owners”

    Your product definition should include everything required to support it, not just what users see.

    A picture of an iceburg is shown, showing the ice both above and below the water to demonstrate that the product definition should include everything, not just what users see. On top of the picture are various words to go with the product definition. They inlude: funding, external relationships, adoption, product strategy, stakeholder managment. The product defitions that may not be seen include: Product governance, business functionality, user support, managing and governing data, maintenance and enhancement, R-and-D, requirements analysis and design, code, and knowledge management.

    Establish where product management would be beneficial in the organization

    What does not need product ownership?

    • Individual features
    • Transactions
    • Unstructured data
    • One-time solutions
    • Non-repeatable processes
    • Solutions that have no users or consumers
    • People or teams

    Characteristics of a discrete product

    • Has end users or consumers
    • Delivers quantifiable value
    • Evolves or changes over time
    • Has predictable delivery
    • Has definable boundaries
    • Has a cost to produce and operate

    Product capabilities deliver value!

    These are the various facets of a product. As a product owner, you are responsible for managing these facets through your capabilities and activities.

    A flowchart is shown that demonstrates the various facets of a product.

    It is easy to lose sight of what matters when we look at a product from a single point of view. Despite what The Agile Manifesto says, working software is not valuable without the knowledge and support that people need in order to adopt, use, and maintain it. If you build it, they will not come. Product leaders must consider the needs of all stakeholders when designing and building products.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    An image is shown to demonstrate the relationship between the product backlog and the product roadmap.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    What is a product?

    Not all organizations will define products in the same way. Take this as a general example:

    “A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

    Info-Tech Insight

    A proper definition of product recognizes three key facts:

    1. Products are long-term endeavors that don’t end after the project finishes.
    2. Products are not just “apps” but can be software or services that drive the delivery of value.
    3. There is more than one stakeholder group that derives value from the product or service.

    1.2.1 Define “product” in your context

    30-60 minutes

    1. Discuss what “product” means in your organization.
    2. Create a common, enterprise-wide definition for “product.”
    3. Record the results in the Deliver Digital Products at Scale Workbook.

    For example:

    • An application, platform, or application family.
    • Discrete items that deliver value to a user/customer.

    Output

    • Your enterprise/organizational definition of products and services

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    1.2.2 Identify and establish a pilot list of products

    1-2 hours

    1. Review any current documented application inventory. If you have these details in an existing document, share it with the team. Select the group of applications for your family scaling pilot.
    2. List your initial application inventory on the Product List tab of the Deliver Digital Products at Scale Workbook.
  • For each of the products listed, add the vision and goals of the product. Refer to Deliver on Your Digital Product Vision to learn more about identifying vision and goals or to complete the product vision canvas.
  • You’ll add business capabilities and vision in Phase 2, but you can add these now if they are available in your existing inventory.
  • Output

    • A pilot list of active products

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Phase 2

    Organize Products Into Product Families

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    2.1.1 Define your scaling principles and goals

    2.1.2 Define your pilot product family areas and direction

    2.2.1 Arrange your applications and services into product families

    2.2.2 Define enabling and supporting applications

    2.2.3 Build your product family canvas

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Step 2.1

    Determine your approach to scale product families

    Activities

    2.1.1 Define your scaling principles and goals

    2.1.2 Define your pilot product family areas and direction

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • List of product scaling principles
    • Scope of product scaling pilot and target areas
    • Scaling approach and direction

    Use consistent terminology for product and service families

    In this blueprint, we refer to any grouping of products or services as a “family.” Your organization may prefer other terms, such as product/service line, portfolio, group, etc. The underlying principles for grouping and managing product families are the same, so define the terminology that fits best with your culture. The same is true for “products” and “services,” which may also be referred to in different terms.

    An example flowchart is displayed to demonstrate the terminology for product and service families.

    A product family is a logical and operational grouping of related products or services. The grouping provides a scaled hierarchy to translate goals, priorities, strategy, and constraints down the grouping while aligning value realization upwards.

    Group product families by related purpose to improve business value

    Families should be scaled by how the products operationally relate to each other, with clear boundaries and common purpose.

    A product family contains...

    • Vision
    • Goals
    • Cumulative roadmap of the products within the family

    A product family can be grouped by...

    • Function
    • Value stream and capability
    • Customer segments or end-user group
    • Strategic purpose
    • Underlying architecture
    • Common technology or support structures
    • And many more
    A flowchart is shown to demonstrate the product family and product relations.

    Scale products into related families to improve value delivery and alignment

    Defining product families builds a network of related products into coordinated value delivery streams.

    A flowchart is shown to demonstrate the relations between product family and the delivery streams.

    “As with basic product management, scaling an organization is all about articulating the vision and communicating it effectively. Using a well-defined framework helps you align the growth of your organization with that of the company. In fact, how the product organization is structured is very helpful in driving the vision of what you as a product company are going to do.”

    – Rich Mironov, Mironov Consulting

    Product families translate enterprise goals into value-enabling capabilities

    A flowchart is shown to demonstrate the relationship between enterprise strategy and enabling capabilities.

    Info-Tech Insight

    Your organizational goals and strategy are achieved through capabilities that deliver value. Your product hierarchy is the mechanism to translate enterprise goals, priorities, and constraints down to the product level where changes can be made.

    Arrange product families by operational groups, not solely by your org chart

    A flowchart is shown to demonstrate how to arrange product families by operational groups.

    1. To align product changes with enterprise goals and priorities, you need to organize your products into operational groups based on the capabilities or business functions the product and family support.

    2. Product managers translate these goals, priorities, and constraints into their product families, so they are actionable at the next level, whether that level is another product family or products implementing enhancements to meet these goals.

    3. The product family manager ensures that the product changes enhance the capabilities that allow you to realize your product family, division, and enterprise goals.

    4. Enabling capabilities realize value and help reach your goals, which then drives your next set of enterprise goals and strategy.

    Product families need owners with a more strategic focus

    Product Owner

    (More tactical product delivery focus)

    • Backlog management and prioritization
    • Product vision and product roadmap
    • Epic/story definition, refinement in conjunction with business stakeholders
    • Sprint planning with Scrum Master and delivery team
    • Working with Scrum Master to minimize disruption to team velocity
    • Ensuring alignment between business and Scrum teams during sprints
    • Profit and loss (P&L) product analysis and monitoring

    Product Manager

    (More strategic product family focus)

    • Product strategy, positioning, and messaging
    • Product family vision and product roadmap
    • Competitive analysis and positioning
    • New product innovation/definition
    • Release timing and focus (release themes)
    • Ongoing optimization of product-related marketing and sales activities
    • P&L product analysis and monitoring

    Info-Tech Insight

    “Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users. Use the terms that work best in your culture.

    Download Build a Better Product Owner for role support.

    2.1.1 Define your scaling principles and goals

    30-60 minutes

    1. Discuss the guiding principles for your product scaling model. Your guiding principles should consider key business priorities, organizational culture, and division/team objectives, such as improving:
    • Business agility and ability to respond to changes and needs.
    • Alignment of product roadmaps to enterprise goals and priorities.
    • Collaboration between stakeholders and product delivery teams.
    • Resource utilization and productivity.
    • The quality and value of products.
    • Coordination between related products and services.

    Output

    • List of product scaling principles

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Start scaling with a pilot

    You will likely use a combination of patterns that work best for each product area. Pilot your product scaling with a domain, team, or functional area before organizing your entire portfolio.

    Learn more about each pattern.

    Discuss the pros and cons of each.

    Select a pilot product area.

    Select a pattern.

    Approach alignment from both directions, validating by the opposite way

    Defining your product families is not a one-way street. Often, we start from either the top or the bottom depending on our scaling principles. We use multiple patterns to find the best arrangement and grouping of our products and families.

    It may be helpful to work partway, then approach your scaling from the opposite direction, meeting in the middle. This way you are taking advantage of the strengths in both approaches.

    Once you have your proposed structure, validate the grouping by applying the principles from the opposite direction to ensure each product and family is in the best starting group.

    As the needs of your organization change, you may need to realign your product families into your new business architecture and operational structure.

    A top-down alignment example is shown.

    When to use: You have a business architecture defined or clear market/functional grouping of value streams.

    A bottom-up alignment example is shown.

    When to use: You are starting from an Application Portfolio Management application inventory to build or validate application families.

    Top-down examples: Start with your enterprise structure or market grouping

    A top-down example flowchart is shown.

    Examples:

    Market Alignment
    • Consumer Banking
      • DDA: Checking, Savings, Money Market
      • Revolving Credit: Credit Cards, Line of Credit
      • Term Credit: Mortgage, Auto, Boat, Installment
    Enterprise Applications
    • Human Resources
      • Benefits: Health, Dental, Life, Retirement
      • Human Capital: Hiring, Performance, Training
      • Hiring: Posting, Interviews, Onboarding
    Shared Service
    • End-User Support
      • Desktop: New Systems, Software, Errors
      • Security: Access Requests, Password Reset, Attestations
    Business Architecture
    • Value Stream
      • Capability
        • Applications
        • Services

    Bottom-up examples: Start with your inventory

    Based on your current inventory, start organizing products and services into related groups using one of the five scaling models discussed in the next step.

    A bottom-up example flowchart is shown.

    Examples:

    Technical Grouping
    • Custom Apps: Java, .NET, Python
    • Cloud: Azure, AWS, Virtual Environments
    • Low Code: ServiceNow, Appian
    Functional/Capability Grouping
    • CRM: Salesforce, Microsoft CRM
    • Security Platforms: IAM, SSO, Scanning
    • Workflow: Remedy, ServiceNow
    Shared Services Grouping
    • Workflow: Appian, Pega, ServiceNow
    • Collaboration: SharePoint, Teams
    • Data: Dictionary, Lake, BI/Reporting

    2.1.2 Define your pilot product family areas and direction

    30-60 minutes

    1. Using your inventory of products for your pilot, consider the top-down and bottom-up approaches.
    2. Identify areas where you will begin arranging your product into families.
    3. Prioritize these pilot areas into waves:
      1. First pilot areas
      2. Second pilot areas
      3. Third pilot areas
    4. Discuss and decide whether a top-down or bottom-up approach is the best place to start for each pilot group.
    5. Prioritize your pilot families in the order in which you want to organize them. This is a guide to help you get started, and you may change the order during the scaling pattern exercise.

    Output

    • Scope of product scaling pilot and target areas

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 2.2

    Define your product families

    Activities

    2.2.1 Arrange your applications and services into product families

    2.2.2 Define enabling and supporting applications

    2.2.3 Build your product family canvas

    This step involves the following participants:

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers’
    • Business analysts

    Outcomes of this step

    • Product family mapping
    • Product families
    • Enabling applications
    • Dependent applications
    • Product family canvas

    Use three perspectives to guide scaling pattern selection

    • One size does not fit all. There is no single or static product model that fits all product teams.
    • Structure relationships based on your organizational needs and capabilities.
    • Be flexible. Product ownership is designed to enable value delivery.
    • Avoid structures that promote proxy product ownership.
    • Make decisions based on products and services, not people. Then assign people to the roles.
    Alignment perspectives:

    Value Stream

    Align products based on the defined sources of value for a collection of products or services.

    For example: Wholesale channel for products that may also be sold directly to consumers, such as wireless network service.

    Users/Consumers

    Align products based on a common group of users or product consumers.

    For example: Consumer vs. small business vs. enterprise customers in banking, insurance, and healthcare.

    Common Domain

    Align products based on a common domain knowledge or skill set needed to deliver and support the products.

    For example: Applications in a shared service framework supporting other products.

    Leverage patterns for scaling products

    Organizing your products and families is easier when leveraging these grouping patterns. Each is explained in greater detail on the following slides

    Value Stream AlignmentEnterprise ApplicationsShared ServicesTechnicalOrganizational Alignment
    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Select the best family pattern to improve alignment

    A flowchart is shown on how to select the best family pattern to improve alignment.

    Use scenarios to help select patterns

    Top-Down

    Bottom-Up

    We have a business architecture defined.

    (See Document Your Business Architecture and industry reference architectures for help.)

    Start with your business architecture

    Start with market segments

    We want to be more customer first or customer centric.

    Start with market segments

    Our organization has rigid lines of business and organizational boundaries.

    Start with LoB structure

    Most products are specific to a business unit or division. Start with LoB structure

    Products are aligned to people, not how we are operationally organized.

    Start with market or LoB structure

    We are focusing on enterprise or enabling applications.

    1. Start with enterprise app and service team

    2. Align supporting apps

    We already have applications and services grouped into teams but want to evaluate if they are grouped in the best families.

    Validate using multiple patterns

    Validate using multiple patterns

    Our applications and services are shared across the enterprise or support multiple products, value streams, or shared capabilities.

    Our applications or services are domain, knowledge, or technology specific.

    Start by grouping inventory

    We are starting from an application inventory. (See the APM Research Center for help.)

    Start by grouping inventory

    Pattern: Value Stream – Capability

    Grouping products into capabilities defined in your business architecture is recommended because it aligns people/processes (services) and products (tools) into their value stream and delivery grouping. This requires an accurate capability map to implement.

    Example:

    • Healthcare is delivered through a series of distinct value streams (top chevrons) and shared services supporting all streams.
    • Diagnosing Health Needs is executed through the Admissions, Testing, Imaging, and Triage capabilities.
    • Products and services are needed to deliver each capability.
    • Shared capabilities can also be grouped into families to better align capability delivery and maturity to ensure that the enterprise goals and needs are being met in each value stream the capabilities support.
    An example is shown to demonstrate how to group products into capabilities.

    Sample business architecture/ capability map for healthcare

    A sample business architecture/capability map for healthcare is shown.

    Your business architecture maps your value streams (value delivered to your customer or user personas) to the capabilities that deliver that value. A capability is the people, processes, and/or tools needed to deliver each value function.

    Defining capabilities are specific to a value stream. Shared capabilities support multiple value streams. Enabling capabilities are core “keep the lights on” capabilities and enterprise functions needed to run your organization.

    See Info-Tech’s industry coverage and reference architectures.

    Download Document Your Business Architecture

    Pattern: Value Stream – Market

    Market/Customer Segment Alignment focuses products into the channels, verticals, or market segments in the same way customers and users view the organization.

    An example is shown to demonstrate how products can be placed into channels, verticals, or market segments.

    Example:

    • Customers want one stop to solve all their issues, needs, and transactions.
    • Banking includes consumer, small business, and enterprise.
    • Consumer banking can be grouped by type of financial service: deposit accounts (checking, savings, money market), revolving credit (credit cards, lines of credit), term lending (mortgage, auto, installment).
    • Each group of services has a unique set of applications and services that support the consumer product, with some core systems supporting the entire relationship.

    Pattern: Value Stream – Line of Business (LoB)

    Line of Business Alignment uses the operational structure as the basis for organizing products and services into families that support each area.

    An example of the operational structure as the basis is shown.

    Example:

    • LoB alignment favors continuity of services, tools, and skills based on internal operations over unified customer services.
    • A hospital requires care and services from many different operational teams.
    • Emergency services may be internally organized by the type of care and emergency to allow specialized equipment and resources to diagnose and treat the patients, relying on support teams for imaging and diagnostics to support care.
    • This model may be efficient and logical from an internal viewpoint but can cause gaps in customer services without careful coordination between product teams.

    Pattern: Enterprise Applications

    A division or group delivers enabling capabilities, and the team’s operational alignment maps directly to the modules/components of an enterprise application and other applications that support the specific business function.

    An example flowchart is shown with enterprise applications.

    Example:

    • Human resources is one corporate function. Within HR, however, there are subfunctions that operate independently.
    • Each operational team is supported by one or more applications or modules within a primary HR system.
    • Even though the teams work independently, the information they manage is shared with or ties into processes used by other teams. Coordination of efforts helps provide a higher level of service and consistency.

    For additional information about HRMS, please download Get the Most Out of Your HRMS.

    Pattern: Shared Services

    Grouping by service type, knowledge area, or technology allows for specialization while families align service delivery to shared business capabilities.

    An example is shown with the shared services.

    Example:

    • Recommended for governance, risk, and compliance; infrastructure; security; end-user support; and shared platforms (workflow, collaboration, imaging/record retention). Direct hierarchies do not necessarily exist within the shared service family.
    • Service groupings are common for service owners (also known as support managers, operations managers, etc.).
    • End-user ticketing comes through a common request system, is routed to the team responsible for triage, and then is routed to a team for resolution.
    • Collaboration tools and workflow tools are enablers of other applications, and product families might support multiple apps or platforms delivering that shared capability.

    Pattern: Technical

    Technical grouping is used in Shared Services or as a family grouping method within a Value Stream Alignment (Capability, Market, LoB) product family.

    An example of technical grouping is shown.

    Example:

    • Within Shared Services, Technical product grouping focuses on domains requiring specific experience and knowledge not common to typical product teams. This can also support insourcing so other product teams do not have to build their own capacity.
    • Within a Market or LoB team, these same technical groups support specific tools and services within that product family only while also specializing in the business domain.
    • Alignment into tool, platform, or skill areas improves delivery capabilities and resource scalability.

    Pattern: Organizational Alignment

    Eventually in your product hierarchy, the management structure functions as the product management team.

    • When planning your product families, be careful determining when to merge product families into the management team structure.
    • Since the goal of scaling products into families is to align product delivery roadmaps to enterprise goals and enable value realization, the primary focus of scaling must be operational.
    • Alignment to the organizational chart should only occur when the product families report into an HR manager who has ownership for the delivery and value realization for all product and services within that family.
    Am example of organizational alignment is shown.

    Download Build a Better Product Owner for role support.

    2.2.1 Arrange your applications and services into product families

    1-4 hours

    1. (Optional but recommended) Define your value streams and capabilities on the App Capability List tab in the Deliver Digital Products at Scale Workbook.
    2. On the Product Families tab, build your product family hierarchy using the following structure:
    • Value Stream > Capability > Family 3 > Family 2 > Family 1 > Product/Service.
    • If you are not using a Value Stream > Capability grouping, you can leave these blank for now.
    A screenshot of the App Capability List in the Deliver Disital Products at Scale Workbook is shown.
  • If you previously completed an application inventory using one of our application portfolio management (APM) resources, you can paste values here. Do not paste cells, as Excel may create a cell reference or replace the current conditional formatting.
  • Output

    • Product family mapping

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    2.2.2 Define enabling and supporting applications

    1-4 hours

    1. Review your grouping from the reverse direction or with different patterns to validate the grouping. Consider each grouping.
    • Does it operationally align the products and families to best cascade enterprise goals and priorities while validating enabling capabilities?
    • In the next phase, when defining your roadmap strategy, you may wish to revisit this phase and adjust as needed.
  • Select and enter enabling or dependent applications to the right of each product.
  • A screenshot from the Deliver Digitial Products at Scale Workbook is shown.

    Output

    • Product families
    • Enabling applications
    • Dependent applications

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Deliver Digital Products at Scale Workbook.

    Use a product canvas to define key elements of your product family

    A product canvas is an excellent tool for quickly providing important information about a product family.

    Product owners/managers

    Provide target state to align child product and product family roadmaps.

    Stakeholders

    Communicate high-level concepts and key metrics with leadership teams and stakeholders.

    Strategy teams

    Use the canvas as a tool for brainstorming, scoping, and ideation.

    Operations teams

    Share background overview to align operational team with end-user value.

    Impacted users

    Refine communication strategy and support based on user impacts and value realization.

    Download Deliver on Your Digital Product Vision.

    Product Family Canvas: Define your core information

    A screenshot of the product family canvas is shown.

    Problem Statement: The problem or need the product family is addressing

    Business Goals: List of business objectives or goals for the product

    Personas/Customers/Users: List of groups who consume the product/service

    Vision: Vision, unique value proposition, elevator pitch, or positioning statement

    Child Product Families or Products: List of product families or products within this family

    Stakeholders: List of key resources, stakeholders, and teams needed to support the product or service

    Download Deliver on Your Digital Product Vision.

    2.2.3 Build your product family canvas

    30-60 minutes

    1. Complete the following fields to build your product family canvas in your Digital Product Family Strategy Playbook:
      1. Product family name
      2. Product family owner
      3. Parent product family name
      4. Problem that the family is intending to solve (For additional help articulating your problem statement, refer to Deliver on Your Digital Product Vision.)
      5. Product family vision/goals (For additional help writing your vision, refer to Deliver on Your Digital Product Vision..)
      6. Child product or product family name(s)
      7. Primary customers/users (For additional help with your product personas, download and complete Deliver on Your Digital Product Vision..)
      8. Stakeholders (If you aren’t sure who your stakeholders are, fill this in after completing the stakeholder management exercises in phase 3.)

    Output

    • Product family canvas

    Participants

    • Product owners
    • Product managers
    • Development team leads
    • Portfolio managers
    • Business analysts

    Record the results in the Digital Product Family Strategy Playbook.

    A screenshot of the Product Family Canvas is shown.

    Phase 3

    Ensure Alignment Between Products and Families

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    • 3.1.1 Evaluate your current approach to product family communication
    • 3.2.1 Visualize interrelationships among stakeholders to identify key influencers
    • 3.2.2 Group stakeholders into categories
    • 3.2.3 Prioritize your stakeholders
    • 3.3.1 Define the communication objectives and audience of your product family roadmaps
    • 3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent
    • 3.4.1 Validate business value alignment between products and their product families

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Step 3.1

    Leverage product family roadmaps

    Activities

    3.1.1 Evaluate your current approach to product family communication

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Understanding of what a product family roadmap is
    • Comparison of Info-Tech’s position on product families to how you currently communicate about product families

    Aligning products’ goals with families

    Without alignment between product family goals and their underlying products, you aren’t seeing the full picture.

    An example of a product roadmap is shown to demonstrate how it is the core to value realization.

    Adapted from: Pichler," What Is Product Management?"

    • Aligning product strategy to enterprise goals needs to happen through the product family.
    • A product roadmap has traditionally been used to express the overall intent and visualization of the product strategy.
    • Connecting the strategy of your products with your enterprise goals can be done through the product family roadmap.

    Leveraging product family roadmaps

    It’s more than a set of colorful boxes.

      ✓ Lays out a strategy for your product family.

      ✓ Is a statement of intent for your family of products.

      ✓ Communicates direction for the entire product family and product teams.

      ✓ Directly connects to the organization’s goals.

    However, it is not:

      x Representative of a hard commitment.

      x A simple combination of your current product roadmaps.

      x A technical implementation plan.

    Product family roadmaps

    A roadmap is shown without any changes.

    There is no such thing as a roadmap that never changes.

    Your product family roadmap represents a broad statement of intent and high-level tactics to get closer to the organization’s goals.

    A roadmap is shown with changes.

    All good product family roadmaps embrace change!

    Your strategic intentions are subject to volatility, especially those planned further in the future. The more costs you incur in planning, the more you leave yourself exposed to inefficiency and waste if those plans change.

    Info-Tech Insight

    A good product family roadmap is intended to manage and communicate the inevitable changes as a result of market volatility and changes in strategy.

    Product family roadmaps are more strategic by nature

    While individual product roadmaps can be different levels of tactical or strategic depending on a variety of market factors, your options are more limited when defining roadmaps for product families.

    An image is displayed to show the relationships between product and product family, and how the roadmaps could be tactical or strategic.

    Info-Tech Insight

    Roadmaps for your product family are, by design, less detailed. This does not mean they aren’t actionable! Your product family roadmap should be able to communicate clear intentions around the future delivery of value in both the near and long term.

    Reminder: Your enterprise vision provides alignment for your product family roadmaps

    Not knowing the difference between enterprise vision and goals will prevent you from both dreaming big and achieving your dream.

    Your enterprise vision represents your “north star” – where you want to go. It represents what you want to do.

    • Your enterprise goals represent what you need to achieve in order to reach your enterprise vision.
    • A key element of operationalizing your vision.
    • Your strategy, initiatives, and features will align with one or more goals.

    Download Deliver on Your Digital Product Vision for support.

    Multiple roadmap views can communicate differently, yet tell the same truth

    Audience

    Business/ IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot of the portfolio and priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize those goals.

    Artifacts are grouped by the teams who deliver that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Typical elements of a product family roadmap

    While there are others, these represent what will commonly appear across most family-based roadmaps.

    An example is shown to highlight the typical elements of a product family roadmap.

    GROUP/CATEGORY: Groups are collections of artifacts. In a product family context, these are usually product family goals, value streams, or products.

    ARTIFACT: An artifact is one of many kinds of tangible by-products produced during the delivery of products. For a product family, the artifacts represented are capabilities or value streams.

    MILESTONE: Points in the timeline when established sets of artifacts are complete. This is a critical tool in the alignment of products in a given family.

    TIME HORIZON: Separated periods within the projected timeline covered by the roadmap.

    3.1.1 Evaluate your current approach to product family communication

    1-2 hours

    1. Write down how you currently communicate your intentions for your products and family of products.
    2. Compare and contrast this to how this blueprint defines product families and product family roadmaps.
    3. Consider the similarities and the key gaps between your current approach and Info-Tech’s definition of product family roadmaps.

    Output

    • Your documented approach to product family communication

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 3.2

    Use stakeholder management to improve roadmap communication

    Activities

    3.2.1 Visualize interrelationships among stakeholders to identify key influencers

    3.2.2 Group stakeholders into categories

    3.2.3 Prioritize your stakeholders

    Info-Tech Note

    If you have done the stakeholder exercises in Deliver on Your Digital Product Vision or Build a Better Product Owner u don’t need to repeat the exercises from scratch.

    You can bring the results forward and update them based on your prior work.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Relationships among stakeholders and influencers
    • Categorization of stakeholders and influencers
    • Stakeholder and influencer prioritization

    Reminder: Not everyone is a user!

    USERS

    Individuals who directly obtain value from usage of the product.

    STAKEHOLDERS

    Represent individuals who provide the context, alignment, and constraints that influence or control what you will be able to accomplish.

    FUNDERS

    Individuals both external and internal that fund the product initiative. Sometimes they are lumped in as stakeholders. However, motivations can be different.

    For more information, see Deliver on Your Digital Product Vision.

    A stakeholder strategy is a key part of product family attainment

    A roadmap is only “good” when it effectively communicates to stakeholders. Understanding your stakeholders is the first step in delivering great product family roadmaps.

    A picture is shown that has 4 characters with puzzle pieces, each repersenting a key to product family attainment. The four keys are: Stakeholder management, product lifecycle, project delivery, and operational support.

    Create a stakeholder network map for product roadmaps and prioritization

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    An example stakeholder network map is displayed.

    Legend

    Black arrows: indicate the direction of professional influence

    Dashed green arrows: indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your product family operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    3.2.1 Visualize interrelationships among stakeholders to identify key influencers

    60 minutes

    1. List direct stakeholders for your product.
    2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
    • Use black arrows to indicate the direction of professional influence.
    • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Output

    • Relationships among stakeholders and influencers

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps product leaders categorize their stakeholders by their level of influence and ownership in the product and/or teams.

    An example stakeholder prioritization map is shown.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    3.2.2 Group stakeholders into categories

    30-60 minutes

    1. Identify your stakeholders’ interest in and influence on your product as high, medium, or low by rating the attributes below.
    2. Map your results to the model below to determine each stakeholder’s category.
    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    The example stakeholder prioritization map is shown with the stakeholders grouped into the categories.

    Output

    • Categorization of stakeholders and influencers

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Stakeholder Category

    Supporter

    Evangelist

    Neutral Blocker

    Player

    Critical

    High

    High

    Critical

    Mediator

    Medium

    Low

    Low

    Medium

    Noisemaker

    High

    Medium

    Medium

    High

    Spectator

    Low

    Irrelevant

    Irrelevant

    Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How likely is it that this stakeholder would recommend your product?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    3.2.3 Prioritize your stakeholders

    30 minutes

    1. Identify the level of support of each stakeholder by answering the following question: How likely is it that this stakeholder would endorse your product?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO

    Spectator

    Neutral

    Irrelevant

    CIO

    Player

    Supporter

    Critical

    Output

    • Stakeholder and influencer prioritization

    Participants

    • Product owners
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    Define strategies for engaging stakeholders by type

    An example is shown to demonstrate how to define strategies to engage staeholders by type.

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage

    Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied

    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed

    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.

    Spectators

    Low influence, low interest – monitor

    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of Mediators and Players are met.

    Step 3.3

    Configure your product family roadmaps

    Activities

    3.3.1 Define the communication objectives and audience of your product family roadmaps

    3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent

    Info-Tech Note

    If you are unfamiliar with product roadmaps, Deliver on Your Digital Product Vision contains more detailed exercises we recommend you review before focusing on product family roadmaps.

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • An understanding of the key communication objectives and target stakeholder audience for your product family roadmaps
    • A position on the level of detail you want your product family roadmap to operate at

    Your communication objectives are linked to your audience; ensure you know your audience and speak their language

    I want to... I need to talk to... Because they are focused on...
    ALIGN PRODUCT TEAMS Get my delivery teams on the same page. Architects Products Owners PRODUCTS A product that delivers value against a common set of goals and objectives.
    SHOWCASE CHANGES Inform users and customers of product strategy. Bus. Process Owners End Users FUNCTIONALITY A group of functionality that business customers see as a single unit.
    ARTICULATE RESOURCE REQUIREMENTS Inform the business of product development requirements. IT Management Business Stakeholders FUNDING An initiative that those with the money see as a single budget.

    3.3.1 Define the communication objectives and audience of your product family roadmaps

    30-60 minutes

    1. Explicitly state the communication objectives and audience of your roadmap.
    • Think of finishing this sentence: This roadmap is designed for … in order to …
  • You may want to consider including more than a single audience or objective.
  • Example:
  • Roadmap

    Audience

    Statement

    Internal Strategic Roadmap

    Internal Stakeholders

    This roadmap is designed to detail the strategy for delivery. It tends to use language that represents internal initiatives and names.

    Customer Strategic Roadmap

    External Customers

    This roadmap is designed to showcase and validate future strategic plans and internal teams to coordinate the development of features and enablers.

    Output

    • Roadmap list with communication objectives and audience

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Deliver Digital Products at Scale Workbook.

    The length of time horizons on your roadmap depend on the needs of the underlying products or families

    Info-Tech InsightAn example timeline is shown.

    Given the relationship between product and product family roadmaps, the product family roadmap needs to serve the time horizons of its respective products.

    This translates into product family roadmaps with timelines that, at a minimum, cover the full scope of the respective product roadmaps.

    Based on your communication objectives, consider different ways to visualize your product family roadmap

    Swimline/Stream-Based roadmap example.

    Swimlane/Stream-Based – Understanding when groups of items intend to be delivered.

    An example is shown that has an overall plan with rough intentions around delivery.

    Now, Next, Later – Communicate an overall plan with rough intentions around delivery without specific date ranges.

    An example of a sunrise roadmap is shown.

    Sunrise Roadmap – Articulate the journey toward a given target state across multiple streams.

    Before connecting your family roadmap to products, think about what each roadmap typically presents

    An example of a product family roadmap is shown and how it can be connected to the products.

    Info-Tech Insight

    Your product family roadmap and product roadmap tell different stories. The product family roadmap represents the overall connection of products to the enterprise strategy, while the product roadmap focuses on the fulfillment of the product’s vision.

    Example: Connecting your product family roadmaps to product roadmaps

    Your roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but you can do it at a more granular level if an understanding of capabilities isn’t available.

    Example is shown connecting product family roadmaps to product roadmaps.

    3.3.2 Identify the level of detail that you want your product family roadmap artifacts to represent

    30-60 minutes

    1. Consider the different available artifacts for a product family (goals, value stream, capabilities).
    2. List the roadmaps that you wish to represent.
    3. Based on how you currently articulate details on your product families, consider:
    • What do you want to use as the level of granularity for the artifact? Consider selecting something that has a direct connection to the product roadmap itself (for example, capabilities).
    • For some roadmaps you will want to categorize your artifacts – what would work best in those cases?

    Examples

    Level of Hierarchy

    Artifact Type

    Roadmap 1

    Goals

    Capability

    Roadmap 2

    Roadmap 3

    Output

    • Details on your roadmap granularity

    Participants

    • Product owners
    • Product managers
    • Portfolio managers

    Record the results in the Deliver Digital Products at Scale Workbook.

    Step 3.4

    Confirm goal and value alignment of products and their product families

    Activities

    3.4.1 Validate business value alignment between products and their product families

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Business analysts

    Outcomes of this step

    • Validation of the alignment between your product families and products

    Confirming product to family value alignment

    It isn’t always obvious whether you have the right value delivery alignment between products and product families.

    An example is shown to demonstrate product-to-family-alignment.

    Product-to-family alignment can be validated in two different ways:

    1. Initial value alignment
    2. Confirm the perceived business value at a family level is aligned with what is being delivered at a product level.

    3. Value measurement during the lifetime of the product
    4. Validate family roadmap attainment through progression toward the specified product goals.

    For more detail on calculating business value, see Build a Value Measurement Framework.

    To evaluate a product family’s contribution, you need a common definition of value

    Why is having a common value measure important?

    CIO-CEO Alignment Diagnostic

    A stacked bar graph is shown to demonstrate CIO-CEO Alignment Diagnostic. A bar titled Business Value Metrics is highlighted. 51% had some improvement necessary and 32% had significant improvement necessary.

    Over 700 Info-Tech members have implemented the Balanced Value Measurement Framework.

    “The cynic knows the price of everything and the value of nothing.”

    – Oscar Wilde

    “Price is what you pay. Value is what you get.”

    – Warren Buffett

    Understanding where you derive value is critical to building solid roadmaps.

    All value in your product family is not created equal

    Business value is the value of the business outcome the application produces and how effective the product is at producing that outcome. Dissecting value by the benefit type and the value source allows you to see the many ways in which a product or service brings value to your organization. Capture the value of your products in short, concise statements, like an elevator pitch.

    A business value matrix is shown.

    Increase Revenue

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduce Costs

    Reduction of overhead. The ways in which your product limits the operational costs of business functions.

    Enhance Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Financial Benefits vs. Improved Capabilities

    • Financial Benefit refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible.
    • Human Benefit refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    3.4.1 Validate business value alignment between products and their product families

    30-60 minutes

    1. Draw the 2x2 Business Value Matrix on a flip chart or open the Business Value Matrix tab in the Deliver Digital Products at Scale Workbook to use in this exercise.
    2. Brainstorm and record the different types of business value that your product and product family produce on the sticky notes (one item per sticky note).
    3. As a team, evaluate how the product value delivered contributes to the product family value delivered. Note any gaps or differences between the two.

    Download and complete Build a Value Measurement Framework for full support in focusing product delivery on business value–driven outcomes.

    A business value matrix is shown.

    Output

    • Confirmation of value alignment between product families and their respective products

    Participants

    • Product owners
    • Product managers

    Record the results in the Deliver Digital Products at Scale Workbook.

    Example: Validate business value alignment between products and their product families

    An example of a business value matrix is shown.

    Measure product value with metrics tied to your business value sources and objectives

    Assign metrics to your business value sources

    Business Value Category

    Source Examples

    Metric Examples

    Profit Generation

    Revenue

    Customer Lifetime Value (LTV)

    Data Monetization

    Average Revenue per User (ARPU)

    Cost Reduction

    Reduce Labor Costs

    Contract Labor Cost

    Reduce Overhead

    Effective Cost per Install (eCPI)

    Service Enablement

    Limit Failure Risk

    Mean Time to Mitigate Fixes

    Collaboration

    Completion Time Relative to Deadline

    Customer and Market Reach

    Customer Satisfaction

    Net Promoter Score

    Customer Trends

    Number of Customer Profiles

    The importance of measuring business value through metrics

    The better an organization is at using business value metrics to evaluate IT’s performance, the more satisfied the organization is with IT’s performance as a business partner. In fact, those that say they’re effective at business value metrics have satisfaction scores that are 30% higher than those that believe significant improvements are necessary (Info-Tech’s IT diagnostics).

    Assigning metrics to your prioritized values source will allow you to more accurately measure a product’s value to the organization and identify optimization opportunities. See Info-Tech’s Related Research: Value, Delivery Metrics, Estimation blueprint for more information.

    Your product delivery pipeline connects your roadmap with business value realization

    The effectiveness of your product roadmap needs to be evaluated based on delivery capacity and throughput.

    A product roadmap is shown with additional details to demonstrate delivery capacity and throughput.

    When thinking about product delivery metrics, be careful what you ask for…

    As the saying goes “Be careful what you ask for, because you will probably get it.”

    Metrics are powerful because they drive behavior.

    • Metrics are also dangerous because they often lead to unintended negative outcomes.
    • Choose your metrics carefully to avoid getting what you asked for instead of what you intended.

    It’s a cautionary tale that also offers a low-risk path through the complexities of metrics use.

    For more information on the use (and abuse) of metrics, see Select and Use SDLC Metrics Effectively.

    Measure delivery and success

    Metrics and measurements are powerful tools to drive behavior change and decision making in your organization. However, metrics are highly prone to creating unexpected outcomes, so use them with great care. Use metrics judiciously to uncover insights but avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    Build good practices in your selection and use of metrics:

    • Choose the metrics that are as close to measuring the desired outcome as possible.
    • Select the fewest metrics possible and ensure they are of the highest value to your team, the safest from gaming behaviors and unintended consequences, and the easiest to gather and report.
    • Never use metrics for reward or punishment; use them to develop your team.
    • Automate as much metrics gathering and reporting as possible.
    • Focus on trends rather than precise metrics values.
    • Review and change your metrics periodically.

    Phase 4

    Bridge the Gap Between Product Families and Delivery

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    4.1.1 Assess your organization’s readiness to deliver digital product families

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    4.4.1 Discuss traditional vs. product-centric funding methods

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Assess the impacts of product-centric delivery on your teams and org design

    Product delivery can exist within any org structure or delivery model. However, when making the shift toward product management, consider optimizing your org design and product team structure to match your capacity and throughput needs.

    A flowchart is shown to see how the impacts of product-centric delivery can impact team and org designs.

    Info-Tech Note

    Realigning your delivery pipeline and org design takes significant effort and time. Although we won’t solve these questions here, it’s important to identify factors in your current or future models that improve value delivery.

    Step 4.1

    Assess your organization’s delivery readiness

    Activities

    4.1.1 Assess your organization’s readiness to deliver digital product families

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the group’s maturity level when it comes to product delivery

    Maturing product practices enables delivery of product families, not just products or projects

    A flowchart is shown to demonstrate the differences between project lifecycle, hybrid lifecycle, and product lifecycle.

    Just like product owners, product family owners are needed to develop long-term product value, strategy, and delivery. Projects can still be used as the source of funding and change management; however, the product family owner must manage product releases and operational support. The focus of this section will be on aligning product families to one or more releases.

    4.1.1 Assess your organization’s readiness to deliver digital product families

    30-60 minutes

    1. For each question in the Deliver Digital Products at Scale Readiness Assessment, ask yourself which of the five associated maturity statements most closely describes your organization.
    2. As a group, agree on your organization’s current readiness score for each of the six categories.

    A screenshot of the Deliver Digital Products at Scale Readiness Assessment is shown.

    Output

    • Product delivery readiness score

    Participants

    • Product managers
    • Product owners

    Download the Deliver Digital Products at Scale Readiness Assessment.

    Value realization is constrained by your product delivery pipeline

    Value is realized through changes made at the product level. Your pipeline dictates the rate, quality, and prioritization of your backlog delivery. This pipeline connects your roadmap goals to the value the goals are intended to provide.

    An example of a product roadmap is shown with the additional details of the product delivery pipeline being highlighted.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    PRODUCT STRATEGY

    What are the artifacts?

    What are you saying?

    Defined at the family level?

    Defined at the product level?

    Vision

    I want to...

    Strategic focus

    Delivery focus

    Goals

    To get there we need to...

    Roadmap

    To achieve our goals, we’ll deliver...

    Backlog

    The work will be done in this order...

    Release Plan

    We will deliver in the following ways...

    Step 4.2

    Understand your delivery options

    Activities

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the different team configuration options when it comes to delivery and their relevance to how you currently work

    Define the scope of your product delivery strategy

    The goal of your product delivery strategy is to establish streamlined, enforceable, and standardized product management and delivery capabilities that follow industry best practices. You will need to be strategic in how and where you implement your changes because this will set the stage for future adoption. Strategically select the most appropriate products, roles, and areas of your organization to implement your new or enhanced capabilities and establish a foundation for scaling.

    Successful product delivery requires people who are knowledgeable about the products they manage and have a broad perspective of the entire delivery process, from intake to delivery, and of the product portfolio. The right people also have influence with other teams and stakeholders who are directly or indirectly impacted by product decisions. Involve team members who have expertise in the development, maintenance, and management of your selected products and stakeholders who can facilitate and promote change.

    Learn about different patterns to structure and resource your product delivery teams

    The primary goal of any product delivery team is to improve the delivery of value for customers and the business based on your product definition and each product’s demand. Each organization will have different priorities and constraints, so your team structure may take on a combination of patterns or may take on one pattern and then transform into another.

    Delivery Team Structure Patterns

    How Are Resources and Work Allocated?

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Completed work is handed off from team to team sequentially as outlined in the organization’s SDLC.

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Work is directly sent to the teams who are directly managing the product or directly supporting the requester.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, finance).

    Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.

    See the flow of work through each delivery team structure pattern

    Four delivery team structures are shown. The four are: functional roles, shared service and resource pools, product or system, and skills and competencies.

    Staffing models for product teams

    Functional Roles Shared Service and Resource Pools Product or System Skills and Competencies
    A screenshot of the functional roles from the flow of work example is shown. A screenshot of the shared service and resource pools from the flow of work example is shown. A screenshot of the product or system from the flow of work example is shown. A screenshot of skills and competencies from the flow of work example is shown.
    Pros
      ✓ Specialized resources are easier to staff

      ✓ Product knowledge is maintained

      ✓ Flexible demand/capacity management

      ✓ Supports full utilization of resources

      ✓ Teams are invested in the full life of the product

      ✓ Standing teams enable continuous improvement

      ✓ Teams are invested in the technology

      ✓ Standing teams enable continuous improvement

    Cons
      x Demand on specialists can create bottlenecks

      x Creates barriers to collaboration

      x Unavailability of resources can lead to delays

      x Product knowledge can be lost as resources move

      x Changes in demand can lead to downtime

      x Cross-functional skills make staffing a challenge

      x Technology bias can lead to the wrong solution

      x Resource contention when team supports multiple solutions

    Considerations
      ! Product owners must break requests down into very small components to support Agile delivery as mini-Waterfalls
      ! Product owners must identify specialist requirements in the roadmap to ensure resources are available
      ! Product owners must ensure that there is a sufficient backlog of valuable work ready to keep the team utilized
      ! Product owners must remain independent of technology to ensure the right solution is built
    Use Case
    • When you lack people with cross-functional skills
    • When you have specialists such as those skilled in security and operations who will not have full-time work on the product
    • When you have people with cross-functional skills who can self-organize around the request
    • When you have a significant investment in a specific technology stack

    4.2.1 Consider pros and cons for each delivery model relative to how you wish to deliver

    1. Document your current staffing model for your product delivery teams.
    2. Evaluate the pros and cons of each model, as specified on the previous slide, relative to how you currently work.
    3. What would be the ideal target state for your team? If one model does not completely fit, is there a hybrid option worth considering? For example: Product-Based combined with Shared Service/Resource Pools for specific roles.

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, finance).

    Output

    • An understanding of pros and cons for each delivery model and the ideal target state for your team

    Participants

    • Product managers
    • Product owners

    Record the results in the Digital Product Family Strategy Playbook.

    Step 4.3

    Determine your operating model

    Activities

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the potential operating models and what will work best for your organization

    Reminder: Patterns for scaling products

    The alignment of your product families should be considered in your operating model.

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Organizational Alignment

    • Business architecture
      • Value stream
      • Capability
      • Function
    • Market/customer segment
    • Line of business (LoB)
    • Example: Customer group > value stream > products
    • Enabling capabilities
    • Enterprise platforms
    • Supporting apps
    • Example: HR > Workday/Peoplesoft > ModulesSupporting: Job board, healthcare administrator
    • Organization of related services into service family
    • Direct hierarchy does not necessarily exist within the family
    • Examples: End-user support and ticketing, workflow and collaboration tools
    • Domain grouping of IT infrastructure, platforms, apps, skills, or languages
    • Often used in combination with Shared Services grouping or LoB-specific apps
    • Examples: Java, .NET, low-code, database, network
    • Used at higher levels of the organization where products are aligned under divisions
    • Separation of product managers from organizational structure no longer needed because the management team owns product management role

    Ensure consistency in the application of your design principles with a coherent operating model

    What is an operating model?

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy. It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    An example of an operating model is shown.

    For more information, see Redesign Your IT Organizational Structure.

    Weigh the pros and cons of IT operating models to find the best fit

    1. LoB/Product Aligned – Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned
    2. A decentralized IT operating model that embeds specific functions within LoBs/product teams and provides cross-organizational support for their initiatives.

    3. Hybrid Functional: Functional/Product Aligned
    4. A best-of-both-worlds model that balances the benefits of centralized and decentralized approaches to achieve both customer responsiveness and economies of scale.

    5. Hybrid Service Model: Product-Aligned Operating Model
    6. A model that supports what is commonly referred to as a matrix organization, organizing by highly related service categories and introducing the role of the service owner.

    7. Centralized: Plan-Build-Run
    8. A highly typical IT operating model that focuses on centralized strategic control and oversight in delivering cost-optimized and effective solutions.

    9. Centralized: Demand-Develop-Service
    10. A centralized IT operating model that lends well to more mature operating environments. Aimed at leveraging economies of scale in an end-to-end services delivery model.

    There are many different operating models. LoB/Product Aligned and Hybrid Functional align themselves most closely with how products and product families are typically delivered.

    Decentralized Model: Line of Business, Geographically, Product, or Functionally Aligned

    An example of a decentralized model is shown.

    BENEFITS

    DRAWBACKS

    • Organization around functions (FXN) allows for diversity in approach in how areas are run to best serve specific business units needs.
    • Each functional line exists largely independently, with full capacity and control to deliver service at the committed service level agreements.
    • Highly responsive to shifting needs and demands with direct connection to customers and all stages of the solution development lifecycle.
    • Accelerates decision making by delegating authority lower into the FXN.
    • Promotes a flatter organization with less hierarchy and more direct communication with the CIO.
    • Less synergy and integration across what different lines of business are doing can result in redundancies and unnecessary complexity.
    • Higher overall cost to the IT group due to role and technology duplication across different FXN.
    • Inexperience becomes an issue; requires more competent people to be distributed across the FXN.
    • Loss of sight of the big picture – difficult to enforce standards around people/process/technology with solution ownership within the FXN.

    For more information, see Redesign your IT Organizational Structure.

    Hybrid Model: Functional/Product Aligned

    An example of a hybrid model: functional/product aligned is shown.

    BENEFITS

    DRAWBACKS

    • Best of both worlds of centralization and decentralization; attempts to channel benefits from both centralized and decentralized models.
    • Embeds key IT functions that require business knowledge within functional areas, allowing for critical feedback.
    • Balances a holistic IT strategy and architecture with responsiveness to needs of the organization.
    • Achieves economies of scale where necessary through the delivery of shared services that can be requested by the function.
    • May result in excessive cost through role and system redundancies across different functions
    • Business units can have variable levels of IT competence; may result in different levels of effectiveness.
    • No guaranteed synergy and integration across functions; requires strong communication, collaboration, and steering.
    • Cannot meet every business unit’s needs – can cause tension from varying effectiveness of the IT functions placed within the functional areas.

    For more information, see Redesign your IT Organizational Structure.

    Hybrid Model: Product-Aligned Operating Model

    An example of a hybrid model: product-aligned operating model.

    BENEFITS

    DRAWBACKS

    • Focus is on the full lifecycle of a product – takes a strategic view of how technology enables the organization.
    • Promotes centralized backlog around a specific value creator, rather than traditional project focus, which is more transactional.
    • Dedicated teams around the product family ensure that you have all of the resources required to deliver on your product roadmap.
    • Reduces barriers between IT and business stakeholders, focuses on technology as a key strategic enabler.
    • Delivery is largely done through a DevOps methodology.
    • Significant business involvement is required for success within this model, with business stakeholders taking an active role in product governance and potentially product management as well.
    • Strong architecture standards and practices are required to make this successful because you need to ensure that product families are building in a consistent manner and limiting application sprawl.
    • Introduced the need for practice standards to drive consistency in quality of delivered services.
    • May result in increased cost through role redundancies across different squads.

    For more information, see Redesign your IT Organizational Structure.

    Centralized: Plan-Build-Run

    An example of a centralized: Plan-Build-Run is shown.

    BENEFITS

    DRAWBACKS

    • Effective at implementing long-term plans efficiently, separates maintenance and projects to allow each to have the appropriate focus.
    • More oversight over financials; better suited for fixed budgets.
    • Works across centralized technology domains to better align with the business's strategic objectives – allows for a top-down approach to decision making.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Well suited for a project-driven environment that employs Waterfall or a hybrid project management methodology that is less iterative.
    • Not optimized for unpredictable/shifting project demands, as decision making is centralized in the plan function.
    • Less agility to deliver new features or solutions to the customer in comparison to decentralized models.
    • Build (developers) and run (operations staff) are far removed from the business, resulting in lower understanding of business needs (as well as “passing the buck” – from development to operations).
    • Requires strong hand-off processes to be defined and strong knowledge transfer from build to run functions in order to be successful.

    For more information, see Redesign your IT Organizational Structure.

    Centralized: Demand-Develop-Service

    An example of a centralized: Demand-Develop-Service model is shown.

    BENEFITS

    DRAWBACKS

    • Aligns well with an end-to-end services model; constant attention to customer demand and service supply.
    • Centralizes service operations under one functional area to serve shared needs across lines of business.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Elevates sourcing and vendor management as its own strategic function; lends well to managed service and digital initiatives.
    • Development and operations housed together; lends well to DevOps-related initiatives.
    • Can be less responsive to business needs than decentralized models due to the need for portfolio steering to prioritize initiatives and solutions.
    • Requires a higher level of operational maturity to succeed; stable supply functions (service mgmt., operations mgmt., service desk, security, data) are critical to maintaining business satisfaction.
    • Requires highly effective governance around project portfolio, services, and integration capabilities.
    • Effective feedback loop highly dependent on accurate performance measures.

    For more information, see Redesign your IT Organizational Structure.

    Assess how your product scaling pattern impacts your resource delivery model

    Value Stream Alignment

    Enterprise Applications

    Shared Services

    Technical

    Plan-Build-Run:
    Centralized

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Can be used to align high-level families.

    Con: Lacks flexibility at the product level to address shifting priorities in product demand.

    Pro: Supports a factory model.

    Con: Lacks flexibility at the product level to address shifting priorities in product demand.

    Centralized Model 2:
    Demand-Develop-
    Service

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Supports established and stable families.

    Con: Command-and-control nature inhibits Agile DevOps and business agility.

    Pro: Recommended for aligning high-level service families based on user needs.

    Con: Reduces product empowerment, prioritizing demand. Slow.

    Pro: Supports factory models.

    Con: Reduces product empowerment, prioritizing demand. Slow.

    Decentralized Model:
    Line of Business, Product, Geographically, or

    Functionally Aligned

    Pro: Aligns product families to value streams, capabilities, and organizational structure.

    Con: Reduces shared solutions and may create duplicate apps and services.

    Pro: Enterprise apps treated as distinct LoB groups.

    Con: Reduces shared solutions and may create duplicate apps and services.

    Pro: Complements value stream alignment by consolidating shared apps and services.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Fits within other groupings where technical expertise is needed.

    Con: Creates redundancy between localized and shared technical teams.

    Hybrid Model:
    Functional/Product

    Aligned

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Creates redundancy between localized and shared technical teams.

    Hybrid Model:

    Product-Aligned Operating Model

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Requires additional effort to differentiate local vs. shared solutions.

    Pro: Supports multiple patterns of product grouping.

    Con: Creates redundancy between localized and shared technical teams.

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    30-60 minutes

    1. Discuss the intake sources of product work.
    2. Trace the flow of requests down to the functional roles of your delivery team (e.g., developer, QA, operations).
    3. Indicate where key deliverables are produced, particularly those that are built in collaboration.
    4. Discuss the five operating models relative to your current operating model choice. How aligned are you?
    5. Review Info-Tech’s recommendation on the best-aligned operating models for product family delivery. Do you agree or disagree?
    6. Evaluate recommendations against how you operate/work.

    Output

    • Understanding of the relationships between key groups
    • A preferred operating model

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Record the results in the Digital Product Family Strategy Playbook.

    4.3.1 Understand the relationships between product management, delivery teams, and stakeholders

    An example of activity 4.3.1 to understand the relationships between product management, delivery teams, and stakeholders is shown.

    Output

    • Understanding of the relationships between key groups
    • A preferred operating model

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Step 4.4

    Identify how to fund product family delivery

    Activities

    4.4.1 Discuss traditional vs. product-centric funding methods

    This step involves the following participants:

    • Product owners
    • Product managers
    • Portfolio managers
    • Delivery managers

    Outcomes of this step

    • An understanding of the differences between product-based and traditional funding methods

    Why is funding so problematic?

    We often still think about funding products like construction projects.

    Three models are shown on the various options to fund projects.

    These models require increasing accuracy throughout the project lifecycle to manage actuals vs. estimates.

    "Most IT funding depends on one-time expenditures or capital-funding mechanisms that are based on building-construction funding models predicated on a life expectancy of 20 years or more. Such models don’t provide the stability or flexibility needed for modern IT investments." – EDUCAUSE

    Reminder: Projects don’t go away. The center of the conversation changes.

    A flowchart is shown to demonstrate the difference between project lifecycle, hybrid lifecycle, and product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

    The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

    Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

    Planning and budgeting for products and families

    Reward for delivering outcomes, not features

    AutonomyFlexibilityAccountability
    Fund what delivers valueAllocate iterativelyMeasure and adjust

    Fund long-lived delivery of value through products (not projects).

    Give autonomy to the team to decide exactly what to build.

    Allocate to a pool based on higher-level business case.

    Provide funds in smaller amounts to different product teams and initiatives based on need.

    Product teams define metrics that contribute to given outcomes.

    Track progress and allocate more (or less) funds as appropriate.

    Info-Tech Insight

    Changes to funding require changes to product and Agile practices to ensure product ownership and accountability.

    The Lean Enterprise Funding Model is an example of a different approach

    An example of the lean enterprise funding model is shown.
    From: Implement Agile Practices That Work

    A flexible funding pool akin to venture capital models is maintained to support innovative ideas and fund proofs of concept for product and process improvements.

    Proofs of concept (POCs) are run by standing innovation teams or a reserve of resources not committed to existing products, projects, or services.

    Every product line has funding for all changes and ongoing operations and support.

    Teams are funded continuously so that they can learn and improve their practices as much as possible.

    Budgeting approaches must evolve as you mature your product operating environment

    TRADITIONAL PROJECTS WITH WATERFALL DELIVERY

    TRADITIONAL PROJECTS WITH AGILE DELIVERY

    PRODUCTS WITH AGILE PROJECT DELIVERY

    PRODUCTS WITH AGILE DELIVERY

    WHEN IS THE BUDGET TRACKED?

    Budget tracked by major phases

    Budget tracked by sprint and project

    Budget tracked by sprint and project

    Budget tracked by sprint and release

    HOW ARE CHANGES HANDLED?

    All change is by exception

    Scope change is routine, budget change is by exception

    Scope change is routine, budget change is by exception

    Budget change is expected on roadmap cadence

    WHEN ARE BENEFITS REALIZED?

    Benefits realization after project completion

    Benefits realization is ongoing throughout the life of the project

    Benefits realization is ongoing throughout the life of the product

    Benefits realization is ongoing throughout life of the product

    WHO “DRIVES”?

    Project Manager

    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast

    Product Owner

    • Project team delivery role
    • Refines project scope, advocates for changes in the budget
    • Advocates for additional funding in the forecast

    Product Manager

    • Product portfolio team role
    • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product

    Product Manager

  • Product family team role
  • Forecasting new initiatives during delivery to continue to drive value throughout the life of the product
  • Info-Tech Insight

    As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability to adapt to change and drive the right outcomes!

    Your strategy must include the cost to build and operate

    Most investment happens after go-live, not in the initial build!

    An example strategy is displayed that incorporates the concepts of cost to build and operate.

    Adapted from: LookFar

    Info-Tech Insight

    While the exact balance point between development or implementation costs varies from application to application, over 80% of the cost is accrued after go-live.

    Traditional accounting leaves software development CapEx on the table

    Software development costs have traditionally been capitalized, while research and operations are operational expenditures.

    The challenge has always been the myth that operations are only bug fixes, upgrades, and other operational expenditures. Research shows that most post-release work on developed solutions is the development of new features and changes to support material changes in the business. While projects could bundle some of these changes into capital expenditure, much of the business-as-usual work that goes on leaves capital expenses on the table because the work is lumped together as maintenance-related OpEx.

    From “How to Stop Leaving Software CapEx on the Table With Agile and DevOps”

    4.4.1 Discuss traditional vs. product-centric funding methods

    30-60 minutes

    1. Discuss how products and product families are currently funded.
    2. Review how the Agile/product funding models differ from how you currently operate.
    3. What changes do you need to consider in order to support a product delivery model?
    4. For each change, identify the key stakeholders and list at least one action to take.
    5. Record the results in the Digital Product Family Strategy Playbook.

    Output

    • Understanding of funding principles and challenges

    Participants

    • Product owners
    • Product managers
    • Delivery managers

    Record the results in the Digital Product Family Strategy Playbook.

    Phase 5

    Build Your Transformation Roadmap and Communication Plan

    Phase 1Phase 2Phase 3Phase 4Phase 5

    1.1 Understand the organizational factors driving product-centric delivery

    1.2 Establish your organization’s product inventory

    2.1 Determine your approach to scale product families

    2.2 Define your product families

    3.1 Leverage product family roadmaps

    3.2 Use stakeholder management to improve roadmap communication

    3.3 Configure your product family roadmaps

    3.4 Confirm product family to product alignment

    4.1 Assess your organization’s delivery readiness

    4.2 Understand your delivery options

    4.3 Determine your operating model

    4.4 Identify how to fund product family delivery

    5.1 Learn how to introduce your digital product family strategy

    5.2 Communicate changes on updates to your strategy

    5.3 Determine your next steps

    This phase will walk you through the following activities:

    5.1.1 Introduce your digital product family strategy

    5.2.1 Define your communication cadence for your strategy updates

    5.2.2 Define your messaging for each stakeholder

    5.3.1 How do we get started?

    This phase involves the following participants:

    • Product owners
    • Product managers
    • Application leaders
    • Stakeholders

    Step 5.1

    Introduce your digital product family strategy

    Activities

    5.1.1 Introduce your digital product family strategy

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • A completed executive summary presenting your digital product strategy

    Product decisions are traditionally made in silos with little to no cross-functional communication and strategic oversight

    Software delivery teams and stakeholders traditionally make plans, strategies, and releases within their silos and tailor their decisions based on their own priorities. Interactions are typically limited to hand-offs (such as feature requests) and routing of issues and defects back up the delivery pipeline. These silos likely came about through well-intentioned training, mandates, and processes, but they do not sufficiently support today’s need to rapidly release and change platforms.

    Siloed departments often have poor visibility into the activities of other silos, and they may not be aware of the ramifications their decisions have on teams and stakeholders outside of their silo.

    • Silos may make choices that are optimal largely for themselves without thinking of the holistic impact on a platform’s structure, strategy, use cases, and delivery.
    • The business may approve platform improvements without the consideration of the delivery team’s current capacity or the system’s complexity, resulting in unrealistic commitments.
    • Quality standards may be misinterpreted and inconsistently enforced across the entire delivery pipeline.

    In some cases, the only way to achieve greater visibility and communication for all roles across a platform’s lifecycle is implementing an overarching role or team.

    “The majority of our candid conversations with practitioners and project management offices indicate that the platform ownership role is poorly defined and poorly executed.”

    – Barry Cousins

    Practice Lead, Applications – Project & Portfolio Management

    Info-Tech Research Group

    Use stakeholder management and roadmap views to improve communication

    Proactive, clear communication with stakeholders, SMEs, and your product delivery team can significantly improve alignment and agreement with your roadmap, strategy, and vision.

    When building your communication strategy, revisit the work you completed in phase 3 developing your:

    • Roadmap types
    • Stakeholder strategy

    Type

    Quadrant

    Actions

    Players

    High influence, high interest – actively engage

    Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.

    Mediators

    High influence, low interest – keep satisfied

    They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.

    Noisemakers

    Low influence, high interest – keep informed

    Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.

    Spectators

    Low influence, low interest – monitor

    They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    5.1.1 Introduce your digital product family strategy

    30-60 minutes

    This exercise is intended to help you lay out the framing of your strategy and the justification for the effort. A lot of these items can be pulled directly from the product canvas you created in phase 2. This is intended to be a single slide to frame your upcoming discussions.

    1. Update your vision, goals, and values on your product canvas. Determine which stakeholders may be impacted and what their concerns are. If you have many stakeholders, limit to Players and Influencers.
    2. Identify what you need from the stakeholders as a result of this communication.
    3. Keeping in mind the information gathered in steps 1 and 2, describe your product family strategy by answering three questions:
    1. Why do we need product families?
    2. What is in our way?
    3. Our first step will be... ?

    Output

    • An executive summary that introduces your product strategy

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Example: Scaling delivery through product families

    Why do we need product families?

    • The growth of our product offerings and our company’s movement into new areas of growth mean we need to do a better job scaling our offerings to meet the needs of the organization.

    What is in our way?

    • Our existing applications and services are so dramatically different we are unsure how to bring them together.

    Our first step will be...

    • Taking a full inventory of our applications and services.

    Step 5.2

    Communicate changes on updates to your strategy

    Activities

    5.2.1 Define your communication cadence for your strategy updates

    5.2.2 Define your messaging for each stakeholder

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • A communication plan for when strategy updates need to be given

    5.2.1 Define your communication cadence for your strategy updates

    30 minutes

    Remember the role of different artifacts when it comes to your strategy. The canvas contributes to the What, and the roadmap addresses the How. Any updates to the strategy are articulated and communicated through your roadmap.

    1. Review your currently defined roadmaps, their communication objectives, update frequency, and updates.
    2. Consider the impacted stakeholders and the strategies required to communicate with them.
    3. Fill in your communication cadence and communication method.

    EXAMPLE:

    Roadmap Name

    Audience/Stakeholders

    Communication Cadence

    External Customer Roadmap

    Customers and External Users

    Quarterly (Website)

    Product Delivery Roadmap

    Development Teams, Infrastructure, Architects

    Monthly (By Email)

    Technology Roadmap

    Development Teams, Infrastructure, Architects

    Biweekly (Website)

    Output

    • Clear communication cadence for your roadmaps

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    The “what” behind the communication

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff.

    The change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Five elements of communicating change

    1. What is the change?
    2. Why are we doing it?
    3. How are we going to go about it?
    4. How long will it take us to do it?
    5. What is the role for each department and individual?

    Source: Cornelius & Associates

    How we engage with the message is just as important as the message itself

    Why are we here?

    Speak to what matters to them

    Sell the improvement

    Show real value

    Discuss potential fears

    Ask for their support

    Be gracious

    5.2.2 (Optional) Define your messaging for each stakeholder

    30 minutes

    It’s one thing to communicate the strategy, it’s another thing to send the right message to your stakeholders. Some of this will depend on the kind of news given, but the majority of this is dependent on the stakeholder and the cadence of communication.

    1. From exercise 5.2.1, take the information on the specific roadmaps, target audience, and communication cadence.
    2. Based on your understanding of the audience’s needs, what would the specific update try to get across?
    3. Pick a specific typical example of a change in strategy that you have gone through. (e.g. Product will be delayed by a quarter; key feature is being substituted for another.)

    EXAMPLE:

    Roadmap Name

    Audience/ Stakeholder

    Communication Cadence

    Messaging

    External Customer Roadmap

    Customers and External Users

    Quarterly (Website)

    Output

    • Messaging plan for each roadmap type

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Step 5.3

    Determine your next steps

    Activities

    5.3.1 How do we get started?

    This step involves the following participants:

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Outcomes of this step

    • Understanding the steps to get started in your transformation

    Make a plan in order to make a plan!

    Consider some of the techniques you can use to validate your strategy.

    Learning Milestones

    Sprint Zero (AKA Project-before-the-project)

    The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

    Possible areas of focus:

    Align teams on product strategy prior to build

    Market research and analysis

    Dedicated feedback sessions

    Provide information on feature requirements

    The completion of a set of key planning activities, typically the first sprint.

    Possible areas of focus:

    Focus on technical verification to enable product development alignment

    Sign off on architectural questions or concerns

    An image showing the flowchart of continuous delivery of value is shown.

    Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

    Possible areas of focus:

    Regulatory requirements or questions to answer around accessibility, security, privacy.

    Stress testing any new processes against situations that may occur.

    The “Now, Next, Later” roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now: What are you going to do now?

    Next: What are you going to do very soon?

    Later: What are you going to do in the future?

    An example of a now, next, later roadmap is shown.

    Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017

    5.3.1 How do we get started?

    30-60 minutes

    1. Identify what the critical steps are for the organization to embrace product-centric delivery.
    2. Group each critical step by how soon you need to address it:
    • Now: Let’s do this ASAP.
    • Next: Sometime very soon, let’s do these things.
    • Later: Much further off in the distance, let’s consider these things.
  • Record the group results in the Deliver Digital Products at Scale Workbook.
  • Record changes for your product and product family in the Digital Product Family Strategy Playbook.
  • An example of a now, next, later roadmap is shown.

    Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017

    Output

    • Product family transformation critical steps and basic roadmap

    Participants

    • Product owners and product managers
    • Application leaders
    • Stakeholders

    Record the results in the Digital Product Family Strategy Playbook.

    Record the results in the Deliver Digital Products at Scale Workbook.

    Summary of Accomplishment

    Problem Solved

    The journey to become a product-centric organization is not short or easy. Like with any improvement or innovation, teams need to continue to evolve and mature with changes in their operations, teams, tools, and user needs.You’ve taken a big step completing your product family alignment. This provides a backbone for aligning all aspects of your organization to your enterprise goals and strategy while empowering product teams to find solutions closer to the problem. Continue to refine your model and operations to improve value realization and your product delivery pipelines to embrace business agility. Organizations that are most responsive to change will continue to outperform command-and-control leadership.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Photo of Emily Archer.

    Emily Archer

    Lead Business Analyst,

    Enterprise Consulting, authentic digital agency

    Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

    Photo of David Berg

    Founder & CTO

    Strainprint Technologies Inc.

    David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

    Kathy Borneman

    Digital Product Owner, SunTrust Bank

    Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

    Photro of Charlie Campbell

    Charlie Campbell

    Product Owner, Merchant e-Solutions

    Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

    Photo of Yarrow Diamond

    Yarrow Diamond

    Sr. Director, Business Architecture

    Financial Services

    Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

    Photo of Cari J. Faanes-Blakey

    Cari J. Faanes-Blakey, CBAP, PMI-PBA

    Enterprise Business Systems Analyst,

    Vertex, Inc.

    Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

    Photo of Kieran Gobey

    Kieran Gobey

    Senior Consultant Professional Services

    Blueprint Software Systems

    Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations. Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

    Photo of Rupert Kainzbauer

    Rupert Kainzbauer

    VP Product, Digital Wallets

    Paysafe Group

    Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

    Photo of Saeed Khan

    Saeed Khan

    Founder,

    Transformation Labs

    Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005. Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders; the only global community of senior level product executives.

    Photo of Hoi Kun Lo

    Hoi Kun Lo

    Product Owner

    Nielsen

    Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

    Photo of Abhishek Mathur

    Abhishek Mathur

    Sr Director, Product Management

    Kasisto, Inc.

    Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

    Photo of Jeff Meister

    Jeff Meister

    Technology Advisor and Product Leader

    Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations. Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements. Jeff holds a Bachelor’s of Applied Science (Electrical Engineering) and a Bachelor’s of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

    Photo of Vincent Mirabelli

    Vincent Mirabelli

    Principal,

    Global Project Synergy Group

    With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

    Photo of Oz Nazili

    Oz Nazili

    VP, Product & Growth

    TWG

    Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

    Photo of Mark Pearson

    Mark Pearson

    Principal IT Architect, First Data Corporation

    Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

    Photo of Brenda Peshak

    Brenda Peshak

    Product Owner,

    Widget Industries, LLC

    Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

    Photo of Mike Starkey

    Mike Starkey

    Director of Engineering

    W.W. Grainger

    Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

    Photo of Anant Tailor

    Anant Tailor

    Cofounder & Head of Product

    Dream Payments Corp.

    Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes. Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries. Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

    Photo of Angela Weller

    Angela Weller

    Scrum Master, Businessolver

    Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

    Related Info-Tech Research

    Product Delivery

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Build a Better Product Owner

    • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

    Build Your Agile Acceleration Roadmap

    • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

    Implement Agile Practices That Work

    • Improve collaboration and transparency with the business to minimize project failure.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Extend Agile Practices Beyond IT

    • Further the benefits of Agile by extending a scaled Agile framework to the business.

    Build Your BizDevOps Playbook

    • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

    Embed Security Into the DevOps Pipeline

    • Shift security left to get into DevSecOps.

    Spread Best Practices With an Agile Center of Excellence

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Enable Organization-Wide Collaboration by Scaling Agile

    • Execute a disciplined approach to rolling out Agile methods in the organization.

    Application Portfolio Management

    APM Research Center

    • See an overview of the APM journey and how we can support the pieces in this journey.

    Application Portfolio Management for Small Enterprises

    • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

    Streamline Application Maintenance

    • Effective maintenance ensures the long-term value of your applications.

    Build an Application Rationalization Framework

    • Manage your application portfolio to minimize risk and maximize value.

    Modernize Your Applications

    • Justify modernizing your application portfolio from both business and technical perspectives.

    Review Your Application Strategy

    • Ensure your applications enable your business strategy.

    Discover Your Applications

    • Most application strategies fail. Arm yourself with the necessary information and team structure for a successful application portfolio strategy.

    Streamline Application Management

    • Move beyond maintenance to ensuring exceptional value from your apps.

    Optimize Applications Release Management

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Embrace Business-Managed Applications

    • Empower the business to implement their own applications with a trusted business-IT relationship.

    Value, Delivery Metrics, Estimation

    Build a Value Measurement Framework

    • Focus product delivery on business value–driven outcomes.

    Select and Use SDLC Metrics Effectively

    • Be careful what you ask for, because you will probably get it.

    Application Portfolio Assessment: End User Feedback

    • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

    Create a Holistic IT Dashboard

    • Mature your IT department by measuring what matters.

    Refine Your Estimation Practices With Top-Down Allocations

    • Don’t let bad estimates ruin good work.

    Estimate Software Delivery With Confidence

    • Commit to achievable software releases by grounding realistic expectations.

    Reduce Time to Consensus With an Accelerated Business Case

    • Expand on the financial model to give your initiative momentum.

    Optimize Project Intake, Approval, and Prioritization

    • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

    Enhance PPM Dashboards and Reports

    • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    Org Design and Performance

    Redesign Your IT Organizational Structure

    • Focus product delivery on business value–driven outcomes.

    Build a Strategic Workforce Plan

    • Have the right people, in the right place, at the right time.

    Implement a New Organizational Structure

    • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

    Improve Employee Engagement to Drive IT Performance

    • Don’t just measure engagement, act on it.

    Set Meaningful Employee Performance Measures

    • Set holistic measures to inspire employee performance.

    Master Organizational Change Management Practices

    • PMOs, if you don't know who is responsible for org change, it's you.

    Bibliography (Product Management)

    “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

    A, Karen. “20 Mental Models for Product Managers.” Product Management Insider, Medium, 2 Aug. 2018. Web.

    Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

    Agile Alliance. “Product Owner.” Agile Alliance. n.d. Web.

    Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

    Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

    Berez, Steve, et al. “How to Plan and budget for Agile at Scale.” Bain & Company, 08 Oct 2019. Web

    Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint. 2012. Web.

    Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, Agile Alliance 2015. Web.

    Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group. 2005. Web.

    Cohn, Mike. “What Is a Product?” Mountain Goat Software. 6 Sept. 2016. Web.

    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997.

    Curphey, Mark. “Product Definition.” SlideShare, 25 Feb. 2007. Web.

    “Delegation Poker Product Image.” Management 3.0, n.d. Web.

    Distel, Dominic, et al. “Finding the sweet spot in product-portfolio management.’ McKinsey, 4 Dec. 2020. Web

    Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

    Fernandes, Thaisa. “Spotify Squad Framework - Part I.” PM101, Medium, 6 Mar. 2017. Web.

    Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

    Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile2016 Conference, Agile Alliance, 2016. Web.

    Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” The Ready, Medium, 9 Feb. 2018. Web.

    Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Scaled Agile Framework, Medium, 23 Jul. 2018. Web.

    Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

    Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

    McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

    McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

    Mironov, Rich. “Scaling Up Product Manager/Owner Teams.” Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014 . Web.

    Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 Mar. 2017. Web.

    Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

    Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

    Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

    Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

    Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

    Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

    Rouse, Margaret. “Definition: product.” TechTarget, Sept. 2005. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

    Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

    Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

    Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

    Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin Voice of Product, 2 Oct. 2018. Web.

    Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2016. Web.

    “The Standish Group 2015 Chaos Report.” The Standish Group. 2015. Web.

    Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

    Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

    Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium, 19 Dec. 2017. Web.

    Verwijs, Christiaan. “Retrospective: Do The Team Radar.” The Liberators, Medium, 10 Feb. 2017. Web.

    Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management”. Academia.edu. 2010. Web.

    Bibliography (Roadmap)

    Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

    Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

    Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012 IEEE International Conference, 12 June 2012, Herzliya, Israel. Web.

    Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

    Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

    “How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

    Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

    Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

    Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, Web. Sept. 2018.

    Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, 2017. Web.

    Maurya, Ash. “What is a Minimum Viable Product (MVP).” Leanstack, 12 June 2017. Accessed Sept. 2018.

    Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

    Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

    “Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

    Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 October 2015. Accessed Sept. 2018.

    Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018.

    Bibliography (Vision and Canvas)

    Adams, Paul. “The Future Product Canvas.” Inside Intercom, 10 Jan. 2014. Web.

    “Aligning IT Funding Models to the Pace of Technology Change.” EDUCAUSE, 14 Dec. 2015. Web.

    Altman, Igor. “Metrics: Gone Bad.” OpenView, 10 Nov. 2009. Web.

    Barry, Richard. “The Product Vision Canvas – a Strategic Tool in Developing a Successful Business.” Polymorph, 2019. Web.

    “Business Canvas – Business Models & Value Propositions.” Strategyzer, 2019. Web.

    “Business Model Canvas.” Wikipedia: The Free Encyclopedia, 4 Aug. 2019. Web.

    Charak, Dinker. “Idea to Product: The Working Model.” ThoughtWorks, 13 July 2017. Web.

    Charak, Dinker. “Product Management Canvas - Product in a Snapshot.” Dinker Charak, 29 May 2017. Web.

    Chudley, James. “Practical Steps in Determining Your Product Vision (Product Tank Bristol, Oct. 2018).” LinkedIn SlideShare. Uploaded by cxpartners, 2 Nov. 2018. Web.

    Cowan, Alex. “The 20 Minute Business Plan: Business Model Canvas Made Easy.” COWAN+, 2019. Web.

    Craig, Desiree. “So You've Decided To Become A Product Manager.” Start it up, Medium, 2 June 2019. Web.

    Create an Aha! Business Model Canvas Strategic Model.” Aha! Support, 2019. Web.

    Eick, Stephen. “Does Code Decay? Assessing the Evidence from Change Management Data.” IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.

    Eriksson, Martin. “The next Product Canvas.” Mind the Product, 22 Nov. 2013. Web.

    “Experience Canvas: a Lean Approach: Atlassian Team Playbook.” Atlassian, 2019. Web.

    Freeman, James. “How to Make a Product Canvas – Visualize Your Product Plan.” Edraw, 23 Dec. 2019. Web.

    Fuchs, Danny. “Measure What Matters: 5 Best Practices from Performance Management Leaders.” OpenGov, 8 Aug. 2018. Web.

    Gorisse, Willem. “A Practical Guide to the Product Canvas.” Mendix, 28 Mar. 2017. Web.

    Gothelf, Jeff. “The Lean UX Canvas.” Jeff Gothelf, 15 Dec. 2016. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product: Getting Started.” EBG Consulting, 15 Jan. 2019. Web.

    Gottesdiener, Ellen. “Using the Product Canvas to Define Your Product's Core Requirements.” EBG Consulting, 4 Feb. 2019. Web.

    Gray, Mark Krishan. “Should I Use the Business Model Canvas or the Lean Canvas?” Emergn, 2019. Web.

    Hanby, Jeff. "Software Maintenance: Understanding and Estimating Costs." LookFar, 21 Oct. 2016. Web.

    “How do you define a product?” Scrum.org, 4 Apr 2017, Web

    Juncal, Shaun. “How to Build a Product Roadmap Based on a Business Model Canvas.” ProductPlan, 19 June 2019. Web.

    “Lean Canvas Intro - Uber Example.” YouTube, uploaded by Railsware Product Academy, 12 Oct. 2018. Web.

    “Lesson 6: Product Canvas.” ProdPad Help Center, 2019. Web.

    Lucero, Mario. “The Product Canvas.” Agilelucero.com, 22 June 2015. Web.

    Maurya, Ash. “Create a New Lean Canvas.” Canvanizer, 2019. Web.

    Maurya, Ash. “Don't Write a Business Plan. Create a Lean Canvas Instead.” LEANSTACK, 2019. Web.

    Maurya, Ash. “Why Lean Canvas vs Business Model Canvas?” Medium, 27 Feb. 2012. Web.

    Mirabelli, Vincent. “The Project Value Canvas.” Vincent Mirabelli, 2019. Web.

    Mishra, LN. “Business Analysis Canvas – The Ultimate Enterprise Architecture.” BA Times, 19 June 2019. Web.

    Muller. Jerry Z. “Why performance metrics isn’t always the best way to judge performance.” Fast Company, 3 April 2019. Web.

    Perri, Melissa. “What Is Good Product Strategy?” Melissa Perri, 14 July 2016. Web.

    Pichler, Roman. “A Product Canvas for Agile Product Management, Lean UX, Lean Startup.” Roman Pichler, 16 July 2012. Web.

    Pichler, Roman. “Introducing the Product Canvas.” JAXenter, 15 Jan. 2013. Web.

    Pichler, Roman. “Roman's Product Canvas: Introduction.” YouTube, uploaded by Roman Pichler, 3 Mar. 2017. Web.

    Pichler, Roman. “The Agile Vision Board: Vision and Product Strategy.” Roman Pichler, 10 May 2011. Web.

    Pichler, Roman. “The Product Canvas – Template.” Roman Pichler, 11 Oct. 2016. Web.

    Pichler, Roman. “The Product Canvas Tutorial V1.0.” LinkedIn SlideShare. Uploaded by Roman Pichler, 14 Feb. 2013. Web.

    Pichler, Roman. “The Product Vision Board: Introduction.” YouTube uploaded by Roman Pichler, 3 Mar. 2017. Web.

    “Product Canvas PowerPoint Template.” SlideModel, 2019. Web.

    Product Canvas.” SketchBubble, 2019, Web.

    “Product Canvas.” YouTube, uploaded by Wojciech Szramowski, 18 May 2016. Web.

    “Product Roadmap Software to Help You Plan, Visualize, and Share Your Product Roadmap.” Productboard, 2019. Web.

    Roggero, Giulio. “Product Canvas Step-by-Step.” LinkedIn SlideShare, uploaded by Giulio Roggero, 18 May 2013. Web.

    Royce, Dr. Winston W. “Managing the Development of Large Software Systems.” Scf.usc.edu, 1970. Web.

    Ryan, Dustin. “The Product Canvas.” Qdivision, Medium, 20 June 2017. Web.

    Snow, Darryl. “Product Vision Board.” Medium, 6 May 2017. Web.

    Stanislav, Shymansky. “Lean Canvas – a Tool Your Startup Needs Instead of a Business Plan.” Railsware, 12 Oct. 2018. Web.

    Stanislav, Shymansky. “Lean Canvas Examples of Multi-Billion Startups.” Railsware, 20 Feb. 2019. Web.

    “The Product Vision Canvas.” YouTube, Uploaded by Tom Miskin, 20 May 2019. Web.

    Tranter, Leon. “Agile Metrics: the Ultimate Guide.” Extreme Uncertainty, n.d. Web.

    “Using Business Model Canvas to Launch a Technology Startup or Improve Established Operating Model.” AltexSoft, 27 July 2018. Web.

    Veyrat, Pierre. “Lean Business Model Canvas: Examples + 3 Pillars + MVP + Agile.” HEFLO BPM, 10 Mar. 2017. Web.

    “What Are Software Metrics and How Can You Track Them?” Stackify, 16 Sept. 2017. Web

    “What Is a Product Vision?” Aha!, 2019. Web.

    Application Maintenance

    • Buy Link or Shortcode: {j2store}30|cart{/j2store}
    • Related Products: {j2store}30|crosssells{/j2store}
    • member rating overall impact (scale of 10): 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • If you work with application maintenance or operations teams that handle the "run" of your applications, you may find that the sheer volume and variety of requests create large backlogs.
    • Your business and product owners may want scrum or DevOps teams to work on new functionality rather than spend effort on lifecycle management.
    • Increasing complexity and increasing reliance on technology may create unrealistic expectations for your maintenance teams. Business applications must be available around the clock, and new feature roadmaps cannot be side-tracked by maintenance.

    Our advice

    Insight

    • Improving maintenance focus may mean doing less work but create more value. Your teams need to be realistic about what commitments they take—balance maintenance with business value and risk levels.
    • Treat maintenance the same as any other development practice. Use the same intake and prioritization practices. Uphold the same quality standards.

    Impact and results 

    • Justify the necessity of streamlined and regular maintenance. Understand each stakeholder's objectives and concerns, validate them against your staff's current state, processes, and technologies involved.
    • Maintenance and risk go hand in hand. And the business wants to move forward all the time as well. Strengthen your prioritization practice. Use a holistic view of the business and technical impacts, risks, urgencies across the maintenance needs and requests. That allows you to justify their respective positions in the overall development backlog. Identify opportunities to bring some requirements and features together.
    • Build a repeatable process with appropriate governance around it. Ensure that people know their roles and responsibilities and are held accountable.
    • Instill development best-practices into your maintenance processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand everyday struggles regarding application maintenance, the root causes, and our methodology to overcome these. We show you how we can support you.

    Understand your maintenance priorities

    Identify your stakeholders and understand their drivers.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape (ppt)
    • Application Maintenance Operating Model Template (doc)
    • Application Maintenance Resource Capacity Assessment (xls)
    • Application Maintenance Maturity Assessment (xls)

    Define and employ maintenance governance

    Identify the right level of governance appropriate to your company and business context for your application maintenance. That ensures that people uphold standards across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule (ppt)

    Enhance your prioritization practices

    Most companies cannot do everything for all applications and systems. Build your maintenance triage and prioritization rules to safeguard your company, maximize business value generation and IT risks and requirements.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery (ppt)
    • Application Maintenance Business Case Presentation Document (ppt)